Operators’ role in shaping the European regulatory framework for mobile authentication services

Operators’ role in shaping the European regulatory framework for mobile authentication services
Following the European Parliament’s recent approval of the EC’s proposed e-Identification, e-Authentication and e-Signature (eIDAS) Regulation, the Porvoo Group, an international network promoting trans-national, interoperable electronic identity based on Public Key Infrastructure technology (PKI) and smart cards, held a high level seminar “European Operators prepare for trust services for electronic transactions” in France on 22nd/23rd May. The objective of the seminar was to discuss the regulation and interoperable solutions for electronic identity and trust services.

Janne Jutila (from the GSMA Personal Data programme) and other operator representatives presented the critical role that the mobile industry is playing in shaping the future of authentication and identity services. At the seminar, participants agreed that mobile operators are key players in this nascent digital transactions ecosystem because of the key assets and capabilities that mobile brings and that are needed to make these services convenient, secure and privacy respecting.

The EC eIDAS regulation provides a foundation for how electronic identification, authentication and trust services such as electronic signature are offered in Europe, how they can be used in public services across borders and how the regulatory and liability framework will govern these services. Equally important, the regulation will help define secondary legislation on how this will be implemented in different Member States including, for example, what authentication schemes are approved by national regulators in each EU country for cross-border purposes.

Currently, several countries are using wireless PKI mobile digital signature solutions for both public and private digital services, and more are in the process of launching new services using other mobile identity enabled technologies, such as GSMA Mobile Connect (which enables authentication on multiple security levels, including for example SIM+PIN based on SIM-applet symmetric keys). The extent to which local regulators will enable these services for cross-border public services transactions is not yet clear, although the clear advantages of mobile identity based services were recognised at the seminar.

The mobile phone & SIM is a versatile platform for authentication, identity and digital signature services. It has distinctive benefits over alternative platforms, such as smart cards. For example, mobile doesn’t require users to have a separate card-reader and it allows, users to use the same authentication credentials across all use cases – from public services to banking, internet log-in and corporate cloud services. In addition, mobile platforms enable cost savings from shared infrastructure when operators work together via an interoperable platform. This is especially important as public finances are stretched in most EU countries.

At the seminar it was clear that mobile operators, EU-institutions and member states share a common agenda in “building a connected Europe that can help meet the region’s growth, employment, innovation and sustainability challenges” and that the mobile industry plays a critical role in this objective.
If you would like to learn more about digital identity and authentication, or to participate in the discussions and help shaping the future and launch of exiting new services, please get in touch with the GSMA Personal Data programme.

Marta Ienco and Janne Jutila
GSMA Personal Data Program