eIDAS and the EU’s mission to create a truly portable identity

It goes without saying that the European Union (EU)’s Electronic Identification, Authentication and Trust Services (eIDAS) regulation is a long-awaited step in the right direction. In pre-eIDAS Europe, each member country had its own digital identity scheme. The problem was that these identity schemes were not compatible with each other.

In other words, if, say, a Polish national was moving to Spain, he or she could not use their digital identity from Poland to access public services in Spain. Instead, the individual would have had to set up a digital identity from scratch in their new home – a time-consuming (and, ironically, analogue) process that required the person to present physical documents, multiple pieces of government-issued ID, third-party notarisations, and so on, in person.

eIDAS – the EU’s ambitious project to create a truly portable identity – has the potential to be an effective correction to this problem by creating a standardised digital identity framework and allowing digital identities to work across borders. Indeed, processes such as filing tax returns, enrolling in foreign universities or registering businesses in other member states would stand to become easier.

Before the deadline, the UK’s Gov.uk Verify scheme was pre-notified in August 2018, in compliance with the eIDAS regulation, indicating that the UK will be included along with other EU member states in the interoperability of systems across Europe. However, in an interesting turn of events post-deadline, the UK government proposed an amendment to remove the interoperable ID aspect for member states – no longer taking part in the shared identity framework across the EU states.

Only after the withdrawal is agreed upon will there be an agreement as to the future trading and regulatory relationship between the UK and the EU. No matter which way the tables turn, businesses should have verification procedures that are adaptable and have coverage in both the UK and across the EU to ensure that businesses can continue between EU member states and the UK.

When it comes to eIDAS, the material benefits for businesses, particularly those regulated under know your customer (KYC) and anti-money laundering (AML) laws, cannot be underestimated. The average bank spends up to £47m a year on inefficient identity verification processes, which it needs to undertake to comply with KYC and AML laws.

The processes are often manual, time-consuming and prone to lapses, often leading to costly outcomes. For instance, the International Netherlands Group (ING), the largest bank in the Netherlands, was fined €775m in September after an investigation into money laundering that allegedly involved one of its customers.

Once government data is made available to obliged entities, such as financial institutions (FIs), they will be able to use this data in conjunction with identity data from other data sources. This would dramatically improve their identity verification processes.

Conducting due diligence on individual customers, merchants and businesses would become significantly easier. And this, in turn, would ease and improve the experience of doing business across borders, besides helping FIs become more effective in preventing financial crimes such as tax evasion and money laundering.

However, enabling businesses such as FIs, payment processors or online marketplaces to access this data, which they can use to verify a customer’s identity, is beset by challenges. These include the security challenge of how governments can be confident that businesses are accessing their data securely. In other words, will sharing data with businesses make the data less secure and vulnerable to misuse?

Second, there is the more arcane challenge of interoperability. How can identity information work across different countries and, in turn, across diverse identity data sources and languages, which are often structured differently?

The third challenge would be reaching an understanding with the EU and other member states over the details of exactly how their digital identity data would be stored and shared.

Overcoming these challenges is complex. For businesses looking to expand into burgeoning markets, securing access to government data sources is notoriously difficult, but immensely valuable. This is because a government’s identity data is robust, while other identity sources, such as credit bureaus, may not possess enough data on the country’s often thin-file or new-to-country residents.

Leveraging this access, the world’s largest marketplaces and payment processors use organisations such as Trulioo, that have longstanding data partnerships around the world and can provide secure access to government data sources in many parts of the globe to instantly verify the identity of merchants and individuals in hard-to-each markets across Asia, Latin America, and beyond.

To tackle the challenge of interoperability, much like eIDAS, Trulioo has built a normalised framework for identity verification across countries to provide secure access to more than 400 identity data sources covering five billion people, using a common set of data fields to verify the identity of customers, no matter where they might be located.

Data sources are accessed under one contract, using one API [application programming interface] without every business having to sign multiple contracts and build a separate integration for each and every data source it wanted to access.

The security challenge is addressed by not storing personal information, but instead verifying an individual’s identity securely and instantly to eliminate the risks that are typically associated with data processing.    

eIDAS presents game-changing possibilities, and lays the foundation for a truly portable identity. It is now incumbent upon businesses to work more actively with the EU, its member states and regulators to bring the advantages of eIDAS into the private sector.