The Connector Podcast - Mastering Digital Identity in the EU: A Deep Dive into eIDAS 2.0 with itsme®

Show Notes

Unlock the secrets of seamless digital identity in the EU with our latest conversation featuring Tom from itsme®. We venture into the realm of eIDAS 2.0, the regulation revolutionizing how we interact online. Prepare to be enlightened as Tom, with his expert knowledge, navigates the evolution of this critical legislation, from its origins to its latest enhancements. We dive into the nitty-gritty details of increased security, the push for consistent digital identity across member states, and the integral role of It's Me in this digital transformation.

Get the inside scoop on how itsme® is pioneering the future of digital interactions, offering a tantalizing preview of the technology integrating into our everyday lives. From accessing government services to providing legally recognized digital signatures, understand how itsme® is not just keeping pace but setting the standard in the digital identity landscape.

Thank you for tuning into our podcast about global trends in the FinTech industry.
Check out our podcast channel.
Learn more about The Connector.
Follow us on LinkedIn.

Cheers
Koen Vanderhoydonk
koen.vanderhoydonk@jointheconnector.com

#FinTech #RegTech #Scaleup #WealthTech

Transcript

Speaker 1: 0:01

Welcome to the Connector Podcast, an ongoing conversation connecting fintechs, banks and regulators worldwide. Join CEO and founder Cohen van der Hooydonk as you learn more about the latest available trends and solutions in the markets.

Speaker 2: 0:20

Welcome to another Connector Podcast from Belgium Fintech, and today we have Tom from. It's Me, tom, welcome in our podcast, hi Koen. Hello, today we're going to talk about AIDAS, version 2. What is this about?

Speaker 3: 0:36

Well indeed, let me maybe start with already what is AIDAS as an abbreviation, because we will be talking a lot about AIDAS, probably the name and the word will be dropped. A lot Would be very useful. So, first of all, eidas stands for Electronic Identification, authentication and Trust Services. It is actually a European Union legislation and regulation implemented initially in 2014 with the objective to ensure scalable and reliable electronic identification and trust services across the European Union. Adas facilitates electronic interactions between citizens, businesses and public authorities. The update of the ADAS law and you've already referred to it ADAS V2 or ADAS 2.0, as often referred to, actually builds upon the original ADAS legislation and ADAS law.

Speaker 3: 1:23

Detailing an exhaustive set of differences and nuances between ADAS v1 and ADAS v2 would probably lead us too far for today. We would still be here in the evening, even when it gets dark. That's for another podcast, yes, even if days are already extending for quite a bit, though I would really like to emphasize on two main differences, two key evolutions I consider most important from the ITSME perspective. First of all, adas v2 aims to enhance security and reliability of the electronic identification and trust services. Secondly, adas v2 is actually about tackling one of the main challenges which is encountered within ADAS v1, namely consistency. The original ADAS implementation has too much varied across the different member states, which has led to inconsistencies and difficulties in using the services. The main shift, therefore, embedded in ADAS v2, is the creation of a unified European digital identity with the digital identity wallet, a concept we'll most probably be touching on very soon as a key component.

Speaker 2: 2:24

That's super interesting because in my mind I always knew that AIDAS was one of the first regulations that was truly European, and even that now is saying there is a reason for updates for that reason.

Speaker 3: 2:36

Exactly. It's actually building up on maturity, let's say, and it's taking the next step in that first wave of structuring that from a European.

Speaker 2: 2:41

Union perspective. Excellent, tom. We didn't go there in the first place in the very beginning of our podcast. But what is? It's Me, because maybe listeners that have not even heard about it's Me.

Speaker 3: 2:53

Yeah, true, Well, it's Me is a digital identity solution. It's about a mobile application that facilitates data sharing, authentication up to qualified electronic signatures We'll come back to that concept later on in the podcast as well, most probably which is actually today available in 14 countries and which is serving about 7 million users in their day-to-day interactions. We see, on average, that it's Me is being used more than once a week in different interactions across public and private sector use cases, and where does it's Me bring you, then, in relation to AIDA's version 2?

Speaker 3: 3:28

Well, aida's version 2, or let's say it's Me today, has two key accreditations and roles under the current AIDA's legislation. First of all, it's Me is accredited as what they call an e-identification means at the highest level. To make that a bit more tangible, the e-identification means is actually the driver behind the fact that it's Me is today available on the FAS, the Federal Authentication Hub of the Belgian government. That is making sure that it's allowing 7 million users, 7 million Belgians, to use it's Me to authenticate and access about 800 e-governmental applications, going from student at work up to my pension and my minfin. Secondly, it's Me is also being accredited as a qualified trust service provider, the second concept under EIDAS which makes it possible to sign with it's Me a document in a qualified way. So that's actually with it's Me, by entering your five-digit code, you can sign a document with the same legal value as the wet, as the paper signature.

Speaker 3: 4:25

And given the nature of it's me, often referred to as a rec tech, because every beast needs a name I would say we are obviously closely following up on the different drafts of the ADAS legislation and in that context, today is actually a very special day because just at noon they officially announced that the final version of adas v2 has been released. Given that only today they released the final version, it is not possible yet to formally accredit it already for adas v2, which will most probably very soon be possible, though I'm convinced, based on our analysis and the different checks we've been performing while the different drafts have been published and exchanged, that our current adas accreditations will be reconfirmed also under the ADAS v2 framework.

Speaker 2: 5:05

Well, earlier, Tom, you talked about an identity wallet, a European identity wallet. Could you elaborate a little bit more on that concept?

Speaker 3: 5:14

Sure Well, next to the impact on our current offering we've been talking about e-identification means, about qualified signatures ADAS v2 is actually introducing a new concept the digital identity wallet, and each member state will have or has, since it's published officially today, the obligation to provide their citizen with a European identity wallet in the course of the next two years. From its me perspective, with its me being a good example of a successful collaboration between the public and the private sector, which we also want to continue Agreed Under the ADAS V2 framework, I actually see three key roles or three opportunities. First of all, your identity wallet will include digital references of your personal and privacy-sensitive information. Think about your identity card, a driver's license and, potentially, health attestations. Its me, therefore, can be used as a secure key to make sure that only you, only the genuine person, can access, manage and eventually exchange these informations. Secondly, as different private players apologies, like banks, telcos will need to adopt the digital wallet also within their ecosystem. It's me is very well placed, Even its current network and technical integrations, with about 1,000 partners, to streamline and facilitate the technical integration of the European identity wallet within the B2B network. And last but not least, because I said I was going to talk about free.

Speaker 3: 6:34

There is also a key role for its me in the facilitation and the exchange of data attributes with and that's for me a key concept the explicit consent of the user.

Speaker 3: 6:44

Let me emphasize on that with a concrete example. Think about renting a car. Typically, that car rental company will ask for identity information, checking if the person is above 18 years of age, Will also probably ask for a payment means to process afterwards the invoice. And, last but not least, they will be willing to check if you one have a driver's license and two, if that is still valid, You're not being stopped over the weekend for speeding or maybe drunk driving. In that context, and for these kinds of use cases also, itsMe can be positioned as a trust anchor, allowing the user to provide his explicit consent for the data exchange through the itsMe app and in the meantime, very well known what you see is what you sign screen and leverage its existing technical integration with the partners to provide the requested data set. Important to state for me is that in this setup or this is a setup whereby it's Me, apart from the identity data, is not managing, not storing these other data attributes, but will focus on exchanging and capturing the consent of the user only.

Speaker 2: 7:47

So we're talking about self-sovereign identity coming into reality.

Speaker 3: 7:52

Absolutely, and we could even say for us, self-sovereignty is maybe one extreme whereby you push everything to the user From its me perspective. We believe very much in a hybrid module whereby you have that core identity data set managed at its me side, which will also allow us to facilitate, in a convenient way, lifecycle management for the user Think about changing a device happening every two to three years. And secondly, also making sure that, for example, in the context of security and privacy, we can help and we can steer to make sure that we remain up to par with market trends and protect and make it a transparent experience for the user, because that was my reflection when hearing to your very nice story about the holy trinity.

Speaker 2: 8:34

It's about the user and about the concern about security. So can you elaborate maybe a little bit more how you guys are particularly addressing these security requirements?

Speaker 3: 8:45

Well, security is, next to convenience and privacy, one of the three key focus areas for itsme. And to make sure that our it's Me ecosystem because I would call it an ecosystem and the collaboration with the partners remains ahead of market from a security perspective, we have set up our own security operation center, which we often refer to as our SOC. And actually our SOC is constantly following up on new threats, new market evolutions. We see numerous attempts and numerous creative attempts every day. It's about scanning any abnormal patterns or behaviors and is closely following up with the CCP, the Cybercrime Security Unit from the Belgian government, to drive resilience of the whole ecosystem.

Speaker 2: 9:24

But there is a strong Belgium story here, but I hear people or birds whispering that also it's Me is looking at broadening out of belgium. How would that look like?

Speaker 3: 9:36

oh, so actually that's a very um actual team.

Speaker 3: 9:40

We've, since december of last year, we have been extending the countries through which and the documents through which a user can enroll and activate it's me from three up to 14 countries. Wow, impressive, Thank you. A key element there is it's not only about extending the countries. We have envisaged SME as from day one, from an international, from a European perspective. That's also why, for us, it was key to, for example, be accredited in the context of ADAS, because that, for example, to just name one example or one concrete element that allows us to support a qualified electronic signature.

Speaker 2: 10:16

So the element that allows us to support a qualified electronic signature, so the equivalent of a legal wet paper signature, not only for the belgian citizens but for the whole european union. Well, I hear a lot of nice stories. Um, how does technology play a role in your end?

Speaker 3: 10:24

a technology often, of course, is a key element. We are based on a smartphone, we are an application on a smartphone, so obviously we're following up a lot on technology and also technological evolutions. The fact that is what we try to do is to combine technology user convenience with security and also compliance. I refer to it, as me, as being a rec tech. That also means that we are constantly at the outlook. How can we make sure that we make the most convenient experience for our end user possible, still respecting the different regulations and compliancy frameworks, which are also constantly evolving, of which ADASv2 is a nice example?

Speaker 2: 10:57

Do you have perhaps any other examples where its me can be used, out of the context of me using it for my governmental information?

Speaker 3: 11:08

Sure, I think the same thing, as I said earlier on, would go here. We could probably talk for about a day, and that's probably the passion that speaks. But if I need to take out two, then I would emphasize on, for example, bolero, an affiliate of the KBC group, where we actually combine our ability to share data and the qualified science service to facilitate a customer onboarding process, because actually the fact that we can offer these two services allows us to make sure that the user can, on a Sunday afternoon, become user and a customer of Bolero with the same level of compliance as he would have been passing in a bank branch on a Monday morning. And there it's me is not only driving a fully digital and a KYC AML compliant process, though it is also allowed to shorten the process from about three weeks in a physical world to up to three minutes with its me today.

Speaker 3: 11:55

Second example and I'll stop at two, as I promised, not three this time, not three this time. Indeed, you also have Henkel, for example, in the HR sector. It's another good example of the USPs, of the Qualified Electronic Central Service, of its me. For example, in the context of signing an employment contract, the qualified sign service offers the same value of a wet, of a paper signature which is legally required for these kinds of interactions. At the same time, the it's me offering goes beyond signing of employment contracts and can facilitate the signing of various documents and help to streamline even the entire HR process.

Speaker 2: 12:31

Wow, impressive, wow, impressive. Tom, we're almost at the end of our conversation here. I think the last question I'm left with is who should contact you and how do they contact you?

Speaker 3: 12:43

Well, I would say everybody with a genuine interest in its me or maybe a potential opportunity, who has been triggered maybe by the different elements brought forward more than what makes sense, and very happy if they reach out for me two ways to do that. They can contact us through our website, where they can contact our sales teams or even the support teams. Should you encounter any issue directly, of course, don't hesitate to also reach out to me directly via tomvandenbosch. That's b-o-sS-C-H at itsmedashidcom.

Speaker 2: 13:12

Tom, it was a pleasure having you here in the podcast. Thank you very much. Thank you also to the audience for staying tuned, and stay tuned for more fintech and financial news. Thank you very much. Thank you, the pleasure was mine. Bye-bye.

Speaker 1: 13:24

Thanks for listening to another episode of the Connector Podcast. To connect and keep up to date with all the latest, head over to wwwjointhekonnectorcom or hit subscribe via your podcast streaming platform.