1. Introduction

The aim of this analysis is to carry out region-wide recommendations that would help person to interact in a meaningful manner with all the Member States in the region, but also produce Member State (MS) specific policy suggestions to pave the way for that vision to be implemented in specific Member State.

Background

The EU has prompted several initiatives to develop support services, both in public and private sector, to be available cross-border and, where that is preferred or necessary, in a personalized manner. However, as eIDAS implementation report

https://www.enisa.europa.eu/publications/eidas-overview-on-the-implementation-and-uptake-of-trust-services

showed, the actual usage of cross-border services is low, and the availability is not reachable for most of the EU residents.

In the European Commission’s report

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021DC0290

on the evaluation of Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS) there are number of limitations imposed to secure, trustworthy, and easy-to-use electronic transactions that encompass electronic identification and authentication.

Particularly relevant to the project’s scope is the availability of limited attributes (elements of personal information) that can be reliably disclosed to third parties. In addition, the European electronic identity ecosystem is distributed across different national regulatory environments, levels of digital governance, and culture.
Despite introducing references to eIDAS solutions in several sectors of EU legislation, the eIDAS Regulation has not yet replied to the needs of specific sectors (e.g., education, banking). One of the limitation factors of the current framework, with respect to these sectoral needs, is the lack of specific attributes by domains.
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52021DC0290

The Commission staff working document,

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021SC0130

accompanying the Commission’s report, acknowledges that the Member States (MSs) have raised issues linked to the matching of eID identities with an existing national profile while providing cross-border services. There are currently no cross-border processes at EU level to handle the situation where one person owns multiple eIDs issued or to assure that a person is successfully matched to correct eID under different notified eID schemes. This can lead to denial of access to services in cases where the receiving Member State cannot exclude duplication or match multiple legitimate eIDs from different eID schemes.

In addition, non-harmonization of the minimum data set which is communicated in an authentication can also lead to denials of service.
Some service providers require a national registry number to grant access to online public services, however not all Member states issue such a number. Consequently, cross-border users may be automatically denied access if the eIDAS authentication does not include such a number.
Obtaining a national registry number often requires physical presence. This is an obstacle for users from abroad even in a case where they are eligible to obtain a national registry number and to access a service. The existence of the problem is well depicted by the fact that cross-border authentications provided by Member States show, factors wise, lower usage numbers compared to the usage of eID at domestic level.

Single Digital Gateway as a new obligation and once only principle (OOP) across EU has raised a need to solve the issue of the identity of a user. It is quite clear from public debates (incl. on draft eIDAS 2.0 regulation) that we are not going to see a common EU identifier assigned to EU residents, but rather we need to be able to match personal records from Member state to Member state and sometimes also within MS.

Situation in Nordic-Baltic region

Nordic and Baltic countries differ heavily from most of the EU by having strong public sector data registries that are used to provide a rich selection of services for their residents. This region has so far had also a common approach in most countries that an individual is recognized in different datasets through commonly agreed unique identifiers or data sets. But even here we see some differences and deviations. For example,

Identity code is available in Denmark, but that is missing from identity documents for Faroe Islands, and this means that any record made about them based on identity documents cannot reliably hold unique identifier.
Within the eIDAS framework the minimal dataset for personal data includes family name but in Iceland the family names are (in most cases) not issued and thus needs to be faked in the records.
Registers Iceland has created a database where names are split into two fields for almost all people registered, that is 1) Given Name/Names and 2) Surname. The Surname field can contain two surnames, example: Name (field 1): “Sigríður María”, Surname (field 2): “Jónsdóttir Zoega”.
Registration of Icelandic names in other countries is not always identical with the registry of Iceland, as until now other countries in most cases had to fake the Surname using the last part of the Given Name as Surname.

At the same time, the number of people that either live, work, study, or travel between Nordic and Baltic countries or who have done so in history, is one of the largest cross-border personal datasets.

Holmberg, J., Lundquist, T., Hännikäinen, H., Liikkanen, S., Ulset, T., Helgadóttir, M., H., Neergaad, J., Jensen, H., Kousa, M. & Varis., A. (2019). Nordic Work Mobility and Labour Market. “More than 300,000 Nordic citizens live or work in another Nordic country and the number is on the rise. In recent years, about 50,000 people have moved to another Nordic country each year, for various reasons.”

These datasets carry actual meaning for persons’ social benefits, health records, professional qualifications etc., and these are all kept with Member State records - with often no opportunity, or a very small one, to identify a person by means of electronic identification.

Connections to other ongoing projects in Nordic-Baltic area

In August 2019 the Nordic Council of Ministers agreed on Vision 2030, with the goal of becoming the most sustainable and integrated region in the world by 2030. The work of MR-DIGITAL, on delivering cross-border digital services supporting the integration of the region, was set out in the ministerial declaration Digital North 2.0 and operationalised by the CBDS Programme.

The CBDS Programme is a strategic initiative from the Nordic Council of Ministers (NCM) that aims to accelerate the digital transformation of the Nordic-Baltic region. The programme will increase mobility and integration across the region through the development and deployment of cross-border digital services. This will benefit citizens, businesses, and public authorities in the region. The CBDS Programme was launched in 2020 by NCM. It supports the vision of making the Nordic-Baltic region the most integrated region in the world by 2030. The program facilitates close co-operation on selected digital services and data exchange between public authorities in the region.

Under the auspices of the Nordic Council of Ministers, the CBDS Programme currently hosts two cross-border projects engaged with the implementation of the eIDAS and SDGR:

The Nordic Baltic eID project (NOBID)
https://www.digdir.no/digdir/nordic-baltic-eid-project-nobid/1342
The Single Digital Gateway - Once Only Proof of Concept Pilot project (SDG Project)
https://www.norden.org/en/project/single-digital-gateway-once-only-proof-concept-pilot-project

A key component supporting cross-border digitalisation is the use of national electronic identities (e-IDs), both by citizens and businesses, to gain access to digital services in other countries. The framework for Nordic-Baltic e-ID cooperation is the Nordic-Baltic eID Project (NOBID), which gathers e-ID experts from the whole region. The NOBID project is headed by the Norwegian Digitalization Agency (Digitaliseringsdirektoratet) and aims to deliver legal and technical e-ID interoperability in the region. The project establishes service concepts for digital cross-border exchange of authoritative information for natural persons and legal entities, including semantics and Service Level Agreements (SLAs). NOBID has succeeded in establishing e-ID interoperability between Nordic and Baltic countries and continues the cooperation to ensure compliance with the eIDAS regulation.

The Once Only Proof of Concept Pilot project addresses the Nordic and Baltic countries’ shared concern about the functionality of the Once Only architecture in the European Commission’s Single Digital Gateway Regulation. The project aims to identify common solutions that are simpler and more cost-effective for the Nordic and Baltic countries to implement. A general model for cross-border exchange of information can only be built if the Once Only architecture referred to in the Single Digital Gateway Regulation is considered. To ensure that no additional investments are needed, there is a need to launch the assessment and testing of the Once Only architecture and prepare recommendations and best practices for the exchange of information between the Nordic and Baltic countries. The project is led by the Finnish Development and Administrative Services Centre (KEHA Centre).

//The project was finalised in June 2023, and it succeeded in developing opensource components for the key functions of OOTS: evidence request service and preview service.//