Mr. Barry Lowry:

I am the Government chief information officer, based in the Department of Public Expenditure and Reform. I thank the Chairman and committee members for the invitation to meet them today to discuss the European Commission’s draft legislative proposal for the European digital identity framework. I am joined by my colleague from the Office of the Government Chief Information Officer, Mr. Declan Hickey.

As the committee will be aware, one of my responsibilities as Government Chief Information Officer is to take forward the soon to be replaced public service ICT and eGovernment strategies and elements of the Civil Service reform 2030 programme. Another responsibility of my office is to work with our equivalent offices across the EU and EEA in shaping European Commission technical programmes and initiatives and to support Departments and representatives where they are involved in related policy or legislative discussions.

The European digital identity framework is one such project. My colleague, Declan Hickey, and I are both involved in technical meetings related to this initiative and we have also been assisting our colleagues in the Department of the Environment, Climate and Communications with their contributions. On that basis, I would like to take my few minutes to brief the committee on the technical aspects of this programme.

As the committee will be aware, the Next Generation EU recovery package, which is worth €750 billion, was established to complement and support each country’s own national response to the crisis, and to provide the means to invest in the transformation to a more green and digital economy. The EU Digital Compass then sets out the EU’s vision for a digital future in a way in which, the EU claims, will also support it in meeting objectives in the European Green Deal, thus helping Europe to reach its goal of reducing greenhouse gas emissions by at least 55% by 2030. It cites the use of video-conferencing to help reduce flight emissions and digital technologies to help create a greener approach to agriculture, energy use in buildings and more sustainable city planning.

The EU Digital Compass uses the four points of the compass to identify the main goals to reach over the next decade. These are as follows: first, a digitally skilled population and highly skilled digital professionals; second, secure and substantial digital infrastructures; third, digital transformation of businesses; and, fourth, digitisation of public sectors. The EU has stated that the successful delivery of the Digital Compass will require an increased focus from governments on better digital services and better interoperability across all levels of government and across public services. Equally important, they argue, is the concept of a trusted, user-controlled identity, one which allows citizens to control their own online interactions and presence and make full use of online services throughout the EU, while preserving their privacy.

It is this ambition which has led to the EU re-thinking and revising its plans and ambitions for an EU digital identity. Electronic identities, eIDs, or digital identities and related infrastructure are foundational for digital transformation and to enable delivery of services for citizens and businesses. A functional self-sovereign digital eID, which puts citizens in control of their own data and privacy, would be a big step towards transforming a wide range of public services. It is generally recognised by the UN, OECD and EU, among others, that government sponsored digital identities can protect the most vulnerable by ensuring that citizens are protected from personation and receive their entitlements accurately and in full. As the World Bank pointed out: “Robust and inclusive identification systems are crucial for development, as enshrined in Sustainable Development Goal (SDG) Target 16.9, which mandates countries to provide “legal identity for all, including birth registration.”" For individuals, proof of legal identity is necessary to access rights, entitlements, and services. For governments, modern identification systems allow for more efficient and transparent administration and service delivery, faster and more responsive services, and increased security.

The August 2021 G20 Digital Ministers’ declaration acknowledged the growing importance of digital identity, especially where “easily usable, reliable, secure, trusted, and portable”, in providing citizens and businesses with a safe and privacy-compliant access to digital services. The declaration also referenced the potential of digital identity in humanitarian and emergency scenarios and its potential contribution in the attainment of the aforementioned United Nations Sustainable Development Goal, Target 16.9: “to provide legal identity for all”.

The EU eIDAS regulation set out to harmonise the mutual recognition of electronic IDs and trust services in Europe. While approximately half of the member states notified their eIDs for the purpose of mutual recognition across borders, others, including Ireland, were more hesitant, being concerned about the outdated concept behind the architecture and the practicalities of how it would work on a day-to-day basis. The concerns of this group were proven justified when a review of the eIDAS regulation by the Commission highlighted the need to improve upon the regulation, both with regard to trust services and eID.

In particular, the evaluation highlighted several specific challenges with the eID approach, including weak implementation, low uptake by citizens, difficulties in interoperability, limitations to cross-border utilisation, lack of convenience, complexity of the notification process and the limitation of the service to the public sector only. The Commission admitted that only about 60% of the EU population in 14 member states was able to use its national eID cross border and only 14% of key public service providers across all member states allow cross-border authentication with an e-identity system. The number of successful cross-border authentications per year was also very small, although it is on the increase.

The evaluation concluded that a framework for European digital identity was required that both acknowledged and addressed the implementation challenges associated with existing digital identity legislation and, equally, would help deliver a workable and popular self-sovereign identity solution for citizens. On 20 September, in her state of the Union address, Ursula von der Leyen, President of the European Commission, stated:

Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data is used and how.

The ambitions for this European e-identity include that it will be actively used across Europe; will be available to any EU citizen, resident or business in the EU that wants to use it; will be used for public and private sector transactions; will include credentials; will be operated via digital wallets available on mobile phone apps and other devices; and will give full control to users to choose which aspects of their identity, data and certificates they share with third parties and keep track of such sharing.

The new proposal for a new European digital identity framework was published on 3 June 2021. The proposal consists of a regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European digital identity, an annexe to the regulation and a recommendation on a common Union toolbox for a co-ordinated approach towards a European digital identity framework.

From an OGCIO point of view, while we have an interest in the development of the legislation, our main focus will be aligning with any technical solution - much as we did recently with the digital Covid certificate. At this stage, while the Commission seems to have a good understanding of timescales and the required resource commitments - about 60 full-time equivalents and €30.8 million estimated for the implementation of the proposal between 2022 and 2027 - the detail on the actual technical approach is thus far limited.

The early draft of the regulation states that the financing will support costs linked to maintaining, developing, hosting, operating and supporting the eID and trust services building blocks and it may also support grants for connecting services to the European digital identity wallet ecosystem and the development of standards and technical specifications. The regulation states that the underpinning technologies should be developed towards the highest level of security, user convenience and wide usability. It states the ambition that all European digital identity wallets should allow users to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services and also serve the institutional needs of public administrations, international organisations and the Union's institutions, bodies, offices and agencies. Achieving this while making the app a viable alternative to commercial equivalents and one that will encourage substantial uptake will be challenging. The process should be helped by one of the early deliverables, namely, a toolbox for a European digital identity framework. This is planned to include a comprehensive technical architecture and reference framework, a set of common standards and technical references and a set of guidelines and descriptions of best practices.

The technical work regarding technical architecture, references and standards by member states and the Commission has not yet commenced but will start shortly.

In summary, this is an important initiative and aligns well with the discussions we have been having in Ireland with respect to increased use of digital wallets and credentials. However, much needs to be done to move this from being conceptual to successful implementation. I thank the committee.