Event Recording

Digital Identity Wallets – How To Evolve SSI To Meet eIDAS 2.0 Regulations


Log in and watch the full video!

The presentation will give context on the EU commission announcement of European Digital Wallets and explains what eIDAS 2.0 defines for member states when it comes to digital identities. SSI can be a potential solution, but currently does not meet the eIDAS 2.0 regulation fully. We will explain why and give an idea on how to evolve SSI and create an ecosystem that is compliant with eIDAS 2.0.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
So, yeah, I'm IWA CTO. And one of the founders of I now, and as introduced, I would like to propose today away how SSI can, can meet the requirements of the Ida to the zero. So what is this about as that? The European commission has introduced a law called either to the zero, basically, which establishes our European digital identity wallet and what the commission is proposing here is that the user to be able to perform certain activities. So like requesting, storing, sharing their data and the object that, that they, they should control is basically number one, the person identification data, which can be seen as everything that is your on your ID card or passport any type of additional attributes. So this could be anything from your diploma certificate to driver licenses, to any type of electronic attribute, basically. And then last part qualified electronic. And the also has envisioned that there should be certain requirements that it should be transparent to the user. It should be traceable by the user and it should work both online and offline.
What we also see is that there's the world of, of its I, but at the moment, those are quite disconnected. You have the regulatory sign, this Ida plus the national law, and you have the SSI world with technical standards or verify credentials, bids, presentation exchange on, so on, but at the moment, they're really not connected. If you look at what the European commission here is proposing, it's actually quite, it closed the aligned to the ideas behind at the time. So you guess you all know there's 10 principles of, of I that has been proposed. And if you now look at what the European commission wants, it's actually quite closed the aligned. So they also want the right of users to be protected. They want the users that they must give content for the data to be used. They want interoperability, persistence, transparency, and so on.
But of course there's also slight differences. So number one, what the you want here is that the, that the user should have a unique existence. So opposed to S there could not be multiple identities, but in the end should only have one identity. And this is actually quite closely related to the second point. So in the, the pures world, of course, users should control their own identity. So this means the stories of their identity, but also basically where, who issues that here, of course, the U has a different view because what the U has proposed is that the trust would come from the member states. And this is really the, the main difference that, that we see. So number one are unique existence and not multiple, and that the trust is not decentralized, but the trust is provided in the end, by state, through the, the state owned identity, we see that this can be compared what's also happening in the, the currency world.
So have the traditional methods of currency, and you have fully decentralized systems like Bitcoin. And the new commission actually has proposed a system here called C so central bank backed digital currency, where the aim is to basically combine the best of both words. So to have a decentralized system, but with this data backing behind it. And we see something very similar here also in the identity world. So we, you have the traditional methods of identity verification, something like video identity ID, and so on going to the post office, for example, you have the fully decentralized symptom, like pure SSI, and we have what the European commitment now has post. So we, we gave it the name publicly assured SSI, because it's similar to the idea of SSI, but with public assurance behind that. And so we see that this is quite comparable to the ideas of the, the CBDs.
So who are we? We are one of Europe's leading identity verification provider. So we have been founded in 2014 and have quite grown quite strongly, and are now a team of over 1,200 employees, which are now serving over 950 customers around the globe. And we are really are upon European companies. So we have another company in Germany called identity PM. And we have also in our group are yet next. So the, the leading friend identity of education provider, and with that, we are serving a huge variety of, of different industries. So from the, the, the credit industries to banks payments. So as you can see, we're quite strong in the financial industries, but we also have customers from telecommunication, mobility, government QTS P influencers and so on. So we see that the need for identity education is, is increasing even more so. And that you see that it's moving from those high use cases like defined sector into other use cases, everywhere. One example would be mobility, where we are now verifying driver's licenses. So if you're renting a car or renting one of those scooters, and you have to show your driver's license, then our system is processing that and verifying that the driver's license is real, and that you are allowed to drive that, that car.
And what we offer to our customers is basically one platform that you connect to, and that covers all your K by C needs across all the different countries, multiple jurisdictions and multiple characters. So our goal is always to, no matter what you need, we always have the right and best converting identity verification method on our platform. And you only connect one and you have access to all of those at one. And the methods that we offer are so AI powered ID verification. So using deep learning where you hold your ID card into the camera, we extract the data, we analyze the security feedback of the ID document, and everything is correct. Then you are identified. And of course, this also includes a biometric comparison of the person and the analyze. We also have things like video. I, so based on a video chat between one of our employees and the user, we have something likes.
So where, where we are using the notified Eid scheme of all the way to, to offline method. And what we also are offering on our oil platform is a wallet because we see this really as the future of, of digital identity. At the moment, if you are opening one bank account, you have to identify yourself using one of those methods. And today, if you're opening another, another bank account of it later, you would need to identify all over again. And to be honest, this doesn't really make sense. It would be much better to identify your one and then reuse that identity. And this idea of course is not new, but it always has missed the regulatory requirements to be able to do so. And what we see now with the law that I have shown in the, in the beginning is that this regulatory framework is now being created. And so we think that it's quite powerful to have a platform where you have thought identities compliant with such loans, but also access to the traditional identity verification methods to onboard users into such wallets, but also to onboard users if they don't want to use or cannot use such such technology.
And what we would like to propose is really here to form a European Alliance around the creation of, of those water. And this is really about creating open standards that can be used to merge ass I, and the Ida and this Alliance is driven by, by us, of course, together with under other identity verification providers and also European trust service providers. And the goal here is really to build an ecosystem based on open standards, to which then promote innovation, competition and security, because we think that there is no single company out there that can build such an ecosystem by their own, but it really is necessary that European companies join fault to create such a European ecosystem. And we also think that this is quite crucial to keep the European entity and what we think is necessary to do so is really to have those, those open standards because only then can, can players who might be even competitors work together to create an ecosystem. That's good for all of the, the participants here.
And what we also think is that those wallets have to enable different levels of tier. So the IDAs defines three levels from low substantial to high. And what we see is that most of the use cases will be on the substantial level. So we did an analysis of the different requirements, and we found that across Europe, around 95% of the use cases will be on the substantial level. And then of course there are certain use cases that are on high, but the majority will be on, on substantial. So what is the, the general idea you have on the one size, the SSI world? So we have the classic trust fry angle of the holder, the issuer and the file. And you have certain technical standards for like w three C the IDs verified credentials, and also something like all might be connect. And this is our opinion that it does not necessarily have to be based on, on DT because there is already quite a usable toolbox out there which can provide the necessary trust for such a framework.
And this is coming from the IDAs framework. So the IDAs is introducing so-called qualified trust service provider, which has different trust services, like qualified signatures, qualified fields. And of course also the, the notified EIG scheme of the states. And we think that by combining those methods, so combining the technological side of SSI with the trust that the Ida toolbox offer it is possible to get the, the best of both world. And this would really allow to build a system that provides these benefits that the European commission has envisioned, and that we fully share and combines that with the regulatory requirements of the Ida toolbox. And we also, we are part of, of Hyperledger and they also part of union in Germany and both systems are based on, on blockchain or DLT. At the same time, we see that across Europe, there are certainly different opinions regarding this technology, that there are certain member states who are following such technology and are using that, but other things that this technology is not yet ready to use.
And so we think it's quite important to have the system open enough. So to either have it based on DT, maybe at a later point in time, but also to make it possible that it's not based on DT. And we think that using this, this toolbox of, and the, the European trust, it is possible today already to, to have this as it, I combined without using DT in the, in the background. And this is what we want to build together, this, this other players in the market, so that we really have an open standout that defines how such a SU system works and then really drives forward in a European ecosystem for that.
And what we are doing for that is that we are really supporting standardization. So we are for example, part of W3C or part of the decentralized identity foundation, but we are also part of the European organization. So for example, we are part of the, the FC and at the FC currently standards are written how such words can work. And there's also standards or have been written already that define how identity verification can be certified. So this, this at the standard here on the, on the right side, and we, they are one of the outdoors of that standard. And this is really about providing a, a baseline requirement for identity verification methods, so that an audit auditor can use to assess different identity verification methods from different providers. And the last organization, which we think is quite important is, is title because authentication, of course, really plays a central aspect in any, in any wallet, because in the end, it's really about authentication. And we think that fi is a really good standard and has done some, some great work in that area. And so we have founded our start working group who is working on the European digital identity, and who's really working to, to trying to bring together the, the, the side world with the world from, from Ida.
Yeah. So thank you. This what, the quick overview about our work that we are doing here on the SSI and the either side. And of course now I'm yeah. Happy for your questions.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00