Open letter to the EU Commission

In these dark days of brutal military aggression, it is important to find time to also look forward and discover new ways to make Europe more competitive and secure. 

The next phase of digitalization – the trusted data infrastructure based on Self-Sovereign Identity and MyData principles - is now an opportunity on an unprecedented scale. The impact on the economy has been estimated to 3-6% of GDP by McKinsey and to this should be added better protection of privacy, magnitude scale improvements of services for households and SMEs and efficient tools against cybercrime and the grey economy. https://www.mckinsey.com/business-functions/mckinsey-digital/our-insights/digital-identification-a-key-to-inclusive-growth

But a very important impact will come from a leap of faith in the Single Market, when it is understood that all data needed for services can be obtained by the data rights holder with generic tools and move across all sectors and borders. Needless to say, that a failure to reap the full benefits of this phase would be very detrimental for all parties and the European Union’s credibility. 

I am participating in the ongoing eIDAS2 and related work and know that final decisions have not been made. Still, I feel that it is my duty to raise some concerns now – hopefully unfounded. 

Have many enough understood and agreed? 

1. That the impact of the trusted data infrastructure on the European competitiveness can be so fundamental - if done right.
2. That Member States and EU should drive the migration – but do it in together with enterprises as the skills are there.
3. That if the qualified ID-wallets only serve as additional identification tools and include data only from the public sector, a very small fraction of the unprecedented benefit potential will be achieved. 
4. That if wallets are issued only to citizens, service improvements will not materialize on a notable scale. All citizens, organizations (also in the public sector) and many things need the generic wallets in order to interact without need for technical integration.
5. That wallets are of limited use if the interconnecting and interoperable often national infrastructures is not in place.
6. That Article 20 in GDPR cannot be used on a larger scale without huge costs and bad citizen experience without the wallets and interconnecting infrastructure.
7. That the same user experience and logic for accessing all data with the generic wallets both for private needs and at work on behalf of an organization bring faster adoption. 
8. That the wallets should be used also for all sorts of authorizations, mandates and power of attorneys and that the highest volumes of verified credentials will be wallet-signed payment e-receipts (which should be mandatory for all organizations and use the same standard as e-invoices). 
9. That there appears to be a clear risk of over-regulation - making it unprofitable even for medium sized organization to offer wallets and use data in their services. If enterprises do not have an easy and economical way to join - the uptake will be far too slow. The following has been questioned: (i) Need to register non-qualified attestation providers, (ii) Need to register relying parties, (iii) Need to authorize each wallet attribute when used, (iv) Need to register credentials available for wallets.
10. That there by now are at least 8 member states in the Coalition of the Willing promoting Self-Sovereign Identity based architecture. 

The key terms in our joint European effort should thus in my opinion be:  open global architecture, open-source technology, not-for-profit interconnecting publicly financed joint infrastructure connecting private and organization wallets, minimum regulation at the outset, fastest possible start with ready global standards, migration driven by the member states using EU-agreed rules and working closely together with enterprises. 

Yours faithfully

Bo Harald

Founder, www.Mobeyforum.org

Founder, Real Time Economy Program

Chairman, former EU Expert Group on eInvoicing

Founding Member, Member of Steering Committee for www.MyData.org,

Independent Advisor (pro bono) for www.Findy.fi