Beltug

Authentication matters: How digital can you go? Takeaways from the N-sight: 19 January 2017


Date:19/01/2017


There are still plenty of hurdles in the path towards a digital world: that was clear at our 19 January 2017 session, as participants fired off questions at our speakers from the start! Beltug members can see presentations from the event here (after login):

Beltug presentation: "Authentication Matters: How digital can you go?"

Cabinet of Minister De Croo presentation: "Digital Belgium"

Portima presentation: "Digital signature, digital archiving and the new Belgian law"

BPIFrance presentation: "Retour d'expérience sur la signature électronique"

time.lex presentation: "eIDAS - The European and Belgian legal framework: the rising revolution of trust services"

MobileID presentation: "Digital Identity"

First up was Anne-Sofie Van de Velde, representing the Cabinet of Minister Alexander De Croo, which is responsible for the Digital Agenda. She went through the realisation of the 'Digital Act' in 2016: the action plan, following up on the European eIDAS framework, and extended with a Belgian chapter on e-archiving, that outlines the digital long-term vision for our country and translates this into clear ambitions. This has cleared the way for a good number of ‘trust services’ (e-signature, digital time stamps, eRegistered mail, etc.).

Trust services must be distinguished between those that are ‘qualified’ versus ‘non-qualified’. Qualified trust services are offered by a company that has undergone an audit, with a report, and is included on a list. Non-qualified trust services are offered by companies that have not undergone the audit, and are not on the list.  The concept of non-discrimination remains valid, but should there be a dispute, the provider might have to prove that procedures were settled correctly.

Our next speaker, Claude Rapoport, CEO at Portima (a services cooperative in the insurance sector, ensuring secure and efficient digital communication and exchange among Belgian insurers and brokers), shared his hands-on experience with authentication matters. He had plenty to contribute, as electronic trust services are an important part of Portima’s service offering. Until a few years ago, the law was univocal and clear, he outlined: to be authentic and legally valid, documents had to be on paper. Now, the law also accepts electronical documents as legally valid. While this opens up opportunities, limitations still hinder the fluent development of new solutions.

As an example, he highlighted the eID card, which requires an eID card reader.  The consumer must know the PIN code of his eID, and specific Java programs must be installed (which can make it hard for the consumer to use).

In spite of the obstacles, Portima developed an application ('PortiSign on Mobile') enabling its brokers to sign insurance documents electronically.  Currently, the company is going through the extensive audit required to become a qualified trust service provider.

Claude’s conclusions?

  • Electronic documents now have the same legal value as their paper equivalents
  • Advanced electronic signatures are valid and should be accepted
  • Qualified electronic signatures issued in one Member State will need to be recognised as a qualified electronic signature in all other Member States
  • The conformity norms and the assessment bodies for qualified archiving are not yet defined.

French investment bank BPIFrance then described its own experience incorporating digital document management (including electronic signature) in its operations.  Success, Emeric Brossard, Project Manager / Digital transformation department at BPIFrance, emphasized, requires the adoption of the new technology by the users.  Communication on the topic should aim for that acceptance.

After these real-life cases, Hans Graux, Partner – Manager at legal firm time.lex, gave a very extensive and complete overview of the legislative part of the story. The trust services covered in this N-sight find their basis in a European framework that aims at a smooth interoperability between countries.

The eIDAS Regulation has 3 main parts, he explained:

  • eDocuments: a very small but important part, based on a non-discrimination principle.  Documents cannot be considered illegal simply because they are electronic or paper
  • Electronic identification: there is no outline regarding which technology is to be used (this becomes important when going mobile)
  • Trust services: the definition of, for instance, a time stamp is the same across Europe. All such services are included in a closed list. If a service is not on this list, it is not a trust service, as defined by the EU. (Have a look at slide 5 for this EU list.)

It is important to note the difference in this list between a 'seal' and a 'signature' - a seal ensures the origin and integrity of the document. Within the definition of ‘seal’, we also find the term 'legal person', which indicates that this seal cannot be considered a replacement for the physical seal (used by e.g. notaries): a ‘legal’ person (e.g. a company) is not necessarily the same as a ‘physical’ person.

So how does this framework influence the situation in Belgium?  Slide 6 gives you a structured answer to that question. There's a lot to be positive about, Hans Graux concluded.  The legal framework is clear and comprehensive, the potential for new services is enormous, and Belgium is ahead of the pack!

The final presentation of the day came from Kris De Ryck, CEO at Belgian Mobile ID. He commented that, while the world has become mobile, our authentication means are not - yet.  That’s the challenge the Belgian Mobile ID project is targeting, in a consortium combining banks and mobile operators. Each brings their specific expertise: the banks, for example, provide their security knowledge.

What will the Mobile ID solution deliver:

  • The ability to login (to websites, apps, refrigerators, etc.)
  • Approval of transactions – such as advanced signature
  • Digital on-boarding process
  • Applications using Mobile ID.

All in all, it was rather a marathon session, but with the keen interest of the participants, focus remained high, as they continued to ask questions throughout the day.

This new N-sight format offers members a chance to learn from experts and peers about specific issues, with insights into trends, new technologies, how to prepare for them, and more.

 

 

 

 

 

 

 

 



 

Dear visitor,

Access to more information about this topic and/or to download the paper is easy and fast, but exclusively for Beltug members (just login to get access).

Beltug gathers a lot of information. Here you find the advantages of Beltug membership

The Beltug Team

Click here to login




>>> Back to overview