PIMN voor beter identity management
Response of the Netherlands – European Commission Green Paper – Retail Financial Services Question 24
Is further action necessary to promote the uptake and use of e-ID and e-signatures in retail financial services, including as regards security standards?
If further action is necessary to promote the uptake and use of e-ID and e-signatures in retail financial services, including as regards security standards, please state additional comments on possible actions:
European standards for an interoperable framework for e-identification and e-signatures would be most helpful. It would be important to keep these standards flexible and open. To our knowledge, the European Supervisory Authorities are working on this.
There are existing initiatives that could be leveraged to that end, e.g. the eIDAS-Directive provides a framework for identification and authentication. The European Banking Authority (EBA) also is active in this field as a part of the development of Regulatory Technology Standards on strong customer authentication. The EBA is mandated by the PSD2 to develop these standards. Besides this, the Solvency II Directive requires security measures. The main challenge is to prevent too much complexity if a diversity of (new) security standards or measures is introduced. We are in favour of promoting a more integrated approach to the use of existing international security standards, e.g. ISO27001, COBIT, and NIST Cyber resilience guidelines.