This document is the policy research on the Trust Services(TS) state-of-play and prospects of further development in Ukraine. It was initially planned as part of an independent assessment of EU-Ukraine Association Agreement (AA) Annex 17-3 (telecom, trust services, and e-commerce) regulatory approximation progress. Yet due to the announcement of the upcoming update on the EU eIDAS regulation with drafting proposal due June 2021 authors are extending the scope to provide analysis of Ukrainian TS, over four components, Legal Context, Supervision, Audit of Trust Service Providers, Best practices also discussing: policy options, scenarios, identifying risk factors of Trust Services and eID in the Public Sector, exploring TS related implications in delivering public services that are more effective and create better value. The document targets an audience already accustomed to core concepts and regulations in the field of Trust Services and eID on both sides of the EU-Ukraine Association Agreement. In particular Ministry of Digital Transformation of Ukraine (MoDT), whom we see as the principal champion of the Ukrainian Euro-integration of Trust Services.
There is no guiding Policy document on Ukrainian Trust Services and eID in the form of a White Paper or the Program where a deliberate system of principles and statements of intent guiding decision-making is formulated. Nevertheless, the analysis revealed that the Ukrainian Trust Service development patterns closely resemble those of the EU, but also that there are several areas (Standards, Supervision and Control, Personal Data Protection) where practices can be improved. Work identifies the strategies that can support the Ukrainian Government in successfully addressing the issues and consequently better placing Ukraine in a position of further euro-integrational steps, namely singing Mutual Recognition Agreement (MRA) on Trust Services with the EU, gaining internal market regime and starting integration into Digital Single Market (DSM).
Summary of the major recommendations:
- Create set of White Papers/Program Documents on Digital Government, Trust Services, eID, Data Protection, e-Archiving, Accessibility / inclusivity of public services ICT systems, other related areas such as education (digital skills), telecom (5G network, IoT), scientific research and R&D, inclusivity.
- Develop Trust and Data Protection Models, incorporating those into the Policies.
- Initiate inclusion of Ukraine into international indexes, namely: a) Digital Economy and Society Index (I-DESI), b) Digital Trade Restrictiveness Index (DTRI), c)Global Acceptance of EU Trust Services (ETSI TR 103 684)
- Renew National Accreditation Agency of Ukraine (NAAU) Bilateral Agreement (BLA) signatory status. Provide guidelines, and change existing legislation on Conformity Assessment of Ukrainian QTSP to reduce risks of non-conformity, for instance, employing internationally recognised Conformity Assessment Bodies (EU CABs).
- Address standardization gaps within QTS, QTSP, RSS, QSCD, HSM and Conformity Assessment by reviewing and updating relevant standards.
- Consider the introduction of Common Criteria Evaluation Assurance Level requirements for the hardware / equipment related to PKI infrastructure and trust service provisions.
- Update National Archive Strategy of Ukraine with the vision on e-documents long term preservation (LTP), studying and adopting the EU member states experience.
- Create / encourage e-signature e-seal validation service that can work with (validate) international e-signature (based on ECDSA, RSA) – provide more information on the ways domestic Ukrainian e-signatures are validated.
- Adopt and start to implement standard EN 301 549 – Accessibility requirements for ICT products and services. Update legislative base to incorporate European Web Accessibility Directive.
Major Risks are related to visionary, technological and standards related divergence from the EU policies on eID and Trust Services.
An ambiguity of the momentum is further highlighted by the fact that both the EU and Ukraine are planning the major update of legislation on Trust Services in the fashion that for now seems to be not quite aligned. Ukrainian Government is already prepared suggestion to update 80+ domestic Laws that likely to trigger further changes in 150+ regulations, including significant changes to Law 2155-VII on Trust Services and eID. It is challenging to evaluate suggested legislative proposals unless some manifestation of the vision for the future is available in formats other than political statements and promotional materials. From the perspective of the EU-Ukraine integration, suggested changes may be seen as premature, as European eIDAS (Trust Services and eID regulation) is also updated with drafting due to be published June 2021.
Dr. Andrii Dresviannikov