Canada’s government and the European Commission have announced a partnership to examine the use of digital credentials, including transactions conducted through digital wallets for business and personal use, claiming that a lack of international standards for digital wallets had led to a ‘Wild West’ atmosphere and endangered ‘trust in the system’.
A digital credential – an important element in the development of many fintech products and services – is a portable digital record of a claim made by a business, organisation or individual. It can be held in and shared through a digital wallet, serving as a digital representation of traditionally physical certificates or information, such as driver’s licences, business permits or bank account information.
After a series of technical workshops, the two jurisdictions have agreed to collaborate on digital credential research and innovation, Canada’s minister of innovation, science and industry François-Philippe Champagne announced last week (22 November).
During a ‘Canada-EU Digital Dialogue’ summit held in September last year, both sides agreed to work together on self-sovereign identity (SSI) – where the user has his or her identity information digitally signed by a trusted third party – blockchain and digital credential use cases. They also decided to convene experts to discuss how to enable interoperability and mutual recognition of digital credentials across Canada and the 27-member European Union (EU).
The European Commission’s Directorate General for Communications Networks, Content and Technology (DG CONNECT) and Innovation, Science and Economic Development Canada (ISED) then conducted workshops from spring to summer this year with the participation of 28 policy and technical experts from both sides. An 11-page report entitled ‘Canada-EU Joint Workshop Series for Enabling Interoperability and Mutual Support for Digital Credentials’ was published last week summarising the workshops findings and recommendations.
Interoperability challenges
A key finding from the workshops was that both Canada and the EU already have a variety of different SSI and digital credential technologies in use in their jurisdictions, many of which are not interoperable. ‘In addition, different SSI and digital credential technologies and approaches are emerging in different economic sectors and at different levels of government, creating the risk of economic and jurisdictional technology siloes,’ the report states.
The workshops identified two main gaps that exist for both Canada and the EU. First, the authors point to a lack of standards for digital wallets, leading to a ‘Wild West’ atmosphere in the space, and ‘endangering trust in the system and the potential for interoperability’.
To this end, the experts recommended that the two jurisdictions work according to a set of common principles and approaches such as complying ‘at minimum, with the published and endorsed World Wide Web Consortium (W3C) test suites’ – the World Wide Web Consortium is the main international standards organisation for web – and adopting ‘an approach that is both ledger- and feature-agnostic’.
The second ‘key gap’ concerns so-called zero-knowledge proofs (ZKP), a new approach for sharing information without sharing personal data. ‘Though desirable, ZKP continues to be an issue as it is not legally binding and could cause a challenge,’ the report says.
The authors state that it is ‘important to develop a deep understanding of this new approach’ before taking action to standardise it, which in turn would also help inform related policy development. ‘For example, there is currently confusion about whether ZKP proofs could count as personal data, which would cause conflicts with the [EU’s] General Data Protection Regulation (GDPR),’ the authors write.
Three risks to be tackled
The report also identifies three risks that need to be addressed. The first is ‘vendor lock-in’, which means becoming dependent upon a specific vendor for products and services, without the ability to switch to another vendor without substantial cost and effort. The experts explain that this risk could be mitigated by relying upon open standards and technological interoperability.
The second risk is identified as ‘ecosystem fragmentation’, wherein different communities develop their own standards. Examples include emerging approaches for travel, educational and Covid-19 credentials, all of which ‘have momentum’ and are being developed largely in isolation from one another.
‘While a healthy and diverse ecosystem of actors and initiatives is positive, the challenge comes in how to mitigate siloed-approaches to ensure mutual recognition, scalability, and adoption beyond a specific context,’ the report states, adding that there is a need to look at how to navigate a lack of control over these various ecosystems.
The third risk is the potential of ‘platform capture’. As larger companies move into the digital wallet and identity space, the experts see a risk that they could dominate the market and have an outsized influence on standards. ‘There is a need to establish an approach that balances the accommodation of consumer choice and healthy marketplaces with the mitigation of potential harm of private sector control of personal data and privacy,’ according to the report.
‘Trust is key to a digital economy’
Looking ahead, an ISED spokesperson told Global Government Fintech that the department will build upon the workshops by leading a digital credentials dialogue with the government advisory board of the Brussels-headquartered International Association of Trusted Blockchain Applications (INATBA). This board includes countries across Europe, North America, Africa and Asia. This dialogue would see a report published next year.
This year’s workshop report recommends further formal channels for engagement on digital credentials. It suggests using the annual ‘Digital Dialogue’ summits between Canada and the EU organised by ISED and DG CONNECT to leverage ‘political will to help provide weight, resources and momentum for moving forward with joint work’ on digital credentials.
Another possible channel mentioned is the Canada-EU Comprehensive Economic and Trade Agreement – Regulatory Cooperation Forum (RCF) developed as part of the Canada-EU Comprehensive Economic and Trade Agreement (CETA). ‘The RCF facilitates and promotes regulatory co-operation between Canada and the European Union, although it is no longer being used to work on cybersecurity due to changes in policy priorities,’ the report notes.
When asked how important the overall partnership between Canada and the EU is to fintech-related products and services, the ISED spokesperson told Global Government Fintech that “trust is key to a digital economy”. Many transactions in the economy and society rely upon trust, where each transacting party needs assurance that the other is who they claim to be and that the information provided is true, the ISED spokesperson said.
“Digital credentials can enable individuals and businesses to engage in secure and trusted transactions, including financial transactions, and quickly and easily share their information and conduct transactions with whomever they wish,” said the spokesperson. “Governments and other organisations are trust anchors, enabling trust by issuing documents needed for transactions across the economy and society.”
FURTHER READING
‘UK government proposes new body to oversee digital ID‘ – a news story (26 July 2021) originally published by our sister title Global Government Forum on a UK consultation on the creation of a governing body to oversee the use of digital identity services
‘EU presents plan for bloc-wide digital ID wallet’ – our news story (9 June 2021) on the European Commission’s presentation of plans for a digital identification wallet: an app that European Union citizens could install on their smartphone
‘UK government publishes digital identity trust framework’ – our news story (17 February 2021) on the publication of the ‘UK Digital Identity and Attributes Trust Framework’ by the Department for Digital, Culture, Media and Sport (DCMS)
‘EU report signposts route to blockchain ID verification’ – a news story (30 May 2019) from our sister title Global Government Forum on a report, ‘Blockchain and Digital Identity’, from the European Union Blockchain Observatory & Forum
