KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
With the European Blockchain Service Infrastructure (EBSI) the European Union established an European DLT-infrastructure provided by the Member States. This means that the DLT nodes are in the responsibility of the Member States and so ensure a government trust anchor Since EBSI contains own governance and technical specifications together with conformance tests for wallet it provides a comprehensive framework for decentralized digital identities in Europe. EBSI is widely for use cases in education, public sector or traceability and with the eIDAS Bridge already useable within the eIDAS ecosystem.
As eIDAS 2.0 is technology neutral it provides the possibility to use the technical advantages of EBSI like distribution, crypto agility or performance (in comparison to existing TrustLists) on EUDI Alle,t QEAA but also trusted issuer registries, existing interoperability on decentralized identities based on established standards like W3CVC Data Model, ETSI ESI (especially reg. digital signatures as thexy are required for QEAA acc. eIDAS 2.0) also in eIDAS 2.0. As eIDAS 2.0 is not built on a green field EBSI also supports wide adoption of EUDI Wallet and related (qualified) trust services, as EBSI is already established infrastructure in Europe
With Section 11 the eIDAS 2.0 on the other hand introduce a dedicate qualified trust service for Electronic Ledger. This allows the provision of EBSI by fully liable QTSP under eIDAS 2.0 and allows the broad utilization of DLT for use cases like supply chain & digital product passport (acc. EU Supply Chain Act), Organizational Digital Identity, Social Security, secure Data sharing etc. Within EBSI-VECTOR and EBSI-TRACE4EU more than 80 partners from all member states work on the establishment of a real decentralized and distributed ecosystem using EBSI as common infrastructure in Europe.
The session focus on the role of EBSI in the eIDAS 2.0 ecosystem so:
With the European Blockchain Service Infrastructure (EBSI) the European Union established an European DLT-infrastructure provided by the Member States. This means that the DLT nodes are in the responsibility of the Member States and so ensure a government trust anchor Since EBSI contains own governance and technical specifications together with conformance tests for wallet it provides a comprehensive framework for decentralized digital identities in Europe. EBSI is widely for use cases in education, public sector or traceability and with the eIDAS Bridge already useable within the eIDAS ecosystem.
As eIDAS 2.0 is technology neutral it provides the possibility to use the technical advantages of EBSI like distribution, crypto agility or performance (in comparison to existing TrustLists) on EUDI Alle,t QEAA but also trusted issuer registries, existing interoperability on decentralized identities based on established standards like W3CVC Data Model, ETSI ESI (especially reg. digital signatures as thexy are required for QEAA acc. eIDAS 2.0) also in eIDAS 2.0. As eIDAS 2.0 is not built on a green field EBSI also supports wide adoption of EUDI Wallet and related (qualified) trust services, as EBSI is already established infrastructure in Europe
With Section 11 the eIDAS 2.0 on the other hand introduce a dedicate qualified trust service for Electronic Ledger. This allows the provision of EBSI by fully liable QTSP under eIDAS 2.0 and allows the broad utilization of DLT for use cases like supply chain & digital product passport (acc. EU Supply Chain Act), Organizational Digital Identity, Social Security, secure Data sharing etc. Within EBSI-VECTOR and EBSI-TRACE4EU more than 80 partners from all member states work on the establishment of a real decentralized and distributed ecosystem using EBSI as common infrastructure in Europe.
The session focus on the role of EBSI in the eIDAS 2.0 ecosystem so:
So we, no, I get closer. So we do not see the third panelist right now, but I hope we can join. But let's just start, we only have 20 minutes with a short round of introduction, and although we do not know yet what we are only already talking about, I would like to ask you for a short statement, which is of importance for you when it comes to that topic that we will be covering and maybe we understand it afterwards, maybe starting with you.
Yeah, So, hi, thanks for the invitation to talk about the electronic literature regulation. In fact, this is what motivates me.
We, four years ago approximately, we had the challenge to be able to provide a legal basis for the electronic ledger technology. We will be, we were using already for supporting identity management. This is now our reality and something exciting today. We'll be discussing about that. Thanks. Yeah. Hi. Hi.
Good, good afternoon. So in this context, I'm here more from the technical side. Not only that, ledgers are like theoretical and we have legal backing thanks to some great people here. But we also implemented a lot of things in the context of the European project called European Blockchain Services infrastructure, where I'm one of the architects of that project and we are really happy how it evolved over the years and everything we learned from the different use cases and, and the ecosystem we managed to establish.
So more than happy to, to discuss also about this application layer then that can be then built on top of such technologies and solutions. Right. Thank you. And s Yep. My motivation is, is easy.
The, the, our National Cybersecurity author said you are not allowed to use DT as long as we don't have proven security. Yeah. As we have done several use cases in place, my motivation is to enable DAT to be used in regulated environments. And for this, we need to integrate it into e iida to have then the conformity assessment by conformity assessment body. And so the possibility to use it across Europe.
Great, thank you. A quick question to the, to the team down there. So the fourth participant will not join.
I, I cannot see him yet. Okay. We keep that. Okay. Usually when I do panel, I ask the same question to all the people in the, but that doesn't make sense when you want to explain things. So I just want to kindly ask you to answer the technical questions one after the other, just where you think it makes sense.
Also, we want to educate and I think that is important. So EI does, what's the role of the electronic ledger within E iida? Why do we need that? And he said it needs to be certified, it needs to be stable, it needs to be trusted. But first of all, what's in there?
Why, why do we need it? Well, perhaps because this is more regulatory, I can take this question.
So the, the idea is that at some point in time we needed to establish a legal effect for this new kind of artifact. So we were using a technology, this technology was based on, on a certain set of properties. That was nice. But the fact is that we didn't have any legal effect and as, as the 10 has said correctly, it was very difficult to put the project into working. So the EESI is reporting a lot of use cases. Some of them are relative to identity. That's true. But there are many, many more.
And it was difficult from the European Commission perspective to put this to work because there was no legal basis. And if you, in the European Union, if you do not have a legal basis, if you don't have a legal effect and if you don't have a supervisory structure, then it's quite difficult. And in fact, inside the project, because I was in charge of defining the legal instruments, we decided that it was possible actually to define this as a new kind of tool service. And it was quite a challenge because it, it was supposed not to be any provider at all.
You know, blockchains are working magically with no providers, but that's just true. Of course there is a provider in this case could be the note, the evaluator note. So we needed to regulate this so we could convince governments that this would, could be a supervised infrastructure. That was the, the, the, the main motivator for this. And this is why now we have the electronic ledger with a specific definition requirements, legal effect, supervisory model in the, in the e regulation. Right. We will deep dig deeper into that, but any anything you want to add to what, what you just explained?
Yeah, I think the, you asked the question, what's the role of EP C or ledger in E iida? I think we have to differentiate two different roles. Yeah. We have the wellknown section 11 in the iida and we have the other qualified trust services and we have the UDI wallet and we have to differentiate the utilization of electronic ledger or as an infrastructure for an UDI wallet or any other qualified trust service for the issuance of at the station of attributes or certificates for signatures or as an infrastructure for integrity proof for, for archiving. This is one subject.
In this case, the security will be proven with the conformity assessment of this qualified trust service or the UDI wallet. And then we have the qualified trust service provider for electronic ledger. And it's important to keep in mind the QTS P four ledger, according to section 11, does not cover signature seal at the station of attributes, wallet, et cetera.
So anything which is not covered by the wallet and the other qualified trust services, which means with QTSP for ledger, we cover subjects like traceability, supply chain cases mandatory by law since April this year in Europe we cover subjects like tokenization with this. And we cover subjects like for example, digital, digital Europe. And now you can see maybe the role with SE, we can combine digital identity on one hand and the transaction on the other hand. So I know who owns, Hey Judy and I can sell the ownership via a token in the same infrastructure.
And this is something we can't do with the existing infrastructure. This is something we can do with DT and if we then get the legal value, we also will achieve, will achieve the adoption. Yeah. Maybe just last point I, I would like to touch on last point of, of Stefan, actually no, this is not only theoretical, but it's actually been proven that because EVSI has been like started way before latest EU DI regulations, so on and so forth. And it's been proven that it can simply work with the existing I regulation.
So it's perfectly possible to combine the existing identity system with use cases that built on top of, of EBSI as a like that has a DLT as a basis. Okay.
So, so there's this term qualified ledger. So everything that you described right now, does this make a, a ledger qualified or what is the, what is the added value of the term qualified in that case?
Well, If, if I may qualified is a legal abstraction that we have for all two services, meaning that the true service fulfills a series of requirements. Once you have these requirements that are oriented to determining the security of the service, then you can go through a particular legal process where you get the kind of permission, this is called qualification. Once you have something qualified, then typically the legislator will give this qualified artifact a legal effect.
For instance, a qualified signature is the same as a hundred signature in this case, the legal effect of an electronic ledger is the, the proof of the chronological ordered sequence of transactions. Meaning that, as Stefan was saying, if you have a series of a market organized for selling tokens, then you know that the last possessor in the chain is the owner of the legal rights. And because you have a legal presumption for this, you don't need to discuss in court.
And this is very important because not only will allow us to run, run into regulated markets, but it will spare a lot of money in proof. So in terms of legal thinking in the European Union, the only thing that works is that artifact which is qualified. Right. Just a quick reminder, if you have any questions to the team, just drop them into the q and a section of this session. I will ask them. So everything that you want to know, I will pass on to that.
I know there's a legal requirement to do so to to have this, this, this infrastructure in place as it has been created right Now, are there specific use cases that you think make only sense in that context with the EBSI with everything around that? And what would be the use cases that can be Yeah. That we can take home to?
Yeah, now that works, maybe Stephan. Yeah, I think we have, there, there are two views on this subject. One view is a bit, I put the apps yet on my, on my head and say we have a function e ecosystem. It works for our diploma in our countries in, in Europe, it works also for the, for the traceability. So we could be a, a bit hard and to say EPSI works without the UDI wallet, but the UDI wallet needs ecosystems to work. So the question is a bit who, who needs who in this, in this, in this case?
Yeah, if you speak about use cases, one use case is, like I mentioned, the traceability. So supply chain cases we currently pilot within the trace for you project are subjects like digital product passport, which is mandatory by law as mentioned since since April this year with an euro regulation, like tokenization in this subject I mentioned.
And the, the most added value of DLT we get when we combine identity with the transaction in one ecosystem where we also can, where we can make evident the identity. So who owns something and also the, also the transaction itself. And I think the third option is the, the trusted issuer registry. So we all know our trust list. It's a good old XML. If I think a bit in the future where we have at least 31 UDI wallets plus X plus QTSP for for vegetation of attributes, which will be much more than we currently have, I would doubt a bit if our good old XML list is still scalable.
And this is also something where FC could, could, could help. And then you have everything in the same infrastructure, the identity, the transaction, as well as the, the point to the, to the, to the trust list. And this is really something where we could give edit that added value and we can make transaction in the DLT evident against third parties.
And yeah, this is, in this case, EPSI would be the first infrastructure or one of the first infrastructures in the world where we have this. And the last part I wanted to say is in EP C, the main nodes provided by the member states and on top of this network we built the application for QTSP, so at the station of attributes issuance or det traceability, et cetera. But this means we always rely on governmental trust anchor. And this is something we don't have existing QTSP there, I have the PPI from a private entity only in fc, I always rely on the governmental trust anchor.
And this is an additional trust. We don't have existing infrastructures. Right. You're nodding anything to add from your side or did you cover it all?
Just, just one thing. So this, what Stefan has explained is particularly important when you need identity bind bound to smart contracts. So this is the point precisely the idea is that with, with the EVSI and you know that the etiquette opium has been very recently created, we will have an infrastructure that that allows us to do identity related to on or to on chain activities, which is quite different from identity for non blockchain activities. So this is something we need to put the focus on because otherwise we will not take the advantage of the tokenization economy.
And there are a lot of use cases where we want to have digital assets, economy that we need to put. And I know that Etsy, for instance, is working now in, in, in standardization items for identity bound to smart contracts. And we need to look at, at this with carefully to compliment the current initiatives around the European digital world, which are mainly focused on non-chain activities, Right? So now we understand why it's there.
We know, understand that it's an infrastructure, but who runs the infrastructure? Who is controlling the nodes, who is responsible for running the nodes?
Who, what are the governance aspects for making sure that everything that you just mentioned is taken care of? I will take this again, but, but then I want Alan to, to, to go deep in, in very interesting things he, he has to say as well. So the one discussion we had in in the Epsy project for a long time is who was the owner who was able to put this into production, who was the liable party? And as you know, the European Commission has no illegal personality. So the European Commission cannot sign contracts for running notes.
And this has been very recently solved, as I said before, by the creation of the European Digital, European Digital Infrastructure Consortium, which will be the owner of EVSI. This is formed as a, Stefan has advanced by member states where it is hosted by the Belgian government. And this means that we will be having an infrastructure through a project which is called Sine, which is funded by the European Commission. The will be achieving more than 30 nodes, meaning that we have our resilient network and we'll be having the possibility of selling services.
The European Commission is continuing to fund the initiative, but it will be made sustainable from an economical perspective because then we will need to charge by what I we are doing. And the idea is that the edit, this edit could be the legal way to qualify the blockchain as, as a whole. Meaning that instead of having 40 qualifications, we only have one qualification, one legal entity providing services with a governance structure. I have to say that this means having a centralized ledgers somehow because the governance is centralized. It's a consortium after all.
But the idea that we have distributed technology, we have secure technology, we can support different ledgers, so we can support different kind of use cases, and therefore depending on initiative, we can do one thing or different things with legal full legal validity. Right. Anything to add from your side?
No, no. I mean, I mean, at least today the notes are really run by, by by entities that are recognized by member states. And basically the, the distribution is such that no member state has like, like full power or control over it.
So the, the network, it's not only resilient like by design at, at the protocol level, but also the, the, we have a lot of member states involved so that we have a really nicely distributed network of whole note hosts if you'll Right. Great.
We, we have a question from, from the audience. I'll just read it out. Seems to be a bit controversial. When will the requirements for qualified lectures be published and prior to publication, is there any route to engaging and shaping these seems to be who wants to step in?
Yeah, the status is, we are working on this, on the subject in the, in the U projects. So one is FC FC Vector, the other one FC and E. So it pretty much the people here on the, on the panel and the person we, we, we are missing. So then it is all, it's actually working on the subject and also shaping it in the European and worldwide standardization committees. So I think the easiest answer is according to the, the timelines in, in EAS, the implementing ACTS 40, the qualified ledger have to be there by April. April next year.
So this will be the final date when those requirements will be published. But if anybody of you wants to take part in the standardization committees, just contact us and would be, we will be happy if you contribute.
Just, just a quick note, the legal requirements, in fact, they are already published, so it is the technical requirements on the references standards. And please do not expect that any blockchain technology is in there. Probably only subset in between the fa the fa the family of DLT technologies can be easily qualified. So when we say that we have created this for EVSI, it is because somehow it is possible to qualify EVSI of the networks we don't know, but we only wanted to qualify epsy, you know. Okay. Great. Thank you. We have three minutes left.
And you've mentioned that before, that it's this pair of the infrastructure plus the wallet and those interacting. So I, I've learned that there is no conformance testing or no, no, really no. Really making sure that the, that a wallet is compliant with, but there is a conformance testing that's the way around when, what is the future of an EBSI conformant wallet in relation to EU DI wallet. So what can we learn from that and what is, what will be the effect of what you've done already to for the future May maybe I start with that.
So, so especially one role. So, so when we talk about ledgers, so the, the IDAs regulation or EDI regulation is addressing the like qualified ledgers, right? But then we need applications done run on top of ledgers, right? And one of the most prominent use case was actually about verified credentials, verified credentials exchange, where the ledger plays a role of like public or route certificate directory that, that allows us to, to publish and effectively distribute important information.
However, when, when the project started, most of the standards were quite immature. So EBSA played an important role in being an like an stable anchor in this sea of ever changing standards when it comes to digital wallet and protocols. And in that context, basically the con acon conformance testing has been established, which just means that we have a set of requirements and we have a wallet that conform to those requirements, but there's no certification like Etsy and QTSP, so and so forth.
And, and basically all this works sparks a very, I would say vivid and wide ecosystem of wallet providers. So now really the question is, if I refer back to, to, to, Stefan mentioned nicely that one can live without the other, but what can we learn from all this effort and how can we make sure that the, the ecosystem has some continuity and that the use cases that already built on these technologies basically gains additional recognition and then be easily integrated into like new, new wallets and standards, so on, so forth.
Okay, great. Thank you very much. Anything to add from your side? Running out of time and there's lots of questions and good questions. They seem to be anonymous. I don't know what's happened here, but, but, but I hand them over later on. But any final thoughts for you from you to add?
Yeah, I, I don't want to live without saying an additional thing. Remember that blockchains thanks to the other regulation are now legal even if they are not qualified. And this is a quite breakthrough. European Union is the first place in the world where we have regulated ledgers for all use cases, qualified with legal effect, non-qualified with the right to go into court and proof something that was not insured before. Great. Thank you very much for these final words. Thank you again to the team. Sorry that Daniel could not j join us.
I, I sent received a message while we were talking, but he didn't, could not dial on. So, but I think we, we've managed it anyway. And greetings to go out to Daniel. Thank you very much to the team.