Hello everyone and welcome to our webinar series Road to EIC. Today we're talking about EIDAS 2.0, the way to trusted, voluntary, and user-controlled digital identity. So this webinar series gives us a sneak peek at what we'll be discussing at the European Identity and Cloud Conference in Munich. In Munich?
No, not at all. In Berlin this year. So we look forward to inviting you there. eIDAS is an important topic. It may sound dry, but it is a huge driver in digital identity in a way we are facilitating digital interactions, digital business, digital citizen, and user-controlled interactions. I'm really thrilled to have a great panel here to discuss this with me today. They will all be in Berlin this year. So we first have Joran Frik. He is the senior manager at Deloitte. We have Vedran Lalic. He is head of office for the European Parliament.
We have Viky Manaila, trust services director with Intesi Group. Annet Steenbergen, digital identity and seamless travel, specializing here as an independent advisor. And we have Andrew Tobin, who's a commercial director for digital trust services with Gen Digital. I'm Annie Bailey. I'm a senior analyst with KuppingerCole, and I'll be moderating our panel discussion today. So as we get started, of course, we've heard everybody's name.
We have, of course, an idea. They're an expert in this space, but there's a story to be told why we're connected with this topic, particularly with eIDAS 2.0, with digital identity in general. So I'd love to invite each of our panelists to give a brief introduction and to explain why they are working in this space and what particularly they're doing here. I'd love to begin with Vicky. Thank you very much and welcome everybody to this special series of webinar.
Well, my connection to eIDAS is a long story. I'm dealing with whatever means trust services, digital identities, since the inception of original eIDAS regulation 2012. I'm representing Intensive Group, an Italian qualified trust service provider, issuing all sorts of qualified trust services according to eIDAS and also planning to issue new qualified trust services according to eIDAS 2.0 regulation. So my interest is very high from all aspects, regulatory aspects, technical implementation, and last but not least, services delivered to the market.
Thank you, Vicky. Andrew, would you please go next?
Sure, yeah. So I work for Gen Digital. Gen is the world's biggest cyber security firm, pure play cyber security firm. So it's the products of the merger of Norton and Avast. And I came into that organization through the acquisition of a company called Evonym, which was one of the pathfinders for self-sovereign identity and verifiable credentials. So I've been in this space for a while and I think it's safe to say eIDAS is the world's biggest digital wallet initiative. And it's got this really interesting combination of public sector and private sector involvement.
You've got a legislative stick and you've got a business transformation carrot combining really for the first time in anything of this sort of scale. My involvement last, well, I've been tracking eIDAS for a while. I set up one of the large-scale pilot consortia in conjunction with the Swedish government, which is called EWC, EWDI Wallet Consortium, that stands for. So we're involved in one of those large-scale pilots. And I keep a really close eye on what's happening and the impact, not only for Gen, but across the wider world of wallets and identity and verifiable credentials.
And I ran an EIDAS session at the last EIC in Berlin last year. And it was kind of tacked on the end on the last day when everyone's either gone home or they're too hungry to turn up. And I thought we get about 10 people or something. And the room was rammed. It was absolutely, it was a standing room only. It was a big room. And that took all of us by surprise. And I think really triggered the awareness of how many people were interested.
So we got a full day session on the first main day, I think on the Wednesday, EIC Berlin with a number of my friends and colleagues on here that are going to be speaking as well. So that's going to be really good. So I encourage you to come to that as well.
Joran, would you please introduce yourself next? Yes, thanks. And thanks for having me, Annie. My story goes back to May 2013, 2014, also around the inception of the first EIDAS regulation and the large scale pilots at that time. So some of the people in this call might remember eSense and Stork and Stork 2.
Of course, that's all history. From there, I was at that point, a Blue Book trainee in the EIDAS taskforce still with the great Andrea Servida. Since then, I've been working with Deloitte on a whole range of digital identity related topics, helping organizations with enterprise identity, customer identity. But my passion has always remained with citizen identity and advising organizations, governments on how to make best use of the opportunities that citizen identity and now wallets bring with it.
And since recently, we're also advising now again, DigiConnect and in the European Commission on the rollout and uptake of the digital identity wallet. So for me personally, it's really nice to see all of this come full circle and be able to contribute on the success of this digital identity wallet and everything around it. Thank you.
Vedran, would you go next? Yes. Good afternoon, everyone. It's a pleasure to be here with you. I'm a relative newcomer to the world of digital identity. I'm coming from the European Parliament, where I was supporting the work of the main rapporteur for the PILE, Mr. Roman Erkovic. My role was to basically help lead the negotiations at the technical level, help prepare the amendments for the legislative proposal, and in general, just support the work of the rapporteur. So I'm coming from this kind of more institutional side of things. Thank you. Great. Thank you. And last but not least, Annette.
Thank you, Annie. Wonderful to be here.
Hello, everybody. My background is I started out working in international border management, and border management revolves around identity, because that's who crosses a border. Who are you? And ever since that was for the Dutch government, and I left government and ended up working for innovative projects around digital identity in the world of travel and in the world of border management. And I've always focused already for the government on public-private, and that's where the key lies to making that a success.
And this is an interesting part of digital identity, because it means you use it crossing a border. That could be inter-Schengen, when there is no really a border to cross, of course, within Europe. But if you go extra Europe, you are crossing into other regulatory legal jurisdictions, and things still need to work and match. And this is very interesting what the EIDAS will do with this. I think it has great opportunity to set the standard for this. And this is something we will be discussing, all these developments at the EIC. I look forward to that very much.
I have a session on digital identity in travel. Fantastic.
Thank you, all of you, for sharing that briefly. One of the goals of this webinar is to also bring people up to date to where we stand with this regulation. I'd love to have Vicky share some latest updates. Where do we stand now? And what is next steps for the EIDAS 2.0?
Well, we know that the regulation has been recently voted in the plenary of the parliament, and I'm sure Vedran will follow this topic and will explain us what is next. From standardization standpoint, we have started working for the update of the existing standards for trust services, but also to draft new standards in support of EIDAS 2.0 and services such as electronic attestation of attributes and verification of electronic attestation of attributes.
As trust service providers, we are looking forward to have these specifications in a draft, in a stable draft form, and also looking for the implementing acts, because we know that it's time now to have a set of implementing acts issued by the European Commission, more than 40 for the coming 24 months. And I will pass the floor now to Vedran, because I'm sure he has a lot to say for what's next, but also will be interesting to hear how was the journey so far.
Thank you, Vicky. Vedran, yeah.
Yes, of course. Well, you know, it's good to bear in mind that the proposal was published almost three years ago, so it was basically in June 21 that the Commission proposed the the amendment of the existing regulation from 2014.
I think, you know, the reasons for that were, I think, for the most part familiar to the most people, but basically, you know, the fact that the original EIDAS didn't really manage to meet its full potential and deliver on its promises. I think today we're in a situation where only 60% of the population actually in 14 member states only are able actually to use their national EIDAS cross-border, which is obviously not sufficient. It's a very low number, and one of the reasons why the Commission has in fact decided to amend the original EIDAS was because of that.
Further to that, today only 14% of key public services across all member states allow for cross-border authentication within the EID system, also a very low number, and the overall number of successful cross-border authentications per year is very small, although we are noticing an increase, but still due to, I think, also issues relating to interoperability. Again, the EIDAS, original EIDAS didn't really deliver on its promise.
So, as I mentioned at the beginning, the proposal was published in June of 21. What followed was basically a series of negotiations and preparatory work, both done in the European Parliament and the Council.
And then, I think the biggest milestone, I'm not going to go into every possible key event that happened in the last three years. I would just like to highlight that the biggest milestone was basically the adoption of the final parliamentary report in December last year, which enabled us to put the final vote in the plenary session in February this year.
So, on the 29th of February, the part of the European Parliament has adopted the new EIDAS regulation. And I think also after that, what follows is that today, the Council of the European Union is set to adopt the legislation in the corporate taking place this afternoon.
With that, we closed sort of the legislative process in all its aspects. And then, really, what is only left for that is for the regulation to be published in the official journal before it enters into the force.
And, of course, after that, what follows is, I think, the very difficult part, which is the implementation phase. I think here, and I'll stop with that, here, there are three kind of key ingredients to the implementation phase.
One, as Miki mentioned, now is the time where we will need to work on the development of the implementing acts, I think 40, 47 in total. Second step was the publishing of the updated architecture and reference framework, which happened, I think, about 10 days ago. So we have the third version out and running.
And, of course, in parallel with all this, we have the continuation of the work on the large scale pilots, which are addressing some high priority use cases for the wallet and the reference implementation. So, again, the work from the legislative side of things has been successfully completed. It wasn't easy.
I think we also saw during the political negotiations just how much importance, not just politically, but also from the side of the industry and from the side of other stakeholders, people attached to the concept of digital identity, and also specifically in relation to the issues that pertain to security and the privacy of data. I think these are kind of the core ingredients and the biggest stumbling blocks that sort of, I think, protracted our work in the parliament, because there was a lot of attention, and rightly so, attached to issues of security and privacy.
So this is shortly from my side, and I give the floor back to you. Thank you, Vedran, especially for that look at the longer journey that IAIDIS has been, particularly in parliament, and now moving into a larger community space of input and being able to see this move past just the legislative phase. Where do we stand with IAIDIS and with EODI, the European Digital Identity Wallet, traction and acceptance? So really looking at its presence in people's wallets for citizen identity, and looking into the future at being able to be applied for business use cases for other functions.
Are there any volunteers? Yeah, Andrew.
Yeah, so I think there's been a huge amount of focus in two areas, and there's another two areas where there needs to be a lot more focus. So legislation, as Vedran described, is fantastically well moving along. There's been implementation acts at each member state that have to happen, but they have a time limit they legally have to implement. The other area where there's been a lot of progress is on the technology side.
The two areas, I think, where there are gaps at the moment is the user experience and the economic model, and I know Joran will talk about the economic model in more detail, so I won't go into that too much. But I think my experience in the large-scale pilot consortium that Jen is in is that we had no trouble attracting private sector organisations to join.
In fact, we had to turn them away. We had so many coming in, it was getting crazy, because there's a huge amount of interest in the potential for EIDAS to transform the relationship that businesses have with their customers and their users and to make a whole load of things that currently can't be digital.
Finally, we'll have a way to make them digital. So EIDAS essentially breaks the catch-22 of where's the initial credential going to come from that says that Andy is Andy, and so it's going to really help with that. But I think we need to have a big sell to citizens as well. We need to really ramp up the citizen-selling thing about why is this going to be great for citizens, and why would they want to use it rather than their Apple or Google wallets. So great news that people are using Apple and Google wallets. They're getting familiar with the wallet experience.
Why would they download a government app, which is a wallet, when they could put stuff in their Apple or Google wallets? I think it's got to be better than an Apple and Google wallet. It's got to look better. It's got to feel better. It's got to work better, and that's a big challenge yet to be overcome. So I'll throw it back to you, and maybe you can talk a little bit about it.
Joran, it looks like you're ready to jump in. Yeah, but just to emphasize on all the stuff Andrew is saying, and I think this goes back to the EIDAS 1 as well, and what we've achieved in the past 10 years. Sometimes I feel that the EIDAS 1 was a bit harshly evaluated, because it maybe didn't reach the cross-border volume that we were looking for at the time.
And frankly, I don't think that's a shortcoming of the EIDAS 1, but probably more an overestimation of the real amount of cross-border transactions that citizens do, or at least those that are not maybe personally based in Brussels and travel back every week or go to Strasbourg. In fact, what we've achieved in the past 10 years was world-leading legislation on what are standards for real, trusted, secure, and digital identity.
And I think the general population in Europe has gotten acquainted with what that means in practice, that maybe security is not always a trade-off for good user experience, like Andrew is saying as well. We've gotten accustomed to logging in with federated digital identities, using those in a really easy way with all the organizations or governments that we do business with. So I think there's already been a lot that's been achieved in the past 10 years.
Now, of course, we're going with a bold and ambitious new model of what digital identity looks like for the next decades to come. And so, of course, when we're saying what's the uptake in terms of wallets, it's zero for the simple reason that the wallets, or at least the government wallets, don't exist yet.
Of course, there is a lot of private wallets already available, and in some cases used in closed ecosystems as well for private use cases, but also for B2B use cases. I think the challenge is now really to start getting private sector involved. And for me, that was the big lesson from EIDAS 1, and why maybe we look at EIDAS 1 as not having reached its potential.
In the end, it was a public-for-public type of story, whereas now we need to start finding the incentives for private sector to not only rely on the digital identity wallet, but really to start issuing credentials and creating use cases. And that depends indeed on a good economic model. More to come later.
Jeroen, thank you for adding a bit of that context. Really appreciate that, and telling the wider story simply beyond version one didn't work, now we're on version two. It's much more than that, and really with a lot of successes. I wonder if Annette would be able to jump in there also from that perspective, because there's been quite a lot happening in the travel space between public-private, government, and business before EIDAS 2.0, of course. So what is your take on traction and acceptance here, and how can we get to a really successful future?
Well, the pilots I've been involved in and I know of are mostly public-private corporations. Because if you cross an airport, it's called passenger facilitation, you will pass airport, airline, and government touchpoints, usually. So that needs to work in some kind of a coherent, seamless way. That's very difficult because you would have to share data. Now we have the International Civil Aviation Digital Travel Credential Standards out, the first type, and we're seeing the first pilots happening with that. And in general, people love it. We've seen that.
I saw that when I was involved in the Aruba Happy Flow in 2015 when it started. People love the user experience. It's easy. It's fun. It means you are in control. You can move at an airport. You don't have to wait for somebody to tell you to do something. People love it. Don't always really understand.
And I see, and this links back to a bit also to your previous, the initial question, and I fully underlined what Joran and Andy were saying. I don't think that people always, that the user doesn't currently trust that they are user, they have to be, it's user-centric. And it's a completely different way of sharing your data. And I think a lot of advocacy needs to take place, especially looking at international travel, who are you sharing your data with? And how are you sharing this? You need to understand that you're in control. It is user-centric.
And this is a pivotal shift that needs to take place and education needs to take place. I think not just the commission, but all member states need to really educate that you are in control of sharing. Instead of wanting a service and opening an account and giving all your data that's now stored somewhere, you are in control of how you do that. And that is crucial, not just for AIDAS, but also for possibly sharing it outside of Europe, just sharing it to other countries, because that's what will happen with travel.
So I like to focus really on this understanding of the individual that they are going to use their data differently. They are in control.
Thank you, Annette. Before we get too much further, we have a question from the audience that I'd love to address and throw out to our panel. The question is, would electronic attestation of attributes and e-notary services be linked somehow? Or is the former just referring to a very high-level framework that can apply to varying scenarios involving digital identity? Do we have any volunteers who would like to take this? I can try to answer this question.
Well, electronic attestation of attributes means a lot. So whatever type of credentials you may imagine that you will need in the digital world, that can be an electronic attestation of attributes.
Now, going down to the notary use cases, we need to understand what exactly a notary has to prove and to whom. For sure, a notary has to prove that has a license to operate as a notary. And in that case, of course, an electronic attestation of attributes tailored on this specific case will fit perfectly where you don't need to show your credentials, your papers, that authorization that you are a legal notary allowed to provide certain types of services in which country and under which legislation.
You will be able to use your credential as an electronic attestation of attributes that can be verified where you have to prove that. And all other types of interactions, digital interactions that a notary could have with the customers, of course, can be tailored somehow on electronic attestation of attributes.
Thank you, Vicky. And a shout out to the audience. If you have questions, put them in the questions field. We'd love to take those throughout the webinar.
So, thank you for your participation. Taking a look at what Yoran mentioned a bit earlier, a big game changer here with eIDAS 2.0 is the invitation for the private sector to also participate and to benefit.
So, let's take a look at rolling out EODI wallets. What is the private sector's role here? How can they participate? How are they driving this forward? Do we have any volunteers to take this first? I can maybe start here and then I'm sure somebody from the large scale pilots will add with their practical experience as well. I think the first responsibility for everyone is to understand what do they need to do to start accepting the digital identity wallet and how can they incorporate this in their user journeys.
And I'm not saying it's from a pure compliance perspective because eIDAS 2.0 says that now you have to accept the wallet. It's more about a transformation perspective and seeing can we change the user journey? And we did this for one bank where we mapped that, for example, opening a bank account would take you to, I think, 38 different types of screens where you have to input manually all the types of digital identity information. And even with neobanks, sometimes you have to wait and get that information confirmed.
That we could bring back to, I think it was 12 or 13 different screens where a lot of the information was automated. So that's the power of relying on trusted digital identity and the attributes now available or soon available through the wallet. That's the first part.
For me, the much more interesting and much more exciting part is for a private sector to look at what data do we have? And can we make this available as electronic attestations of attributes or verifiable credentials depending on which terminology you like. And I think a lot of organizations will find that there is value in the data that they have, either monetary, but probably also just for the trust in the ecosystem, for example, to facilitate their users' needs, to reduce fraud in the ecosystem, to bring more use cases that build on each other's credentials.
So for me, it's both relying on the wallet, but certainly also starting to issue credentials where possible. Thank you. Does anybody else want to jump in? I would like to add something here. As Annette mentioned before, the communication is fundamental to make the citizen to understand the benefits of the new framework, the wallet, the credentials and how they are protected and how they can share.
But at the same time, the communication to the private sector is paramount because private sector needs to understand the benefits of this new framework, of this new regulation, the potential that the new trust services could have for cutting the cost, for being able to deliver better services to their customers and to the citizens. Also, the public administration that is obliged to implement the EODI wallet authentication within the services provision to the citizen needs to understand a lot about EIDAS too.
So it should be a joint effort, commission, member states, private sector, public sector stakeholders being involved in this awareness period. So much needed in the short time.
Thank you, Vicky. Would anybody else like to jump in?
Annette, please. Yeah, just very briefly. For the aviation industry, there's been a lot of interest simply because that data that an airline needs to register and check around your identity needs to be correct because there are security implications. So they need to get your API, and that's not the IT API, but the advanced passenger information. And that needs to be a process as easy as possible and as secure as possible, which links to the whole facilitation process, which is all around getting the best passenger experience and having it as secure as possible.
So having early on in the process that correct data that is verified in the form of a verifiable credential gives so many benefits. So in the world of aviation, well, we don't have to promote as much because everybody's aware of this. But I guess in a lot of other businesses, and especially maybe SMEs, this needs a lot of promotion, and there needs to be a clear benefit. I completely agree with that.
And when we set up the EWC, large-scale pilot consortium, we purposefully went for high-frequency, high-volume, recognizable transactions that people, general public, would understand and use a lot, which is travel with payments for travel as well. So we figured out if we can do payments for travel, you can do payments for buying a pair of jeans or paying your gas bill or whatever else. And if you can digitize travel transactions, as Annette's described, then you can digitize all sorts of other transactions as well. I noticed Henk has actually asked the question about high-frequency use cases.
Yeah, because you don't go and open a bank account all the time. It's often cited as a really important thing in the digital identity world because it's very complex and costs a lot of money, and the potential is to transform it like that. I think at the moment, well, speaking personally, Jen, we have 500 million users of our cybersecurity products around the world.
Crikey, we'd love to give them all a digital wallet that they can do cool stuff with in EIDAS land. But we, along with a number of other, well, probably most other private sector organizations, there's quite a lot of wait and see going on. We're tracking very closely. We're investing in the pilots.
You know, we have to put our own money into them as well as do all the other private sector organizations. And trying to understand where our place is going to be because to go to the next stage, like as Jeroen described, a bank having to put on their roadmap a whole bunch of work to transform their business process, that's got to get a higher priority on their very precisely controlled stack of work they've got to do. It's got to get a higher priority than, for example, launching a new type of account that makes them 200 million dollars.
So that's the challenge for private sector is how do you get it up the roadmaps? How do you make it attractive enough for those organizations to say, yes, I want to do this? And one way is to say, well, if you don't do it, you're going to get fined because there is a legislative clause in there that some organizations will have to implement it. And they're kind of working out probably how can they do that for the least possible cost. So I think over the next couple of years, there's a lot of wait and see.
There's going to be a lot of focus on the pilots and what's happening and how we can get this really good combination of credentials for all sorts of use cases in these wallets. And if we can do that, it will truly be transformational.
Now, I can jump in and pull out a few themes that we've brought out already. One is certainly the education piece informing individuals and citizens and customers that these digital flows and digital ways of verifying themselves are available. One existence of that already is with banking apps. And these are quite familiar. And so how does this interface support become a model for wallets here? Or is this simply competition?
Yeah, there's a lot of use of bank ID in the Nordics. And Czech Republic has a bank ID type thing. We run a bank ID equivalent in Canada. And they're all probably thinking, should we be wallets and be able to do EIDAS stuff? And in my experience over the last probably eight, nine years of this verifiable credential world, organizations get very excited about potential for wallets. And they all want to have wallets. And they all kick off innovation programs to have their own wallet.
And it's very rare for those to get out of innovation and into production, because they pretty quickly realize it's really, really complicated. And you see probably a 98% failure rate to get out of innovation and into production for that very reason. It's very complicated, very expensive. So I think it's an easy answer for that one. Everyone will want a wallet, but will they be able to actually implement one? Thank you. Does anybody else want to weigh in here? If I could just jump in. Please.
Yes, please, Vedran. Yes.
Well, yeah, I would just like to maybe go back to this notion as to what are the benefits for the private sector around this new legislation?
And I think I really, from the kind of more consumer perspective, I really see the whole new framework and especially the digital wallets as a really a way to challenge the status quo and kind of redefine the relationship that the consumers have with their, I don't know if you want to talk about financial institutions, their banks, their service providers, whether it's telecom companies, whether it's the utilities, really the wallet in a way becomes kind of an omnichannel platform for seamless and highly secure communication.
And I think this is kind of one of the aspects that the wallet will, you know, if done right, will kind of enable this highly trusted environment where really the companies can reach their users, you know, in a very kind of spontaneous and direct way. Maybe this is kind of the biggest benefit if we talk about it from the perspective of what this means for businesses. So I think there is, you know, I think already now there's a lot of kind of private wallets on the market.
But, you know, these European wallets are I think in their kind of ambition are much more kind of, I think they go beyond just, you know, financial transactions. I think now we're talking about electronic attestation of attributes, you know, about ability to store it inside in the wallet or the wallet to act as a kind of a trusted identification and authentication tool.
Obviously, yes, this brings kind of more complexity also from the technical perspective. So I understand what, you know, Andrew is saying that it's all good and nice.
But, you know, I think the technical work will be kind of a big challenge. And that's why I think also this legislation is so important in a sense that, you know, we are setting really a global standard here. And if things go well, you know, this is going to this is what everybody else is going to be looking at five, 10 years from now and be saying, well, look, you know, this is, you know, this has proven itself to be working in the European Union.
You know, it meets the customer demands. It's user friendly. It's safe. It enhances privacy.
You know, let's use this. Let's not try to reinvent the wheel.
So, again, that's why I think this kind of work on the technical side of things, you know, on the harmonization of the standards, which now have been by far fragmented. You know, this is also one of the kind of positive side effects that we're seeing in the IDES.
So, really, the, you know, more kind of high level abstract policy objective was to streamline also the technical requirements and streamline the standards in order to achieve this kind of full interoperability across the EU. And hopefully, you know, this is the direction that the work, you know, on the next two years, because, you know, it's good to be reminded that the first operational wallets, you know, we expect to see them two years from now.
So, there is still some kind of, you know, way to, there's still some time to go before we see the wallets. So, I think these two years in front of us are going to be crucial in kind of setting really the technical framework to the extent where, you know, companies will be feel confident that they can actually implement these solutions, which now on paper seem quite daunting challenge, which I understand also, but I really think that, you know, benefits are there for the private sector.
And hopefully, you know, they'll be wise enough to recognize this opportunity and to understand what kind of how they'll be able to integrate wallets for the benefits of their own businesses. Yeah. And to piggyback off of that, we have a question from the audience on which verticals or application use cases that would be most promising for those first implementations, which is Vedran, in a sense, what you're getting at. Does anybody want to weigh in on what the really compelling use cases are? I can start there.
From a use case perspective, and Hank mentioned it in the questions earlier, there's a difference between the high trust that are maybe less volume and the high volume but lower trust. So, now you can think of putting a mobile driver's license in your wallet, which will establish a good level of trust. But even my real driver's license, I haven't taken out of my physical wallet in years.
Whereas when we're starting to talk about payments, which could be high trust, high volume, travel, high trust, high volume, especially for the relying party side, maybe I don't fly every day, but I'm based here on Zaventem Airport, the amount of people that I see come in every day, that's certainly for the relying party, a very valid use case. So, payments, but also the lower trust use cases like your gym membership cards, for example, or your public transport cards, that could work on there as well.
And that maybe relates to some of the other questions that I've seen on the chat on interoperability and private sector initiatives. Meaning, when we're talking about the national wallets, those are the wallets that are going to be mandated and covered by EITS too.
But also, there is already quite a few private sector wallets. And so, we have to start thinking about what's the interoperability here. Maybe I don't want to store my gym membership cards on my national or government provided wallet, or I want to use a private sector wallet for this. The other way around, do I, as a government, allow the government data to be issued to a private sector wallet? That's a very interesting challenge.
And one of the ways to look at that and to look at interoperability is maybe not focus on the wallet so much, but more about interoperability and issuing and verifying the credentials themselves. And this already happens. And some of the people in this chat will know we're already doing this with companies like Ping, where we're able to issue different types of verifiable credentials for any type of use case, as long as we do it in the right standards so that the different wallets can accept them.
Andrew, you'd like to comment? Yeah, I think so. We're seeing a really rapid increase in people searching for scam protection tools.
Normally, we monitor all this stuff to see who's looking for what, for our product set and so on. But the rise in people worried about scams that are triggered by what is becoming weaponized AI is really significant. And this is quite recent. We're seeing much, much more sophisticated AI-driven scams happening. And if the IDAS wallet is going to do anything, it's going to enable people to trust who they're dealing with online for any type of transaction. So I don't think there's any particular use case. You could have gym membership. You can operate a tower crane.
You could have the fact you've got a PhD, et cetera, all of these things. But what they're all doing is enabling trust to happen digitally between two parties. And I think we're going to see a rapidly increasing concern from citizens about the potential or the actual scam operations that are now being run by AIs that are far more sophisticated. And they're only going to get better or worse, actually, or more effective. So I think that establishing trust between two parties is the killer use case. And then what do you want the trust for? It's to execute a transaction or do something.
But if you can use it to establish that trust and verify you're dealing with the real Annette, and she is who she says she is, and Annette can verify she's dealing with the real KLM airline or whatever it might be, I think that's going to be a huge step forward to demand. We're seeing it shooting up right now. It's only going to get even higher. So we could solve something really important there, I think. Absolutely. We have quite a few questions from the audience.
I'm going to direct our conversation back there and pull from something that you're on mentioned, which is needing standard interoperable standards to be able to issue and verify different types of credentials. And that brings us to a question of wallets, which are using proprietary web APIs. And so how is this multi-wallet world going to be navigated where we have some proprietary wallets, which are intentionally not very interoperable, interfacing with our government solutions, our private life solutions?
Yeah, they won't get certified, I don't think. So they won't be able to hold and they won't be able to be an EIPAS wallet if they're not interoperable. Is that right? I'm pretty sure that's what the legislation is intending. I'm seeing some nodding heads around. Anybody want to weigh in?
Well, Apple would be a good example of a proprietary wallet with a sort of theoretically interoperable protocol, but proprietary APIs to get stuff in and out of it. So it'd be interesting if Apple were to create or Google or both were to create an EIDAS certifiable wallet, that starts to get really interesting. So that means they're into open sourcing everything. I think from the user's perspective, what's most important is they need to see a logo, which is as recognizable as a Wi-Fi logo or a Visa logo or a Mastercard logo. They see that, then they know they can use it with confidence.
That's all they're going to be looking for. So we have to hide away all the technical stuff underneath. The user wants to see, ah, can I use this thing here? And to make them confident to do that, you need all of the underpinnings around governance and trust frameworks and interoperability and all that kind of thing. Thank you. We've got a question.
Oh, Vicky, yeah, please. I would just add a comment here to end this point. So I don't think it's enough just to have an EIDAS sort of wallet certification so you can start using it and pushing credentials inside. Because the latest form of EIDAS 2 stated that the UDI wallet must be issued by the member state or by an under mandate of a member state or by a private company recognized by the member state. So it's not like Apple can certify independently its wallet saying starting day one, you have Apple wallet EIDAS compliant, so go use it.
Perhaps Vedran can comment here, but this is my understanding. So I think that's absolutely right. That's a layer of correct reading both from what Andrew and Vicky said. And I think also, you know, I think what is sort of coming out also as a consequence of this new legislation is that there is, I think, generally there's a growth in interest of digital wallets. And I think we're also seeing kind of a healthy competition between the both private providers and those that are going to be more leaning on the public side of things.
And I think this is really the ideal scenario where, you know, one is driving the other to innovate and not to kind of, you know, stay put and continue just doing business as usual. So I think, you know, there's going to be a lot of adoption from all market players to adapt to new realities, which inevitably EIDAS is going to force them to kind of rethink their existing businesses. And I think that's a good thing.
And also, you know, there's a lot of things, kind of discussions going in the direction where, you know, people are asking, well, how are these private wallets going to coexist with these public wallets? And I don't think there's a clear answer to that. I think this is also sort of a question that, you know, it's going to become clearer with time. We need time above all to see how this is all going to play out. We don't have all the kind of answers at this stage of the game. And I think that's normal.
And we just need to kind of acknowledge that, you know, it will take a few years before we kind of start seeing the long term effects of EIDAS 2.0, right? It's not so clear right now. But I don't see any kind of inherent, how would I say, inherent conflict between the private and the public, because the private ones will certify certain functions that maybe the public ones won't be able to provide to the users.
You know, one use case would be that maybe, you know, as I travel, maybe I will continue using my Apple wallet to store my boarding passes. And then, you know, at the same time on my on my phone, I will continue using my public wallet, you know, to identify myself in a way that I perceive to be more trustworthy and secure. So I think they can kind of continue to coexist on my phone, whereas, you know, each one of those two wallets will serve a different function, you know, and I think that's fine. I don't think the, you know, EIDAS 2.0, they don't need to cover every possible use case.
Obviously, the more use cases, the more functionality that, you know, European digital wallet can provide, the better for the users, because I don't also want to be in a situation where I'm locked in into a certain wallet. And, you know, I can only use it for a specific use case.
So, yes, the more functionalities, the better. But again, you know, if they don't, if the public wallet doesn't provide for functionality, I can seek it out in a private wallet. And I think that's perfectly fine at this kind of scenario where both private and public coexist. I'll jump in, guiding this slightly differently, but parallel on qualified trust service providers.
So, for this group, what benefit do they have out of a wallet and how do they fit in here? I can pick this question.
Yes, of course, as a trust service provider, I think I have some ideas. Well, first of all, the implementation of the EUDI wallets within the trust services provisioning will alleviate the requirements regarding identity verification that we are required to do in a very secure way and to be sure that who we are identifying is the person who claims to be in order to issue a digital certificate for electronic signature, for instance.
Now, switching to ID proofing based on the EUDI wallet will be for sure a benefit for the trust service providers. However, we have to take into consideration that the citizens are not obliged to adopt the wallet. So we don't expect that once the regulation will be enforced and implementing acts ready, we will move to EUDI wallet-centric environment completely because we have to take care of any scenarios possible. So the identity verification part will continue to coexist forever for citizens having a wallet, for those not having a wallet and relying on different sort of mechanisms.
So it's a complex situation for trust services provisioning. We have to assess very carefully the new requirements, the technical part, and how to keep a balance between one scenario and another in order to be able to provide services to all sort of citizens, not only to those digitally native born.
Thank you, Vicky, for taking that. We're coming close to the end of our time and we have so many questions for the audience. So I want to say a quick intermediary. Thank you for your interest here, for voicing your opinions and your curiosities. We want to keep the conversation going. So if we don't get to your question today, we'd love to continue this discussion at the EIC, which you can be at in person or virtually. There's a great wrap-up question from one of the audience members looking at a five-year gut feeling.
Where are we going here in terms of adoption, given the change management that's required, given the network effects to see the benefits? Maybe we can do a round robin, starting with Andrew, and give your outlook.
Yeah, five years time. I think it's going to be quite binary, actually. I think it's going to be an enormous, massive success that then gets repeated around the world and everyone's just just uses their digital wallet. I'm talking about the EU wallet here. Just as a matter of course, they just use it automatically because it's so much simpler and easier. It becomes as simple as tap to pay, for example. So I think it's only going to be that huge and brilliant, or I think it's going to be zero, and Apple and Google will rule the roost. So I don't really think there's a middle ground here.
So that's my opinion. I think we've got to watch very closely the mobile driving license directive, which has... There's a new...
Sorry, mobile... There's a revision to the driving license directive to take into account mobile driving licenses that's happening. It's a little bit behind the IDAS legislation, but there's a potential... Some of the wording in there is a bit loose, and it could, the way some of it is written, allow driving license authorities to issue mobile driving licenses into Apple and Google wallets. And if that happens, then people's... The attractiveness of an EIDAS wallet drops, because I could probably do 80% of my ID requirements with a mobile driving license in an Apple or Google wallet.
So I think we need to watch that one very carefully. And I think as that revision goes through the process, if that language is tightened up to say something like, member states will only issue mobile driving licenses into EIDAS certified wallets, then that will help things a lot. But there's a little danger under there as well, just to watch out for.
Thank you, Andrew. Jorrit?
Yeah, I'm just going to take the complete opposite view of Andrew, not just to annoy you, Andrew. Although on the long term, of course, you are right, it is a binary thing. Our sort of working position for the next five, 10 years is we'll live in a hybrid world where the current EIDAS will coexist. Let's say the Web 2.0 world, the federated world together with the wallets.
Slowly, we'll probably move towards that wallet-based ecosystem. But the solutions and the processes that we're now building for our clients are based on that hybrid Web 2.0, Web 3.0 world. That's for the medium term. Like I said, in the long term, we're really betting on these wallets as becoming a success and then mostly looking at the credential and verifier...
Sorry, the credential issuer and verifier services. And that's maybe a good thing to close off when clients of us ask us, what do we do with this now? What can we do today? Our advice is always, you know, start doing. You can start doing this today. There are perfectly good working solutions and we're happy to help there.
Thank you, Jorrit. Vedran? Yes. It's hard for me to answer this one. I think for me, yeah, I think we need still some more time to see how this will all play out. But I think in general, EIDAS 2.0, I think, enables a lot of people, innovation, a lot of different use cases. And I think for a lot of use cases, we don't even know that they exist at this point. I think a lot of use cases will really kind of evolve over time.
And, you know, at some point, you know, I think right now we're still kind of stuck on traditional use cases like payments, identification. This is all nice and handy, but I think this legislation can do much, much more than that. And I think in the next five years, you know, we will see some really crazy new innovative solutions coming up that we didn't even maybe have on the radar right now.
I think one of the use cases that maybe come to mind that, you know, something that was kind of discussed briefly as we were working on the legislation, but never really picked up is really, you know, integration, for example, of the wallets with the IOT devices. You know, this is something that, you know, a little has been really talked about, but, you know, I think we see the numbers that, you know, if we talk about IOT and, you know, a lot of our IOT devices on the markets today are completely unprotected and they protect and they present really a huge cybersecurity risk.
And I think, you know, if we can manage to kind of integrate, you know, the eIDAS 2.0 and kind of IOT devices into this highly secure environment, you know, I think that can also kind of lead to innovation. So as I said, it's hard to predict, but I think the future is quite optimistic, at least from my perspective, and the best is really yet to come when we talk about this. Thank you.
Vicky, what's your take on this? Well, how do I see in five years from now eIDAS 2.0? I would see it rolling out outside the European Union for sure. As eIDAS 1 was a successful model for the trust services provisioning and was adopted by other countries outside the European Union. I expect to have the same for the new identity framework with the wallet, digital identities, all sorts of credentials. And I'm pretty confident that that will happen sooner than five years from now on.
From personal perspective, what I would like to have in less than five years, to have the possibility to combine all sorts of credentials as a citizen, but also as a representative of a company, because we don't live our lives separately. We don't have a boundary between personal life and professional life. And most of the time we need to combine those credentials. So being able to do that will be great for myself personally. Thank you. Thank you. And Annette?
I think that for looking at the citizens, if there is understanding and if there is trust, I think it will help whether these enormous changes that are coming to us digitally, that for some people are not fully grasped anymore. AI happening, as Andy said, there's people thinking there's more scams coming their way, probably are as well. So there it could be really help them in a trusted way, find their way digitally. That has a big potential, I think.
The other thing I'm very interested to see what will happen is that if the European wallet has a very strong start, what will the PIT mean outside of the EU? Will it be trusted? If it is a trusted wallet given to you by the PIT is given to you by the government, if I'm in Canada, they may say, well, then that's good enough for me. But then how does that work? I'm very interested to see what other countries will do.
Of course, you need relying parties there. But I think other governments will quickly say, we would love to receive it and see how that would, what that would happen. And then I agree with Fedra. And I was thinking the same thing. I think in personally, I think in 10 years time, we look back on this, and we're laughing that we couldn't think of the use cases that we're seeing, and that we couldn't think of it right now, 10 years ago, because there's going to be use cases that we can't think of. And that'll be that'll be so simple. And we'll be like, why didn't we think of that?
And that will really make a huge difference. And I don't know, but that's what I think.
Thank you, Annette. And thank you to all of our speakers today and our panelists. This was an incredibly full discussion. And we didn't even scratch the surface. So there's so much here to discuss more economic models. We didn't quite get to a lot of the questions from the audience, we were able to talk through some, but there's, there's a lot here. So I want to remind you, each of our panelists today will be at the EIC. So bring your questions. And we'll continue to the discussion there. Thank you to the panelists here today for your time and your expertise. Thanks for the audience.
And I'm very happy that you are here today. Thank you very much. And I hope to see you at EIC. Thank you. See you soon. Thank you. Thank you.
