The Cloud Signature Consortium is delighted to welcome two new members, TunTrust and Evidos to the association. With these two additions the membership of CSC has reached 38.

The first CSC members from the Maghreb region , Agence Nationale de Certification Electronique – TunTrust is a government-owned certificate authority of Tunisia. TunTrust is a leading actor in building trust in the online environment at national level. TunTrust provides trust services for public and private entities and individuals in accordance with the ETSI and the Webtrust requirements.

Evidos stands for Evidence in Online Services and is a market leader in providing digital signature and digital identity solutions. The company has already for 20 years been involved in contributing to the digital identity eco-system and offering cloud services for digital identification and signing. Evidos founder, Kick Willemse, was involved in many standardisation groups, like international board member of the OpenID foundation and eIDAS.

We look forward working together with our two new members and by coming from different spectrums of the sector, TunTrust and Evidos will undoubtably provide valuable insights and expertise to develop the consortium further and increase its global reach.

From being an abstract concept, to an ever-present topic of discussion, digital transformation has become a reality in our everyday lives. With the realisation that this shift towards a digital workspace will be a constant part of our lives, businesses and private individuals are now both searching for guidance on how to adapt to this new way of working, and are finding that digital signatures have an enormous role to play.

Over the past few months, members of the Cloud Signature Consortium have seen a marked increase in interest in remote digital signatures as businesses seek new ways to operate. Current events have shone a spotlight on pre-existing inefficiencies of business workflows and highlighted the need for digital tools that allow companies to adapt to the remote working environment. But many businesses continue to be hindered in their progress by persistent knowledge gaps around the different types of digital signature available, confusion surrounding their legal impact, and what benefits that this technology can actually provide.

What has also become clear from this influx of requests is that CSC can have a leading role in providing the information and practical and technical support required by businesses as they embrace the accelerating shift towards a digitalised economy. Even if digital signatures were not a priority for many companies before, they are now seeing that remote signing and identification technology has become a vital part of the business landscape. This realisation, that many existing processes and structures need to be re-evaluated, has led many businesses to search for expert assistance and guidance regarding digital transformation, an area in which our Consortium is ideally placed to help.

“As a community of leading businesses in our regions and countries, we have all seen this increase in interest and demand for digital signatures as a proof of concept that they really do add value to organisations. The increasing number of transactions we have seen is a clear indication of this,” says Andrea Valle, President of the CSC. “We should promote this and explain that, if businesses are reluctant to adopt electronic signatures, we must demonstrate that this technology will be essential to all kinds of business moving forward”.

While CSC, and its standards, have a role to play in achieving this, we also recognise that the current business landscape has a diverse range of complex needs. Therefore, one of the main challenges for providers is to make digital signatures easily accessible and to cater to all business audiences, purposes, and the most stringent legal and cybersecurity requirements. The CSC can take the lead in promoting tailor-made services and products to ease clients’ digital transition.

Additionally, CSC members have reported fielding many questions from new and existing customers regarding what digital signatures actually are and how they can help their businesses become more efficient.  Most importantly for many companies, understanding the legality of remote electronic signatures is an area where there remains uncertainty for customers despite the strong legal foundation that has been provided by the EU’s eIDAS regulation.

As a global coalition of experts on remote digital signatures, the Consortium has a crucial role in educating customers on the value of adopting digital signatures and explaining the sometimes complex legal frameworks. As part of our response to recent events, these two themes will act as a starting point for the Consortium’s future strategy, projects, and activities in the year ahead.

“The companies that derive the most benefit from deploying e-signature technologies are the ones that take time to understand the different technologies and how they apply to their business. Digital signatures really rely on a good understanding of the legal context in which they are being used, especially if that context is cross-border,” says John Joliffe, Adobe’s strategic development lead for Adobe Document Cloud in Europe. “While organisations can get guidance from several sources, including their in-house counsel, our members have all witnessed an increased need to provide guidance and assistance to companies who are rapidly digitalising their workflows.

CSC members have agreed on the continuing need to educate the market in this area, to reassure users that adopting remote electronic signatures will increase the efficiency of their companies, while also safeguarding the legality of any agreement that is remotely signed.

In addition, supported by our recent partnerships with ETSI and the FIDO alliance, the Consortium will continue to develop in parallel the CSC Specification to facilitate the global interoperability of remote signature solutions.

Want to find out more about the Cloud Signature Consortium? Get in touch via the contact form on our website.

The Annual General Meeting

This years CSC Annual General Meeting will take place Thursday the 4th of June from 2pm to 3pm CET.

 Due to recent events, this year’s AGM  will be held virtually, and will focus on key updates and news. In addition, CSC President Andrea Valle will lead the discussion on the strategic vision for the association and the sector in an strengthening digital society.

The full agenda, supporting documents, and videoconference call details, will be distributed shortly to all registered participants. We encourage each member to attend the AGM with their senior representatives as well as their business or technical manager.

Not attending? Make sure to nominate a proxy!

If no representative of your company is able to attend , please appoint a proxy so that your company is represented. For those who cannot attend due to scheduling, time zone, or other difficulties, a private recording will be made available to you after the meeting has closed.

Should you have any questions regarding proxy nominations, please contact us at info@cloudsignatureconsortium.org

We will look forward to seeing you all in June!

CSC Members are invited to join us at the CSC digital Member Roundtable on: Promoting the Crucial Role of Digital Signatures in a Smart Digital Society on the 19th of May at 14:00 CET. This 45-minute digital roundtable kick-starts a CSC Member Consultation on how to more effectively promote the role of digital signatures in our transforming society. 

The Rountable Speakers

Programme:

  1. Welcome & Introduction (CSC Secretariat)
  2. Putting Digital Signatures on the Agenda: CSC Member Success Stories by:
    • John Jolliffe, Senior Manager at Adobe,
    • Paola Monti, Marketing & Communications Director at Intesi Group,
    • Warren Blackbeard, Head of Sales at Impression Signatures,
    • Ronald De Temmerman, Vice President of Strategic Sales EMEA, GMO GlobalSign.

The presentations will be followed by:

3. Ensuring our Place at the Table: Member Discussion on how to jointly promote the importance of digital signatures for creating smart digital societies.

About the Roundtable:

 The sudden and forced switch to remote work – overnight and en masse – has turned a painful spotlight on the inefficiencies of our digital capabilities. At the same time, the global crisis has highlighted the great potential of smart digital work, providing more impetus to the much-needed argument for a digital transformation in our societies. While companies rush to create effective remote working environments, key political players such as the European Union push increasingly for accelerating the digital transformation.

Digital signatures – enabling private and public players across all sectors – are one of the key enablers of such a transformation. The Cloud Signature Consortium – as the independent voice of the sector, representing cutting-edge digital signature providers worldwide – can play a key role in informing, educating and supporting private and public stakeholders on their path to digital transformation.

Let’s join forces to ensure that our sector is part of the discussion!
Click here to register for the roundtable!

Viky Manaila, an international expert in the field of electronic signatures, digital identity, and digital transformation processes. She is a member of several high-level working groups set up by the European Commission and ETSI that aim to align policies and operations around the implementation of digital trust services, digital identities, and cross-border recognition. She recently joined to CSC as a Board Member

In this interview, Viky talks to the CSC Blog about her perspective on current and future industry trends, as well as the regulatory requirements on eIDs.

What are the key challenges to the development of digital identity and digital signatures by ID providers?

Digital Identity and Identification are the key challenges to the digital world that we are all living in today. Technology has profoundly changed the ways in which individuals, organizations and devices digitally interact with one another. Telemedicine, electronic prescriptions, digital banking, government services are all now offering personalized experiences with exceptional delivery times that were unimaginable only a few years ago.

In recent years, companies and governments have been reinventing their digital identity services. This has meant that the protection of sensitive personal data has become the foundation of the trust that users place in service providers, who have the duty to ensure that the digital identities of their customers are not misused or stolen. Within this context, digital identity security has become a top priority for digital services providers, which has created alternative business models that have resulted in the emergence of new market players.

As a Qualified Trust Service Provider, Intesi Group has redesigned our relationship with our customers by being able to meet their expectations of having a seamless online experience that is devoid of friction. Identity verification is a critical step in the process of issuance of digital certificates for electronic signatures. In the past, digital identity was one of the most significant barriers to paperless business, with users having to be identified in-person. Therefore, Intesi Group has developed and implemented innovative solutions that allow for cloud-based certificates to be issued in minutes directly from signing applications, whilst always remaining compliant with the E.U.’s eIDAS regulation.

In order to simplify the identity verification phase of issuing digital certificates, Intesi Group decided to use all the existing electronic identity schemes that have been pre-developed by the governments, banks and telecommunications providers, namely the eIDs that are present in Northern Europe. In addition to BankID Sweden, BankID Norway, NemID Denmark, FTN Finland, Intesi group has recently added iDIN Netherlands to our service offering. Essentially, most citizens from northern European countries can now re-use their verified identity from their own bank to sign documents digitally using an Intesi Group’s qualified or advanced certificates.

What is needed to sustain growth in the digital ID infrastructure, both nationally and globally?

Identity is fundamentally a combination of individual attributes that all define an individual, such as personal history, beliefs, and behaviors. Therefore, there are many fundamental questions that need to be answered to facilitate the expansion of digital identity infrastructure, both nationally and worldwide. For example, how can we safely collect and share all these individual attributes together in the digital environment? Who owns our identity data? Can we trust the cloud-based infrastructures that store our attributes? Can the providers assure us that our data is being protected, and cannot be compromised or misused without our explicit consent?

To adequately respond to these all challenges, the way both companies and governments work with digital identity must be reimagined and reinvented. By transitioning away from siloed capabilities that are centered on business needs, we need to move towards a collaborative sharing culture across all industries as well as internationally between governments. By overcoming these challenges, the repetitive processes of providing credentials online will be eliminated. This will allow both citizens and businesses to benefit from reduced costs and increased efficiency savings.

Through initiatives such as the Cloud Signature Consortium, public and private sector organisations can put together their capabilities for trusted services and unleash the potential of these new business models. In Europe today, we have 9 countries with eID notified and approved schemes that abide by the EU’s eIDAS Regulation.

Italy has become the second EU Member State to offer to its citizen’s full electronic identities that are legally valid across Europe. Using this eIDAS infrastructure,  service providers such as banks, telecommunications operations, and airlines, can now reach new markets in EU member states by allowing foreign EU citizens to access their services online. For instance, a bank can now allow a foreign EU citizen to open a bank account with greater ease thanks to this eIDAS infrastructure. By providing secure and trusted access to such online services to a broader international customer market, the growth of eID infrastructure will become an important enabler for the growth of private sector services.

To give you a clear example of this digitalisation trend, let’s examine the private sector’s use of the federated eIDs provided by Nordic banks. Over 90% of citizens in Norway, Sweden, Denmark, and Finland now have a form of digital identity that is issued by their bank. This in itself, is a clear digitalisation success story. The use of eID’s by Nordic banks is just one example of new models where a group of banks has switched from identity consumers to identity providers.

All forms of digital identity can now be used by citizens and businesses to access an ever-growing range of e-services that are not only related to the financial sector. Intesi Group, in partnership with Adobe, has been one of the early pioneers to integrate this technological innovation within concrete use cases. To name just a few, Intesi has implemented eID use cases in Know-Your-Customer authentication, mobile peer-to-peer payment systems, mortgage applications, insurance claims, tax declarations, all via e-Signature scan be executed instantly using Intesi Group’s cloud-based digital certificates via Adobe Sign.

In your opinion, what are the important issues and topics that will emerge in the year to come in this field?

The ownership and control of identity data is the most pressing issue that needs to be tackled by all stakeholders who are operating in the digital services space. We must all support and share the same values, implement appropriate policies for data collection and sharing, and explore new models of collaboration through organsiations such as the Cloud Signature Consortium. In doing so, we will support each other in implementing cutting-edge technologies that verify and manage digital identities. Both the public and private sectors need to take the necessary steps today to make sure that identity systems work better by enabling all citizens to have access to digital identity services. No one should be left behind by the digitalisation of identities.

What is needed to create the coherent and interoperable spectrum of solutions and how is CSC looking to address these challenges?

The Cloud Signature Consortium has initiated collaborations with ETSI and multi-stakeholder industry initiatives such as the FIDO Alliance to develop the next generation of authentication and identity verification standards. This will help online businesses by allowing them to use multiple authoritative sources of identity verification, which will in turn, enable a network of new service providers that will accelerate market adoption and expansion. The passwordless online experience is the dream of both consumers as well as service providers, and we at Intesi are convinced that dream will soon become reality. Stay tuned.

About Intesti Group: Intesi Group is an Italian Qualified Trust Service Provider according to eIDAS Regulation that has played an important role in the growth of the global market for PKI and security technologies since 1998. Intesi Group was among the founding members of Cloud Signature Consortium, and has enthusiastically contributed to the development of CSC API specification and Standard over the course of the past two years.

Bundesdruckerei GmbH (BDR) is a leading German high-tech security company that is based in Berlin. As providers of trust services in both analog and digital industries, the secure identities, data and infrastructures that the BDR provides, enable governments, private companies and citizens to act with confidence. BDR’s products and services are “Made in Germany”, and are firmly rooted in the reliable and lawful identification of individuals and institutions. Working as a security company on behalf of the German government, and with more than 250 years of experience under their belt, the BDR is paving the way for a secure digital age.

Here, Dr. Fabian Grabicki, and expert in Trusted Services with D-TRUST GmbH, one of the companies affiliated with the Bundesdruckerei, talks about BDR’s work and its relationship with the Cloud Signature Consortium.

What companies are involved in the BDR and what are the main focuses of those affiliated with it?

The Bundesdruckerei Group includes affiliated companies D-TRUST GmbH, Genua GmbH, Maurer Electronics GmbH, and iNCO Sp. z o.o. The Group employs a workforce of over 2,700 employees, and generated revenue of around €556m in 2018. The Bundesdruckerei also holds shares in Veridos GmbH, DERMALOG Identification Systems GmbH, cv Cryptovision GmbH and Verimi GmbH.

Berlin-based D-TRUST GmbH is a company of the Bundesdruckerei Group. D‑TRUST GmbH is one of the pioneers in the field of secure digital identities. Since 2016, the company has been listed with the German Federal Network Agency as a qualified trust service provider in accordance with the European eIDAS Regulation. The company issues qualified digital certificates for electronic signatures, seals and qualified remote signatures. It also offers other Public Key Infrastructure (PKI) products and services, such as its AusweisIDent service.

What services do you offer in terms of Cloud Signatures, and how do these help your clients?

Our sign-me product provides users with identification services that are based on various methods, namely on-site, video or ID card verification. Identified users can then remotely sign different types of documents via basic, advanced or qualified different eIDAS levels. The product is supplied as a software development kit (SDK) that can be integrated into standard document workflow systems or customer-specific workflows. It can also be used directly on its own web portal.

What are the benefits of using electronic signatures and in what way are they used by your clients?

Electronic signatures offer a vast range of benefits, especially when using the remote signature solution (sign-me). This solution is very convenient as you can basically sign anything from anywhere. It is very secure, as the service is eIDAS-compliant and provided by a qualified trust service provider. It is also very flexible, as it is not bound to any hardware (card), reading device or other middleware. All in all, the service saves you time and storage because you no longer need to appear in person while ridding you of paperwork.

What was the logic behind becoming involved with the development of the CSC specification? How has BDR contributed to its development?

It has always been BDR’s strategy to drive standardization. In this context, we have been able to put our expertise in security solutions, our good relationship with stakeholders, and our understanding of the demands of our customers to good work.

What is your relationship to the Cloud Signature Consortium and how has this helped your business? What has CSC helped to bring to your clients?

BDR is an executive and founding member of CSC. We have assumed a leadership role and are shaping the future of trust service technology. CSC is supporting our industry by jointly producing standardized solutions. We have also benefitted from several joint offerings with other members, in particular, with Adobe Sign.

Can you explain how BDR makes its sign-me service available both to its clients and users?

Sign-me can be used in three ways. First, the client can use its own workflow and then connect to our service via an API. The second option is for a client who already uses Adobe Sign; it can use the existing interface between Adobe and our service to complete signing. The third way is for the client, as an individual party, can use our web portal to sign its documents.

In which sectors have your services proved popular, and what products do you supply to clients in these sectors?

Many clients currently use the service to sign customer loan contracts and personnel leasing contracts with employment agencies or various insurance policies. A substantial amount of our business comes from use in internal processes in public companies and private institutions. Overall, the most interesting sectors besides the public sector are currently the insurance, banking and human resources industries, with the health sector also being expected to grow in future.

Can you give me any other examples of ‘success stories’ where BDR’s services have helped a company/sector and transformed the way they do business in terms of using e-signatures?

Let me share one of our success stories with our business partner Zenjob, https://www.zenjob.de/press/e-signature. In this case, BDR/D-TRUST offered Zenjob, an employment agency for working students, the unique opportunity to sign their contracts with prospective employees using sign-me literally ’on the go’. This solution is convenient, it reduces costs and storage and is more efficient. Another advantage is that both companies share a similar digital and technological background and mindset which made handling processes even smoother.

What does the next year hold for BDR? Are there any exciting developments on the horizon in 2020?

We expect to see some new features that will make remote signing even more attractive, such as in the area of second factor (Strong Customer Authentication/SCA). We also foresee a significant uptake of the market, at least in Germany, driven by legislation in the health sector as well as in the public sector (Law for the Improvement of Online Access to Administration Services/OZG). The new service offerings in the public sector will drive the penetration of digital identities and this, in turn, will result in increased usage of qualified electronic signatures, mainly by remote signing, in the private sector.

Many thanks to Dr. Fabian Grabicki for taking the time to speak with CSC.