Viky Manaila, an international expert in the field of electronic signatures, digital identity, and digital transformation processes. She is a member of several high-level working groups set up by the European Commission and ETSI that aim to align policies and operations around the implementation of digital trust services, digital identities, and cross-border recognition. She recently joined to CSC as a Board Member

In this interview, Viky talks to the CSC Blog about her perspective on current and future industry trends, as well as the regulatory requirements on eIDs.

What are the key challenges to the development of digital identity and digital signatures by ID providers?

Digital Identity and Identification are the key challenges to the digital world that we are all living in today. Technology has profoundly changed the ways in which individuals, organizations and devices digitally interact with one another. Telemedicine, electronic prescriptions, digital banking, government services are all now offering personalized experiences with exceptional delivery times that were unimaginable only a few years ago.

In recent years, companies and governments have been reinventing their digital identity services. This has meant that the protection of sensitive personal data has become the foundation of the trust that users place in service providers, who have the duty to ensure that the digital identities of their customers are not misused or stolen. Within this context, digital identity security has become a top priority for digital services providers, which has created alternative business models that have resulted in the emergence of new market players.

As a Qualified Trust Service Provider, Intesi Group has redesigned our relationship with our customers by being able to meet their expectations of having a seamless online experience that is devoid of friction. Identity verification is a critical step in the process of issuance of digital certificates for electronic signatures. In the past, digital identity was one of the most significant barriers to paperless business, with users having to be identified in-person. Therefore, Intesi Group has developed and implemented innovative solutions that allow for cloud-based certificates to be issued in minutes directly from signing applications, whilst always remaining compliant with the E.U.’s eIDAS regulation.

In order to simplify the identity verification phase of issuing digital certificates, Intesi Group decided to use all the existing electronic identity schemes that have been pre-developed by the governments, banks and telecommunications providers, namely the eIDs that are present in Northern Europe. In addition to BankID Sweden, BankID Norway, NemID Denmark, FTN Finland, Intesi group has recently added iDIN Netherlands to our service offering. Essentially, most citizens from northern European countries can now re-use their verified identity from their own bank to sign documents digitally using an Intesi Group’s qualified or advanced certificates.

What is needed to sustain growth in the digital ID infrastructure, both nationally and globally?

Identity is fundamentally a combination of individual attributes that all define an individual, such as personal history, beliefs, and behaviors. Therefore, there are many fundamental questions that need to be answered to facilitate the expansion of digital identity infrastructure, both nationally and worldwide. For example, how can we safely collect and share all these individual attributes together in the digital environment? Who owns our identity data? Can we trust the cloud-based infrastructures that store our attributes? Can the providers assure us that our data is being protected, and cannot be compromised or misused without our explicit consent?

To adequately respond to these all challenges, the way both companies and governments work with digital identity must be reimagined and reinvented. By transitioning away from siloed capabilities that are centered on business needs, we need to move towards a collaborative sharing culture across all industries as well as internationally between governments. By overcoming these challenges, the repetitive processes of providing credentials online will be eliminated. This will allow both citizens and businesses to benefit from reduced costs and increased efficiency savings.

Through initiatives such as the Cloud Signature Consortium, public and private sector organisations can put together their capabilities for trusted services and unleash the potential of these new business models. In Europe today, we have 9 countries with eID notified and approved schemes that abide by the EU’s eIDAS Regulation.

Italy has become the second EU Member State to offer to its citizen’s full electronic identities that are legally valid across Europe. Using this eIDAS infrastructure,  service providers such as banks, telecommunications operations, and airlines, can now reach new markets in EU member states by allowing foreign EU citizens to access their services online. For instance, a bank can now allow a foreign EU citizen to open a bank account with greater ease thanks to this eIDAS infrastructure. By providing secure and trusted access to such online services to a broader international customer market, the growth of eID infrastructure will become an important enabler for the growth of private sector services.

To give you a clear example of this digitalisation trend, let’s examine the private sector’s use of the federated eIDs provided by Nordic banks. Over 90% of citizens in Norway, Sweden, Denmark, and Finland now have a form of digital identity that is issued by their bank. This in itself, is a clear digitalisation success story. The use of eID’s by Nordic banks is just one example of new models where a group of banks has switched from identity consumers to identity providers.

All forms of digital identity can now be used by citizens and businesses to access an ever-growing range of e-services that are not only related to the financial sector. Intesi Group, in partnership with Adobe, has been one of the early pioneers to integrate this technological innovation within concrete use cases. To name just a few, Intesi has implemented eID use cases in Know-Your-Customer authentication, mobile peer-to-peer payment systems, mortgage applications, insurance claims, tax declarations, all via e-Signature scan be executed instantly using Intesi Group’s cloud-based digital certificates via Adobe Sign.

In your opinion, what are the important issues and topics that will emerge in the year to come in this field?

The ownership and control of identity data is the most pressing issue that needs to be tackled by all stakeholders who are operating in the digital services space. We must all support and share the same values, implement appropriate policies for data collection and sharing, and explore new models of collaboration through organsiations such as the Cloud Signature Consortium. In doing so, we will support each other in implementing cutting-edge technologies that verify and manage digital identities. Both the public and private sectors need to take the necessary steps today to make sure that identity systems work better by enabling all citizens to have access to digital identity services. No one should be left behind by the digitalisation of identities.

What is needed to create the coherent and interoperable spectrum of solutions and how is CSC looking to address these challenges?

The Cloud Signature Consortium has initiated collaborations with ETSI and multi-stakeholder industry initiatives such as the FIDO Alliance to develop the next generation of authentication and identity verification standards. This will help online businesses by allowing them to use multiple authoritative sources of identity verification, which will in turn, enable a network of new service providers that will accelerate market adoption and expansion. The passwordless online experience is the dream of both consumers as well as service providers, and we at Intesi are convinced that dream will soon become reality. Stay tuned.

About Intesti Group: Intesi Group is an Italian Qualified Trust Service Provider according to eIDAS Regulation that has played an important role in the growth of the global market for PKI and security technologies since 1998. Intesi Group was among the founding members of Cloud Signature Consortium, and has enthusiastically contributed to the development of CSC API specification and Standard over the course of the past two years.