2014 was rich in terms of regulatory developments associated with digital and mobile identity services. Many governments developed their policy approaches and a number of national strategies to define standards and regulations for trusted digital identities, both for the public and private sectors, were introduced or progressed.
New initiatives and developments that are expected to have a major impact on the standards, regulatory and legal requirements for digital identity at global level include:
- In the USA, within the National Strategy for Trusted Identities in Cyberspace (NSTIC) in the course of 2014 the US government took further steps to create a user centric “Identity Ecosystem” of public and private sector organizations which utilizes secure, efficient, easy to use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice and innovation. This strategy will enable American citizens to choose between multiple identity providers and digital credentials to conduct more secure, convenient and privacy enhancing transactions when online.
- In the European Union, the Electronic Identification, Authentication and Trust Services Regulation (eIDAS) Regulation came into force on the 17th September 2014 marking a major new development in the regulation of digital identity. The regulation will enable seamless electronic transactions across the EU, making it easier and safer for individuals, businesses and public administrations in different countries to identify and authenticate themselves, sign documents and check the authenticity of documents online.
- In the UK, the Identity Assurance Programme (IDAP), a government certification programme, is being developed to enable any organisation, including mobile network operators and other private sector providers, to become an authorised digital identity and attributes providers.
- In Italy, the government announced a new Public System for Digital Identity Management (SPID) on the 11th of December 2014. The launch of SPID system is expected in April 2015. Once operational, the system will provide access to offer e-government services to citizens and companies alike. SPID potentially might be influential beyond Italy, since it will also be interoperable with other European eID systems.
As markets develop and trust and reputation become more important assets within the economy, policymakers need to ensure consistency between the different legal and regulatory instruments that affect digital identity management. Such consistency and legal certainty will be required not only to ensure interoperability of services across the globe and consistent experiences for users, but also to provide business efficiencies and fair competition across different platforms, thereby encouraging market deployments while enabling innovation, competition and market growth.
Mobile identity represents a powerful platform through which to achieve these aims. Mobile offers a compelling proposition for governments seeking to provide secure access to digital services. It provides an ideal platform for creation, storage and management of digital identity thanks in part to the sheer number of devices worldwide – with 6.99 billion connected mobile handsets, the mobile is the most ubiquitous telecommunications medium on the planet. However whilst accessibility is key to the success of digital services, security is also a central consideration. The SIM card, encrypted and part of every mobile device, is arguably the most secure technology on which to store identity credentials. Additionally, mobile identity can provide high security assurance in combination with other existing online and digital infrastructures and technologies.
In 2014 the GSMA held various conferences, seminars, workshops which explored the above mentioned opportunities and benefits that mobile provides for identity services as well as the policy challenges. Moreover, at the Mobile World Congress 2014, the GSMA unveiled the Mobile Connect initiative with the support of leading mobile operators. The GSMA Mobile Connect service will simplify consumers’ lives, offering a single, trusted, mobile phone based authentication solution that respects their online privacy.
The events held by the GSMA facilitated discussions between policy leaders and mobile operators on how industry and policy makers can work in partnership to ensure that mobile’s contribution towards digital identity development can be maximised and drive growth, competitiveness and job creation across all sectors.
It is clear that mobile operators and policy makers share a common agenda in order to meet the challenges of growth, employment, innovation and sustainability and evident that the mobile industry plays a critical role in meeting those challenges.
In 2015 we expect governments to develop their electronic identification frameworks further and create online environments where individuals and organizations can trust each other. In order to build that trust in the next wave of digital services, ongoing cooperation between mobile operators and policy makers is required. The GSMA is ready to facilitate this cooperation and looks forward to continue working with the policy makers in different regions to help shape a balanced and forward-looking policy for digital and mobile identity services around the world.
Related documents:
This paper provides a review of the regulatory background and key policy issues associated with digital and mobile identity services:
Personal Data Regulatory Overview 2014
This paper looks at the role and unique value of mobile identity:
Link to the joint GSMA and SIA paper GSMA SIA paper_FINALNov 2014
For more mobile identity related documents (technical white papers, case studies and service blueprints) published by the GSMA Personal Data Programme, please go to www.gsma.com/identity/resources