The National Bank of Ukraine (NBU) has completed a preliminary conformity assessment of its BankID System to evaluate its compliance with the requirements of the European Union’s eIDAS regulation for electronic identification schemes with a substantial level of trust.
The preliminary assessment marks the first major step towards bringing the NBU BankID System into full compliance with the eIDAS requirements. This, in the long term, could allow BankID to be recognized as the identification scheme that can be utilized within the EU, facilitating cross-border mobility and access to services for Ukrainian citizens.
The assessment was carried out by a consortium of companies led by АТ QMSCERT AUDITS-INSPECTIONS-CERTIFICATIONS S.A (Greece) (QMSCERT) with support from the USAID Investment for Business Resilience Activity (IBR). The NBU BankID System member banks that are subscribed identifiers were involved in the conformity assessment process and took part in the survey based on QMSCERT’s evaluation methodology.
“The initiative, which took six months to complete, is of paramount importance for us. It allowed us to obtain a qualified expert opinion as to the compliance of the NBU BankID System with the requirements of European legislation. We are now able to come up with further steps to implement the provisions of the law on electronic identification and electronic trust services and integrate with the European market going forward. We are grateful to partners, colleagues, and member banks for the work done on the preliminary conformity assessment of the NBU BankID System,” said Olha Vasylieva, Deputy Director of the NBU’s Payment Systems and Innovations Department.
Based on the assessment results, QMSCERT identified several elements that, if implemented, would bring the NBU BankID System into full compliance with the eIDAS requirements for electronic identification schemes with a substantial level of trust. They include:
- implementation and regulation within the system of elements inherent in electronic identification schemes, namely: defining the electronic identification service and means
- implementing rules for the use and management of electronic identification means
- clarifying requirements for user multi-factor authentication
- implementing participation termination plans for member-banks in the scheme
- conducting ad-hoc audits of subscribed identifiers
- implementing and routinely performing penetration tests
- implementing a life cycle policy for cryptographic keys used to encrypt personal data.
Adopting these measures will enhance the reliability, security, and accessibility of the NBU BankID System, setting the stage for its future registration as an electronic identification scheme with a substantial level of trust under the Law of Ukraine On Electronic Trust Services and Electronic Identification.
Yulia Vitka, Deputy Chief of Party of the USAID Investment for Business Resilience Activity, emphasized, “The NBU BankID system is a reliable and proven identification tool that complies with most EU and international electronic identification standards. This preliminary assessment is an important step to make digital interactions between businesses and citizens safer, faster, and more efficient.”
eIDAS is Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the EU market. The Law of Ukraine On Electronic Identification and Electronic Trust Services implements eIDAS requirements in Ukraine.
The NBU BankID System is a state platform for remote identification of citizens through banks, enabling users to confirm their identity electronically and receive public, financial, and other services remotely. For business, this system significantly reduces the time required for identification of their clients, thus allowing companies to attract new clients and increase sales.
The USAID Investment for Business Resilience Activity (IBR) is a five-year program implemented by DAI Global LLC that supports systemic changes in Ukraine’s economy and increases the supply of financing available to Ukrainian businesses. IBR aims to transform the country’s financial sector into a well-functioning and competitive market that is aligned with European Union standards and integrated into international financial systems, while directly providing financing to enterprises for sustained economic growth in Ukraine. For additional information about the USAID IBR Activity, please visit its Facebook page at: https://www.facebook.com/IBRUAproject