1. What exactly is ‘Trust and Security’ in the digital field? Is it just about cybersecurity?
Trust represents the primary basis for innovation and collaborative action. This concept can be transferred into the digital world and enable us to build trust with others. Cybersecurity is very important in this context, but having the enabling tools and technologies to build this trust is as important as being able to use those tools in a secure way.
Digital trust services and electronic identity services help modern societies and enterprises to speed up social and business interactions and build trust across geographies, while helping individuals and companies to deliver value with lower operational costs, and to operate in a fully electronic and paperless environment.
Electronic signatures and electronic identity services are two of the major solutions speeding up digital interactions between participants, for example in validating identity when accessing public services or signing legal contracts.
As a part of the EU4Digital Facility, digital trust and cybersecurity are important underlying conditions, as they enable all other aspects of the digital economy and society to deliver value in a secure way.
2. How developed is trust and security in the Eastern partner countries? Does the region lag behind more advanced digital economies in this area, and what are the implications?
The Eastern partner countries have a solid technological basis for enabling digital trust services, but more remains to be done to achieve mutual recognition of trust services. Enabling cross-border mutual recognition of trust services between the Eastern partner countries and EU member states requires dedicated effort to ensure regulatory, audit and
conformity assessment compatibility with eIDAS requirements, technical measures compatible with eIDAS requirements, compatibility of data privacy and protection practices with GDPR, as well as trust representation for mutual recognition.
The main objectives of the EU4Digital project in the area of trust and security are to identify potential gaps for cross-border mutual recognition of trust services and to offer a practical action plan and assistance to overcome those issues. The EU4Digital Facility has completed assessments on legal and technical maturity of trust and eID services in each Eastern partner country. Based on the assessments and lessons learned from eSignature pilots, EU4Digital has developed country-specific action plans for cross-border mutual recognition, based on eIDAS defined practices and the MRA Cookbook. Through the recommendations issued, the aim is to enable the countries to achieve the next level or readiness towards cross-border mutual recognition.
3. Between which countries did EU4Digital pilot eSignatures? What is the outcome of the pilots?
EU4Digital deployed technically operational cross-border eSignature pilots between Ukraine, Moldova and Estonia. To achieve this, the countries participating in the pilot first had to agree on common principles and formats, including timestamping, validation mechanisms and the certificate status checking components. At a first glance, the common
principles may seem straightforward, but from a practical point of view, the technical implementation required complex coordinated actions in a multi-stakeholder environment to enable a technically operational and interoperable eSignature solution across countries.
The eSignature pilot also helped to identify existing gaps and obstacles from the regulatory and technical perspectives, allowing us to develop practical recommendations to piloting countries. In this perspective, the eSignature pilots have provided a foundation for countries to further harmonise electronic identification and trust services environments across EaP and EU countries. Moreover, the common practices and recommendations have become
available for sharing and adoption to all Eastern partner countries.
4. What are the main cybersecurity challenges in the region? How is EU4Digital helping to build resilience in the partner countries?
An analysis of state regulations, policies and security measures already implemented by Eastern partner countries has allowed us to identify the main cybersecurity challenges in the region, which are:
- Lack of qualified personnel and resources in the cyber area;
- Insufficient dedicated and systematic funding;
- National Cyber Strategies not established, outdated and not aligned with the EU’s Directive on security of network and information systems (NIS Directive);
- Outdated national legislation not compliant with current EU legislation and cybersecurity standards;
- No regular cyber risk assessments performed at a national level;
- National-level contingency plans not established;
- Critical Information Infrastructure (CII) lists at national level not defined or incomplete.
Through the EU4Digital project, a set of good practices and recommendations in the field of cybersecurity was identified and prepared for national authorities in the form of Cybersecurity guidelines. These guidelines provide recommendations on how to continue with the development of their cybersecurity and for effective practices in developing, implementing, evaluating and maintaining cybersecurity measures. This will contribute to a stronger and more resilient cyberspace among the partnership countries and decrease the risk of disruption or failure of network information systems.
Furthermore, the detailed overview of cybersecurity in each Eastern partner country – state of play, main challenges and next actions provided in the individual country reports – will serve as an input to the EU4Digital: Improving Cyber Resilience in the Eastern Partnership Countries programme.
5. Why is cross-border eServices interoperability important, and what does EU4Digital do to promote the interoperability for cross-border eServices in the Eastern partner region?
Many public services are becoming more readily available online, yet they are rarely fully enabled for seamless cross-border interaction. When interacting with interoperable eServices across borders, governments, businesses, and citizens can fully access eServices, understand the basic related rules and requirements, authenticate themselves, complete cross-border payments, sign or seal documents electronically, as well as submit electronic evidence from the authorities. On the EU level, the single digital gateway will facilitate online access to information, administrative procedures and assistance services.
To improve Eastern partner country readiness to provide cross-border eServices, the EU4Digital Facility defined a framework to assess Eastern partner country readiness for cross-border eServices, which includes:
- Identifying and overcoming organisational and technical barriers;
- Fundamental interoperability principles;
- eServices access to foreigners;
- Availability of digital enablers.
Based on the assessments, the EU4Digital Facility will develop the cross-border eServices interoperability framework, which will provide guiding principles and practical recommendations for Eastern partner countries. This will enable a harmonised approach on the development of interoperable cross-border eServices at national level, accelerated
through the use of digital enablers.
6. How is EU4Digital guiding eGovernance developments driving public administration reforms?
Traditionally, when developing eGovernment, countries tend to focus most of their efforts and resources on digitalising the front end of government and public sector operations – solutions that are most visible to the general public and provide a quick result, such as services and portals. Such a fragmented approach carries a lack of focus on the
fundamentals of digital government, namely digitalisation of data, interoperability, electronic identity, access, legislation, governance, and the harmonisation of standards, both nationally and cross-border. This fragmented approach eventually leads to complex and expensive maintenance and management of the ‘front’ (e.g. services and portals), while investment processes become more complicated and with less return. As a result, the lack
of understanding of digital development priorities at government decision-making level creates a “death valley” between strategic priorities and their actual realisation.
The strategic, long-term, and systematic initiatives in public administration will be supported by the eGovernance framework by highlighting the causal development path in digital government activities – i.e. what fundamentals have to be established first so that other eGovernance aspects – such as portals and services – can succeed. Leveraging such a framework can become a steering mechanism for governments for the timely and systematic development of digital government fundamentals that society can experience – efficiency in public sector, digital services, data-driven decisions and participation in e-society.
The eGovernance framework will provide a basis to evaluate the current state of government digital maturity and identify problematic areas that are not established or should be improved. It will also assist public administrations in understanding the impact of eGovernance fundamentals on digitalisation priorities, as well as integrating developments of eGovernance fundamentals into the digital transformation agenda.