Mobile Connect-eIDAS Pilot Prepares for Secure Cross-Border Trade

Marta Ienco, Head of the Government & Regulatory affairs, Personal Data  

marta-ienco-headshot-v2As we draw closer to the implementation of the eIDAS Regulation in September 2018, both governments and private-sector service providers prepare to capitalise on its impact. Designed to enable citizens to carry out secure cross-border electronic transactions such as university enrolment, bank account opening, filing multiple tax returns and authorising access to electronic medical records, eIDAS is expected to stimulate the growth of online cross-border transactions. Launched in 2014 as a collaboration between the GSMA and many of the world’s leading mobile network operators, Mobile Connect is a multi-purpose identity solution that uses the inherent trust, security and ubiquity of mobile networks. Mobile Connect uses the power of mobile to ensure that people can login as quickly as possible; when a consumer logs into a service using Mobile Connect, they receive a message on their mobile device asking them to either confirm the action, or enter a PIN or other authenticators like biometrics in the case of more sensitive applications. To date, Mobile Connect is supported by 52 MNOs, live in 29 countries and available to over 3 billion people.

Designed according to the technical and regulatory requirements of eIDAS, Mobile Connect featured in a cross-border eIDAS-complaint pilot in late 2015, where it became the first private-sector cross-border public service authentication solution compatible with eIDAS. Building on this success, Mobile Connect will again be used in an eIDAS-compliant trial before the regulation comes into effect.

Working with multiple private and public sector stakeholders, the aim of the upcoming pilot is to deliver a commercially viable, government-backed identity solution that can support deployment and scaling of eIDAS within two or more European countries. The pilot will demonstrate how Mobile Connect can be easily integrated into the existing eIDAS nodes of the Member States and meet the eIDAS technical and legal interoperability requirements due to its decentralised, federated architecture and adaptability to different level of assurance. This, in turn, will illustrate how Mobile Connect can support a broad variety of public and private sector use-cases.

Mobile Connect – eIDAS workshop held with key participants in Brussels on the 4th may

By working together with the government representatives and the eIDAS node providers in several Member States, mobile network operators have the opportunity to unlock the potential of the digital economy and become the defacto approved and trustworthy digital identity and authentication providers in Europe and more globally. As estimated by GSMAi, there are more than $4 billion new revenues that can be generated per year by 2020 for identity players providing authentication, authorisation, identity and attributes services via eIDAS. 

The pilot has been endorsed by major European mobile operators as well as government institutions and Mobile Connect technology partners from multiple EU Member States including Norway, France, Finland and Estonia. Key participants include the Norwegian Agency for Public Management and e-Government (Difi), Telenor, Telia Company, Orange, the Estonian Information System Authority, the Finnish Population Register Centre and the Mobile Connect technology partner, AriadNEXT. The European Commission services of DG CONNECT and DIGIT are also supporting the pilot by providing guidance on the architecture interoperability requirements and other regulatory issues.

As preparation for the pilot begins, Member States are taking measures to ensure they are ‘eIDAS and Mobile Connect ready’. For example, Difi, as the Norwegian eIDAS node provider, have been working closely with Telenor to integrate their national reference node with Telenor Mobile Connect, effectively completing the national technical implementation of eIDAS in a connectivity test environment. Difi has also tested their eIDAS node with several EU Member States including Denmark, Estonia, France, Iceland, Sweden and the UK, thus providing fertile ground for the testing of cross-border transactions.

The GSMA welcomes the participation of any organisation that would like to take part in the pilot, such as members of the eIDAS Cooperation Network of the Member States, mobile operators, vendors, service providers and organisations from the adjacent sectors. To find out more, please contact the GSMA’s Marta Ienco.