So, we do not see the third panelist right now, but I hope he can join. But let's just start, we only have 20 minutes with a short round of introduction, and although we do not know yet what we are already talking about, I would like to ask you for a short statement which is of importance for you when it comes to that topic that we will be covering and maybe we understand it afterwards. Maybe starting with you.
So hi, thanks for the invitation to talk about the Electronic Ledger Regulation. In fact, this is what motivates me. Four years ago, approximately, we had the challenge to be able to provide a legal basis for the electronic ledger technology we were using already for supporting identity management. This is now a reality and it's something exciting. Today we will be discussing all of that. Thanks.
Hi, good afternoon. So in this context, I'm here more from the technical side. Not only that ledgers are theoretical and have legal backing, thanks to some great people here, but we also implemented a lot of things in the context of the European project called European Blockchain Services Infrastructure, where I'm one of the architects of that project, and we are really happy how it evolved over the years and everything we learned from the different use cases and the ecosystem we managed to establish.
So I'm happy to discuss also about this application layer that can be then built on top of such technologies and solutions. Right, thank you. And Steffen?
Yeah, my motivation is easy. Our National Cyber Security Authority said you're not allowed to use DAT as long as we don't have proven security. As we have several use cases in place, my motivation is to enable DAT to be used in regulated environments, and for this we need to integrate it into EIDAS to have then the conformity assessment by conformity assessment body, and so the possibility to use it across Europe.
Great, thank you. A quick question to the team down there. So the fourth participant will not join, I cannot see him yet.
Okay, we'll keep that. Okay, usually when I do a panel, I ask the same question to all the people, but this doesn't make sense when you want to explain things. So I just want to kindly ask you to answer the technical questions one after the other, just where you think it makes sense.
Also, we want to educate, and I think that is important. So EIDAS, what's the role of the electronic ledger within EIDAS? Why do we need that? And you said it needs to be certified, it needs to be stable, it needs to be trusted, but first of all, what's in there? Why do we need it?
Well, perhaps because this is more regulatory, I can take this question. So the idea is that at some point in time, we needed to establish a legal effect for this new kind of artifact. So we were using a technology, this technology was based on a certain set of properties that was nice, but the fact is that we didn't have any legal effect, and as Stefan has said correctly, it was very difficult to put the project into working.
So the EPSI is supporting a lot of use cases, some of them are related to identity, that's true, but there are many, many more, and it was difficult from the European Commission perspective to put this to work, because there was no legal basis. And if you're in the European Union, if you do not have a legal basis, if you don't have a legal effect, and if you don't have a supervisory structure, then it's quite difficult. And in fact, inside the project, because I was in charge of defining the legal instruments, we decided that it was possible, actually, to define this as a new kind of service.
But it was quite a challenge, because it was supposed not to be any provider at all. You know, blockchains are working magically with no providers. But that's just true. Of course there is a provider, in this case, it could be the validator node. So we needed to regulate this, so we could convince governments that this could be a supervised infrastructure. That was the main motivator for this, and this is why now we have the electronic ledger with a specific definition, requirements, legal effect, and supervisory model in the EIS2 regulation. Right. We will dig deeper into that.
Any things you want to add to what you just explained? Yeah. I think you asked the question, what's the role of EPSI or ledger in eIDAS? I think we have to differentiate two different roles, yeah? We have the well-known Section 11 in eIDAS, and we have the other qualified trust services, and we have the UDI wallet.
And we have to differentiate the utilization of an electronic ledger or EPSI as an infrastructure for an UDI wallet, or any other qualified trust service for the assurance of attestation of attributes or certificates for signatures, or as an infrastructure for integrity proof for archiving. This is one subject. In this case, the security will be proven with the conformity assessment of this qualified trust service or the UDI wallet. And then we have the qualified trust service provider for electronic ledger.
And it's important to keep in mind, the QTSP for ledger, according to Section 11, does not cover signature, seal, attestation of attributes, wallet, et cetera. Anything which is not covered by the wallet and other qualified trust services. Which means with QTSP for ledger, we cover subjects like traceability, supply chain cases mandatory by law since April this year in Europe. We cover subjects like tokenization with this, and we cover subjects like, for example, digital Europe.
And now you can see maybe the role of EPSI, we can combine digital identity on one hand and the transaction on the other hand. So I know who owns HeyJudy, and I can sell the ownership via a token in the same infrastructure. And this is something we can't do with the existing infrastructures, this is something we can do with DAT. And if we then get the legal value, we also will achieve the adoption.
Yeah, maybe just last point, I would like to touch the last point of Stefan. Actually, this is not only theoretical, but it's actually been proven that, because EPSI has been started way before latest EUDI regulations and so on and so forth, and it's been proven that it can simply work with the existing IDAS regulations. So it's perfectly possible to combine the existing identity system with use cases that built on top of EPSI that has a DLT as a basis.
Okay, so there's this term qualified ledger. So everything that you described right now, does this make a ledger qualified or what is the added value of the term qualified in that case?
Well, if I may, qualified is a legal abstraction that we have for all true services, meaning that the true service fulfills a series of requirements. Once you have these requirements that are oriented to determining the security of the service, then you can go through a particular legal process where you get the kind of permission. This is called qualification. Once you have something qualified, then typically the legislator will give this qualified artifact a legal effect. For instance, a qualified signature is the same as a handwritten signature.
In this case, the legal effect of an electronic ledger is the proof of the chronological order sequence of transactions, meaning that, as Stefan was saying, if you have a series of a market organized for selling tokens, then you know that the last possessor in the chain is the owner of the legal rights. And because you have a legal presumption for this, you don't need to discuss in court. And this is very important because not only will it allow us to run into regulated markets, but it will spare a lot of money in proof.
So in terms of legal thinking, in the European Union, the only thing that works is that artifact which is qualified. Right. Just a quick reminder, if you have any questions to the team, just drop them into the Q&A section of this session. I will ask them. So everything that you want to know, I will pass on to that. I know there's a legal requirement to do so, to have this infrastructure in place as it has been created right now. Are there specific use cases that you think make only sense in that context with the EBSI, with everything around that?
What would be the use cases that we can take home to say, yeah, now that works? Maybe Stefan? Yeah. I think there are two views on this subject. One view is a bit, I put the EBSI on my head and say, we have a functioning ecosystem. It works for diploma in several countries in Europe. It works also for the traceability. So we could be a bit hard and to say EBSI works without the UDI wallet, but UDI wallet needs ecosystems to work. So the question is a bit, who needs who in this case? If you speak about use cases, one use case is, like I mentioned, the traceability.
So supply chain are cases we currently pilot within the Trace4U project. Subjects like digital product passports, which is mandatory by law, as mentioned since April this year within EU regulation, like tokenization in the subject I mentioned. And the most added value of DAT we get when we combine identity with the transaction in one ecosystem where we can make evident the identity. So who owns something and also the transaction itself. And I think the third option is the trusted issuer registry. So we all know our trust list. It's a good old XML.
If I think a bit in the future where we have at least 31 UDI wallets plus X plus QTSP for attestation of attributes, which will be much more than we currently have, I would doubt a bit if our good old XML list is still scalable. And this is also something where EPSI could help. And then you have everything in the same infrastructure. The identity, the transaction, as well as the trust list. And this is really something that we could give added value. And we can make transaction in the DAT evident against third parties.
And in this case, EPSI would be the first infrastructure, one of the first infrastructures in the world where we have this. And the last part I wanted to say is in EPSI, the main nodes provided by the member states and on top of this network, we built the application for QTSP. So attestation of attributes issuance or traceability, et cetera. But this means we always rely on governmental trust anchor. And this is something we don't have with existing QTSP. Here I have the PKI from a private entity only.
In EPSI, I always rely on a governmental trust anchor. And this is an additional trust. We don't have existing infrastructures. Right. You're nodding anything to add from your side or did he cover it all? Just one thing.
So this, what Stefan has explained is particularly important when you need identity bound to smart contracts. So this is the point precisely. The idea is that with the EPSI, and you know that the EDIC has been very recently created, we will have an infrastructure that allows us to do identity related to on-chain activities, which is quite different from identity for non-blockchain activities. So this is something we need to put the focus on, because otherwise we will not take the advantage of the tokenization economy.
And there are a lot of use cases where we want to have a digital sets economy that we need to put. And I know that ETSI, for instance, is working now in standardization items for identity bound to smart contracts. And we need to look at this carefully to complement the current initiatives around the European Digital Identity Wallet, which are mainly focused on non-chain activities. Right. So now we understand why it is there. We understand that it's an infrastructure, but who runs the infrastructure? Who is controlling the nodes? Who is responsible for running the nodes?
What are the governance aspects for making sure that everything that you just mentioned is taken care of? I will take this again. But then I want Alan to go deep in very interesting things he has to say as well. So the one discussion we've had in the EPSI project for a long time is who was the owner, who was able to put this into production, who was the liable party. And as you know, the European Commission has no legal personality. So the European Commission cannot sign contracts for running nodes.
And this has been very recently solved, as I said before, by the creation of the European Digital Infrastructure Consortium, which will be the owner of EPSI. This is formed, as Stefan has advanced, by member states. It is hosted by the Belgian government. And this means that we will be having an infrastructure through a project which is called EPSINE, which is funded by the European Commission, that we will be achieving more than 30 nodes, meaning that we have a resilient network. And we will be having the possibility of selling services.
The European Commission is continuing to fund the initiative, but it will be made sustainable from an economic perspective, because then we will need to charge by what we are doing. And the idea is that this could be the legal way to qualify the blockchain as a whole, meaning that instead of having 40 qualifications, we only have one qualification, one legal entity providing services with a governance structure. I have to say that this means having a centralised ledger somehow, because the governance is centralised. It is a consortium after all.
But the idea is that we have distributed technology, we have secure technology, we can support different ledgers, so we can support different kinds of use cases, and therefore, depending on the initiative, we can do one thing or different things, with full legal validity. Right. Anything to add from your side?
No, no. I mean, at least today, the nodes are really run by entities that are recognised by member states, and basically, the distribution is such that no member state has full power or control over it. So the network is not only resilient by design at the protocol level, but also we have a lot of member states involved, so that we have a really nicely distributed network of node hosts. Right. Great. We have a question from the audience. I've just read it out. It seems to be a bit controversial. When will the requirements for qualified ledgers be published?
And prior to publication, is there any route to engaging and shaping these? Seems to be. Who wants to step in? Yeah. The status is we are working on this subject in several EU projects. One is FC Vector, the other one FC&E, so it's pretty much the people here on the panel and the person we are missing. So it's actually working on the subject and also shaping it in the European and worldwide standardisation committees. So I think the easiest answer is according to the timelines in EIDAS, the implementing acts for the qualified ledger have to be there by April next year.
So this will be the final date when those requirements will be published. But if anybody of you wants to take part in the standardisation committees, just contact us and we will be happy if you contribute. Just a quick note. The legal requirements, in fact, they are already published, so it is the technical requirements and the reference standards. And please do not expect that any blockchain technology is in there. Probably only a subset between the family of DLT technologies can be easily qualified.
So when we say that we have created this for EVSI, it is because somehow it is possible to qualify EVSI. Other networks, we don't know, but we only wanted to qualify EPSI, you know.
Okay, great. Thank you. We have three minutes left and you've mentioned that before, that it's this pair of the infrastructure plus the wallet and those interacting. So I've learned that there is no conformance testing or no really making sure that a wallet is compliant with, but there is a conformance testing. That's the way around. What is the future of an EVSI conformant wallet in relation to EU DI wallets? So what can we learn from that and what will be the effect of what you've done already for the future? Maybe I can start with that.
So especially one role, so when we talk about ledgers, so the IDAS regulation or the regulation is addressing the qualified ledgers, right? But then we need applications that run on top of ledgers, right? And one of the most prominent use case was actually about verified credentials, verified credentials exchange, where the ledger plays a role of like public root certificate directory that allows us to publish and effectively distribute important information.
However, when the project started, most of the standards were quite immature. So EVSI played an important role in being like a stable anchor in this sea of ever-changing standards when it comes to digital wallets and protocols. And in that context, basically a conformance testing has been established, which just means that we have a set of requirements and we have a wallet that conforms to those requirements, but there's no certification like ETSI and QTSP, so on and so forth. And basically, all this works for a very, I would say, vivid and wide ecosystem of wallet providers.
So now really the question is, if I refer back to Stefan mentioned nicely, that one can live without the other, but what can we learn from all this effort and how can we make sure that the ecosystem has some continuity and that the use cases that already built on these technologies basically gains additional recognition and then be easily integrated into like new wallets and standards, so on and so forth. Okay, great. Thank you very much. Anything to add from your side? Running out of time and there's lots of questions and good questions. They seem to be anonymous.
I don't know what's happening here, but I'll hand them over later on. But any final thoughts from you to add?
Yeah, I don't want to leave without saying an additional thing. Remember that blockchains, thanks to the regulation, are now legal, even if they are not qualified. And this is a quite breakthrough. The European Union is the first place in the world where we have regulated ledgers for all use cases.
Qualified, with legal effect, non-qualified, with the right to go into court and prove something that was not ensured before. Great. Thank you very much for these final words. Thank you again to the team. Sorry that Daniel could not join us. I received a message while we were talking, but he couldn't dial on. But I think we've managed it anyway, and greetings go out to Daniel. Thank you very much to the team. Thank you.
