We wanted to share some of the work that we're doing to help make it possible for people to use GOV.UK Verify to identify themselves when accessing services in other European countries.
The eIDAS Regulation
European member states want people to be able to identify themselves online for digital services in other countries. Recently, a regulation has been passed in Europe to allow this - the eIDAS Regulation.
Context: The digital single market
The European Commission’s work in this area is is part of a wider programme to create a digital single market. Identity is an important part of the digital single market because there are some services that can only be offered digitally if providers can reliably know who the user is.
Impact on users
The regulation means that it will become possible for people in the UK to use GOV.UK Verify for online public services in other countries. This could include car registration, paying taxes or setting up a business in another country.
Looking beyond the eIDAS Regulation, in the future people may also be able to give consent for services to access information, such as health or education records, wherever they are in the EU. This could be important when seeking medical assistance abroad or applying to study in another European country.
Now the regulation is agreed, we're working on the technical infrastructure to make this all happen. This will take a little time whilst both public and private sector service providers adapt and develop cross-border services.
Setting standards for the EU identity assurance market
The Regulation has not prescribed specific technical practices - as we're doing in the UK, it takes an outcome-based approach to build confidence and trust between countries. This means that each country can use their current systems, while not preventing others from taking advantage of future digital and technological developments.
EU work with the private sector
This European progress also has great potential for the private sector, both as identity providers and as providers of online services.
In the UK, we work with the private sector through the Open Identity Exchange UK (OIX). This enables us to explore how organisations could develop new services to make use of GOV.UK Verify. Following on from our work on the eIDAS Regulation, we hope this sort of engagement will be possible at a European level too. This work could help to build trust in the sharing economy, make it easier for you to use banking services across border and also contribute to speeding up your journey through the airport.
2 comments
Comment by MarkK posted on
The regulation is not needed to allow cross-border use, but it does force acceptance in specified public-sector cases. Does this blog constitute notification of HMG's intent to notify (and thus accept the associated liability) so UK eID must be accepted at relevant levels? If so, the timescales suggest it should be mentioned in the IDAP2 procurement.
Comment by Janet Hughes posted on
Hi Mark, thanks for commenting. The idea is that the Regulation will help make sure that different national approaches within the EU will be interoperable, so although it is not needed to allow cross-border use in general, it will be helpful in making it more straightforwardly feasible.
This post isn't a formal statement of the UK's intent to notify GOV.UK Verify - that decision won't be possible until after the implementing acts have been finalised. There is a lot of detail being worked through as part of that process. For example, once that work is completed we'll be able to map the UK's assurance levels against those contained in the implementing acts.
The details of our next procurement will be announced shortly - we're finalising them now. However, based on what we know at this stage we would expect that any direct impact on certified companies is unlikely to be significant and will not take effect for a while yet (because we the regulation won't come into actual operation until the implementing acts are finalised).