Chambersign

Without standards as GSM, voltage and - more recently - electric plugs, our life as travelers would be probably different today. Similarly it can be argued that - although there is a common legal framework for electronic signatures - Certification Authorities [C.A.s] will likely continue to struggle without the adoption of common standards, both as a national and as a cross-border business, independently and in spite of the technologies in use.

This factor cannot be fully evaluated without considering also that - until now - the main business driver in the European trust and security market has been eGovernment, not eCommerce. Consequently the large majority of the digital identity certificates [e-certificates] released “to the public” by C.A.s in ChamberSign Member States are compliant to national accreditation schemes, following often diverse policies and standards. Although not discriminatory, and in line with the Directive legal framework, these schemes, supervised by Government Agencies, have de facto put barriers and additional costs for C.A.s intending to deliver services in Europe. This is all the more evident because the different security levels prescribed by the Directive, although incorporated theoretically in national laws, are not being used in most of the examined Member States.

eGovernment accreditation schemes [or lack of them] are thus shaping most of the examined national markets, and – as a result - most of the C.A.s part of ChamberSign. This is widening the already existing gap among examined Member States and creating a “digital divide” between “standard” C.A.s. and C.A.s that are releasing e-certificates for critical eGovernment applications. The latter have in fact been designed by Governments to outsource critical citizen and business identification activities, while allowing [mainly national] competition among service providers.

There is - in addition - also an undeniable “continental law” approach to eGovernment, and possibly, as a consequence for end users, to eCommerce. A well established logical assumption, yet to be fully validated, is in fact the rationale for users of having already an e-certificate. Once in use for eGovernment applications, the same e-certificate has potential uses also for other electronic commercial activities, provided it allows users time and cost savings. Although most of the applications in use in the examined Member States are all eGovernment applications, there are already indications [e.g. e-invoices], that confirm the fact that eGovernment schemes are being used as a reference also for eCommerce. On the other hand market analysis performed in ChamberSign Member States shows that there is potential for cross-border services [e.g. e-procurement], many being the examples mentioned by the Members C.A.s and corroborated by other official sources.

The endorsement by IDABC and European institutions of a cross-border eGovernment accreditation scheme for Certification Authorities, together with the long awaited adoption of ETSI standards, could both possibly prove to be beneficial factors for the growth of a trust and security market in Europe.