“Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will soon propose a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data and how data is used.”
President Ursula Van der Leyen, State of the Union 2020, 16 September 2020
Digital identity is a necessary infrastructure for enjoying the full benefits of online services, without compromising the security. European governments have long worked to promote tools such as electronic signatures, eIdentity, authentication and trust services.
The 2014 eIDAS regulation is a milestone in this context, as it stated that public administrations in any EU member state must recognize electronic identification (compliant with the eIDAS standard) from other EU member states. While the eIDAS regulation was unanimously praised as an original and innovative framework, because it focused on standards rather than on specific solutions, its implementation proved slower than planned. As of today, only 15 member states have completed the notification process – the basic starting point originally planned by September 2018. To address these and other concerns, the European Commission has planned a revision of eIDAS and has launched a consultation until the 2nd of October 2020. If you work on digital government, it is important to make your voice heard.
Even at national level, eID implementation was not free from challenges. National governments have been working for more than 20 years on delivering means of electronic authentication, but results have been unequal in terms of uptake by end users and service providers. While in “the usual suspects” such as Estonia, Denmark and the Netherlands, eID are used by the majority of citizens, in many countries they are not even sufficiently distributed: based on data from the national dashboards, as of today France has activated less than 18 millions eID, Italy and Spain about 10 millions – including both companies and individuals. The Netherlands’ population is half of Spain’s, but it has processed twice the volume of eID transactions in 2019.
Yet the sector itself is showing lots of potential. The digital identity landscape below provide a good overview of the richness of the ecosystem. Companies such as the US-based Docusign have already reached a valuation of 40 billion USD (Figure 1).
Figure 1: Digital Identity Startups
Source: L.Michael Meyer, ‘The Identity Startup Landscape’, 2017
The ecosystem is even broader than that: it includes service providers who can adopt identity services, such as local authorities and banks. It is, to all effects, a multisided market that requires a high degree of governance to succeed. It can easily go from a virtuous to a vicious cycle. Success in one side drives success in others, so does failure. High uptake by service provider such as banks leads to high adoption by users, which creates a market for industry to provide solution. Symmetrically, if both service providers and users are reluctant to adopt the solution, then companies are unlikely to invest in these new eIDAS compliant standards (Figure 2).
Figure 2: The virtuous or vicious cycle of creating an identity ecosystem
To grow such ecosystem, we need a secure European e-identity framework that can be trusted and used by any citizen and service provider anywhere in Europe. And to achieve that, the solution has to take into account the needs and incentives of all the relevant stakeholders. Co-creation is therefore crucial to engage end-users, member states, local administrations, private companies and IT suppliers, but it is too often treated as an optional, box-ticking activity, supplementary to debating architectures and developing service modules.
As we describe in our policy brief, co-creation is much more than organising a focus group with users, but it is not rocket science. Co-creation is a traditional, core activity of multisided platforms, which permanently cultivate different sides of the market (suppliers and customers) with appropriate incentives and governance. There are well established methods, notably in involving users, engaging startups and developers through communities, conferences and incubators.
And there are good examples to learn from. Denmark is probably the most known. Since many years, there are several Danish govtech companies growing, innovating and expanding in new markets. One of the key success factors is the adoption of co-creation and interoperability. The Danish government has a long tradition of involving companies from the early stage of the design of its services. As described in previous reports, projects such as NemID and NemHandel have involved companies from the start, and have managed to create highly successful companies and highly used public services (used by 73% of citizens against the EU average of 34%). This is also thanks to the usage of interoperability standards and in the modular approach, where different providers can compete for specific services and there is no one size fits all solution.
Of course, Denmark is one of the most advanced cases, but even less digital countries such as Italy have made major progress by deliberately co-creating solutions with private sector and local authorities, and cultivating developer communities – as we illustrate in the first Co-VAL policy brief.
Getting digital identity right is becoming even more important not just to digital government, but to the European digital economy as a whole. eIdentity is a fundamental component of the Digital Single Market. It is the infrastructure that enables innovative solutions such as data portability as planned in the revised Payment Service Directive, and it is a business opportunity in itself. But to get it right, governments need to adopt proper co-creation throughout the different phases of development, and involve all the key stakeholders.
And citizens, administrations and business have all to do their part – and this starts with taking part in the online consultation.
David Osimo, director of research at the Lisbon Council, partner of the Co-VAL project.