The government on Thursday approved a draft that will update regulations concerning the assessment of the level of trustworthiness of private e-identification systems.
While resolving security weakness connected with the ID-card revealed in fall 2017, the need arose to amend legislation related to personal IDs, e-identification and trust services, as well as the division of duties and responsibilities among the state institutions responsible for these fields, the government's communication office said.
"After the so-called ID-card crisis, it became clear that the roles and division of responsibilities between various institutions must be subjected to a review and set forth in an understandable fashion. Since there are many parties to this process - the Police and Border Guard Board, the Estonian Information System Authority (RIA), the Ministry of the Interior and the Ministry of Economic Affairs and Communications - the clearer the division of duties is between them, the more efficiently the state will function," Minister of Entrepreneurship and IT Andres Sutt (Refom) said.
In addition to the problems revealed in 2017, it appeared from additional analyses by RIA and the Ministry of the Interior that the legislation concerning electronic identity and the division of competencies between institutions that builds on it are not established in legislative acts in sufficient detail and with sufficient transparency.
The draft will specify the duties and responsibilities of different institutions in the field of e-ID and expand the oversight competence of RIA over providers of public e-services. Specifically, RIA will be able to check in the future whether providers of public e-services fulfil the obligation of recognizing international e-ID solutions arising from the eIDAS (electronic IDentification, Authentication and trust Services) regulation.
In addition, the draft will set out clear rules for the assessment of the level of trustworthiness of private-law e-ID systems.
"In addition to the national ID-card and Mobile-ID, there are also various private-law e-ID systems on the market now, such as the Smart-ID, the pool of users of which is similar to that of the national systems. In order for it not to be necessary for each provider of e-service to start checking themselves whether a private-law e-ID system indeed meets all the requirements for implementation, we will create a central and transparent possibility at RIA for the assessment of their trustworthiness," Sutt said.
The minister said this helps foremost the providers of public e-services, who will be able in the future to rely on a central assessment by RIA when having to decide which systems of e-identification to interface with public e-services. From the viewpoint of business operators, a trustworthiness assessment offered by the state may serve as a sales argument, which raises the attractiveness of the service also on foreign markets.
Editor: Helen Wright