Digital Identity Spotlight: Belgium

It shouldn’t be a surprise that Belgium ranks among the vanguards of digital identity. The digital world as we know it may never have existed without this tiny northwestern European country of just 11.6 million people.

After all, the Belgian computer scientist Robert Cailliau proposed the first hypertext system for CERN in 1987. Collaborating with Tim Berners-Lee, he went on to help develop the management proposal behind what would eventually become the World Wide Web (WWW).

He was instrumental in forming the European Commission’s first web-based project for information dissemination in Europe (WISE). And his work with CERN’s Legal Service led to the release of web technology into the public domain 30 years ago this year—on April 30, 1993. “When we have all data online, it will be great for humanity,” Cailliau remarked. “It is a prerequisite to solving many problems humankind faces.”

But while the digital world he helped create has transformed how we live, work, learn, shop, and play for the better, it hasn’t been free of some costly and dangerous challenges. At the heart of them all: identity.

Digital Identity: A Pressing Need Worldwide

Citizen or resident identity and property rights have long been cornerstones of free market economies. Particularly as digital economies flourish, this makes it critical to enable individuals to prove their identity online for purchases, access to healthcare and to government services, access to entitlements, and more. But verifying identity in digital channels through authentication based on the usernames and passwords that emerged to protect web-accessible user accounts has never been even remotely adequate.

Thanks to endless phishing attacks and corporate data breaches, over 24 billion recently-compromised login credentials and personal identity files are available on the dark web. Cyber-thieves and threat actors use stolen or synthetic identity information to defraud businesses and governments. And they leverage pilfered logins to swipe money or steal information they can monetize downstream—the price tag: More than $7.8 trillion in global losses expected just this year.

Today, the ability to facilitate fast, convenient, and secure interactions and transactions online is crucial to the digital economy. But that requires a universally-accepted form of digital identity that protects privacy and prevents personal information from being stolen and exploited by others. While the US is beginning to make strides, other countries are leading the way. A compelling case in point is Cailliau’s native Belgium.

Belgium: A Bellwether for Digital Everything

From the saxophone to the Big Bang Theory and beyond, Belgium has always been a center of innovation—and a central hub for Europe’s digital economy. More than 90% of its tech-savvy populace is online. Its kids help design city playgrounds using Roblox. The country accounts for 35.5% of all cross-border e-commerce. More than half of all companies operate in the cloud.

Belgium’s capital city is a global financial center and home to the EU Parliament, the European Commission, and NATO. It’s also home to a vibrant startup scene—and a government-driven “Digital Belgium” initiative focused on developing and nurturing digital skills and business, inclusion, infrastructure, and security. It is also a global leader in digital identity.

In 2018, Belgium rolled out the itsme mobile ID scheme, which allows citizens to securely access a range of government and private sector services such as banking, travel, and healthcare through a mobile app. It’s an extension of the card-based national eID cards required of all Belgians 12 and up.

Once tied to their eID, consumers can use single sign-on to log into accounts, share information, conduct transactions, and sign documents. Two-factor authentication, such as a fingerprint biometric or pin code on the user’s device, provides an added layer of security, reducing the risk of identity theft and fraud.

Convenience Meets Security–But Not Without Complexities

Typically issued or regulated by a national ID scheme, digital identity is generally comprised of validated digital attributes and credentials designed for the digital world that are verified by cross-referenced with government-issued physical world credentials. Think birth certificate, driver’s license, passport, etc.

One of the critical benefits of Belgium’s eID and itsme app is convenience. Citizens don’t need to manage multiple usernames and passwords for different services or transactions. And in addition to two-factor authentication, it’s certified for the European Union’s “Electronic Identification, Authentication, and Trust Services” (EIDAS) standards. It meets the requirements for GDPR privacy law and PSD2 open banking regulations. And more than 80% of the population has used it, making 25 to 35 million transactions per month.

But it has yet to be free of issues. EID technology is complex and has significant barriers to entry for private industries, holding back its full promise. And detractors have expressed concerns over privacy and government overreach. But the European Union’s updated “Electronic Identification, Authentication, and Trust Services” (EIDAS 2.0) could soon help change that.

A Step Toward Self-Sovereign Identity

Thanks to EIDAS 2.0, itsme and systems may soon give citizens far more control over how their information is used, while making digital identity far easier to apply across all sectors of the economy.

EIDAS 2.0 goes into effect this September, and requires that all member states offer a digital identity wallet (DIW) that acts like a “digital twin” of hard-copy identity documents. In addition to standards for easier adoption across industry sectors, EIDAS 2.0 introduces other key benefits.

Instead of a “federated” model for digital identity, for instance, EIDAS 2.0 can potentially set the foundation for a Self-Sovereign Identity (SSI) framework. With SSI, authenticating users no longer requires personal data to be stored centrally on servers belonging to large public or private organizations, where it can be hacked and either ransomed or exploited to commit fraud. Instead, users can control what personal information they share and how that information is used.

What Should Come Next

The promise of digital identity is predicated on distributed ledger technologies and the architectural advantages they enable. For one thing, they provide for storing immutable records of identity. This enables financial services firms to comply with Know Your Customer (KYC) mandates. It also allows them to accurately log access and activities in alignment with anti-money laundering (AML) laws. Just as importantly, they are key enablers of SSI-based authentication through digital wallets. For instance, when users opt to share data, zero-trust systems can apply risk, quality, or credit scores without contributing private user information or metadata to the process.

This means that someone applying for a loan can do so without revealing personal information or having a decision tied to outdated or inaccurate information stored on far-flung corporate servers. Or someone entering a bar can prove they’re at least 21 years old without revealing their name, birthdate, address, or other details. Users can also set time limits so that shared information is deleted after a predetermined period.

Belgium seems set on forging the way. In 2024, the country will hold the EU presidency, and it recently announced plans to lead the creation of “Europeum,” an official blockchain for Europe designed to further pioneer digital identity.
But to be effective, digital ID wallets must also comply with NIST-, FIDO2-, and iBeta biometrics-based standards that leverage liveness tests capable of defeating virtually any attempt at identity spoofing.

If Cailliau’s vision of the web as a prerequisite for solving many of humanity’s problems is ever to be fully realized, digital identity will need to be solved, most likely with an architecture similar to that baked into 1Kosmos BlockID and discussed in this free research paper on Reusable Verified Identity from KuppingerCole. A simple form fill is required for download.

Interested in digital identity-based authentication but aren’t sure where the start? Learn more about 1Kosmos BlockID, the only NIST, FIDO2, and iBeta biometrics-certified platform—and schedule a free demo today.

Overcoming Resistance to Change on the Journey to Passwordless MFA

Read More