Becruiters zijn... experts - Third-Party reliance eIDAS
Becruiters zijn... experts!
Masterclass Third-Party reliance eIDAS.
In the blog series 'Becruiters are... experts' we discuss a current topic in the world of Data, IT and Technical IT. This time we share Cansu Konak Jansen vision, who, due to her experienced legal background, has a holistic and original approach to the IT domain. She was recommended by Becruiter Eric Gerritsen, Global Head of Risk Management Framework at
CSC Company. Curious about what the new developments surrounding eIDAS entails and what this can mean for you? You will learn it in this masterclass!
What is eIDAS?
“eIDAS is a short name for Electronic Identification, Authentication and Trust Services (hereinafter: eIDAS). eIDAS is a regulatory framework introduced by the European Union in 2014 with the aim of improving the security and reliability of electronic transactions. The European member states have agreed to use eIDAS for uniform concepts, reliability levels and digital infrastructure. This includes digital identification and digital signatures. Examples in the Netherlands are E-recognition and DigiD. By ensuring that these services are interoperable across all EU member states, eIDAS has played a crucial role in increasing trust in online transactions and services, fueling the growth of the digital market.”
Eric Gerritsen & Cansu Konak Jansen
Eric Gerritsen is Global Head of Risk Management Framework at CSC and a loyal Becruiter in the Becruit community. He introduces Cansu Konak Jansen, Global Risk Manager at CSC. She has a background in international corporate law and governance of innovation and sustainability and IT Risk Management. As a Risk Manager, she notices that legislation, society and information technology often overlap. This is reason to contribute with great motivation and interest to the exploitation of digital technologies and legislative initiatives such as eIDAS 2.0.
Why is eIDAS important?
The current eIDAS is currently under revision. The main reasons for this are the points of improvement of this current version and technical development. The revision is referred to in the market as eIDAS 2.0. “With the introduction of the 'European Digital Identity Wallet' (EDIW) for natural persons and the 'Organizational Digital Identity Wallet' (ODIW) for legal persons, eIDAS 2.0 is seen as a real 'game changer'. These wallets allow individuals and entities to store and share verifiable information about their identity. By using these new technologies and standards in cryptography, cloud computing and smartphones, we can prove who we are to others. eIDAS 2.0 is considered a new model for digital identity on the Internet.”
On February 29, 2024, Members of the European Parliament confirmed their support for plans for an EU-wide digital wallet. It will now only have to be formally endorsed by the EU Council of Ministers to become law. The regulations are expected to come into effect in mid-2026. A very important development regarding the security of personal data in the EU.
Who does eIDAS apply to and how do you get involved with it?
“eIDAS 2.0 is not mandatory for individuals, but mainly focuses on decentralized authorities that are obliged to recognize the European digital identity to EU member states, companies and integral organizations that offer digital services. Think of government organizations and private organizations with a public task. Among other things commercial institutions that offer online services and are required to apply SCA ('Strong Customer Authentication) are required to be able to communicate with EU digital identity wallets. This is monitored by regulators, and they impose sanctions if they do not comply.”
What do you think are common challenges when implementing eIDAS security in organizations?
“In the first-place organizations must decide what role it wants to play. Personally, I see the biggest challenge in the fact that the implementation of eIDAS is not only driven by IT, but is an integrated whole of strategy, IT, Sales, Compliance, Operations and Legal. That makes implementation extremely difficult. Also because eIDAS seems to be written primarily for IT professionals and cryptography insiders.”
What are tips for IT professionals regarding eIDAS?
Tip 1. Prepare yourself by understanding eIDAS a priority.
"Prepare yourself. I recommend that you first take a look at the European Commission's website: European Digital Identity. IT professionals should make understanding eIDAS regulations a priority. Read up on as much as possible. Given the high IT security level of eIDAS, you are at the forefront of raising awareness within the organization!"
Tip 2. Work from a vision
"Work from a vision, but don't get stuck in it." "You must be able to empathize with the client, embrace changes, adapt, innovate and be able and willing to collaborate, all qualities that are needed to successfully implement eIDAS in an organization.
I consider myself fortunate to work in an organization like CSC Company with my manager Eric Gerritsen and mentor Ben Gilbert at the forefront, who demonstrate these solutions every day.” Get around people who know what they're doing."
Tip 3 Drink cups of coffee with your team
"I also recommend drinking many cups of coffee with colleagues and decision makers from Sales, Risk & Compliance, Legal and Operations. This is to form your own thoughts and reliability and cross-pollination: something comes from nothing."
Finally, what is your vision on the new developments regarding eIDAS for now and for the future?
“In my view, regarding the current and future developments of eIDAS, we're likely to witness a continual evolution. An evolution in technologies and practices aimed at improving digital identity management and trust services. This could involve further standardization and alignment of eIDAS principles and processes across the European Union and beyond. Moreover, there might be increased integration of innovative technologies like biometrics, blockchain, and artificial intelligence to create more secure and user-friendly methods. eIDAS is an active effort to meet the future needs.”
Need an expert in the field of Data, IT or Technical IT?
Deel deze blog
Nog meer updates
Ook interessant?
