Can autonomous vehicles become a mass reality?

Promote Europe's digital sovereignty

content

1 executive summary

2 How much digital sovereignty does Europe need?

3 What is digital sovereignty?

3.1 Origin of the term

3.2 Importance for the financial sector

4 Political demands to strengthen Europe's digital sovereignty

4.1 Create fair conditions in digital competition

4.2 Promote cloud banking in Europe

4.3 Promotion of the data economy by creating a cross-sector data framework

4.4 Developing cybersecurity competencies

4.5 Introduction of a programmable euro

4.6 Creation of a digital ID ecosystem


1 executive summary

The digital sovereignty of Europe is a basic requirement for the European economy to be able to maintain its innovation and thus competitiveness in the medium to long term. So far, this sovereignty has only been a reality to a very limited extent: The increasing concentration of economic power and technological know-how in large, non-European online platforms has meant that they can operate as gatekeepers, especially for the digital economy. At the same time, however, German and European companies also operate in a highly networked manner in a globalized world that is thus highly divided in labor. A complete digital sovereignty in the sense of isolation is therefore not desirable against this background. This position paper aims to raise awareness that a balancing act is necessary to strengthen Europe's digital sovereignty on the one hand and to maintain an open and flexible European economy in a globalized world on the other. Protectionist measures aimed at realizing digital sovereignty have negative effects on Europe as a business location and must therefore be avoided.

In order to strengthen the digital sovereignty of Europe and in particular of the financial industry, the present position paper in the sense of the four dimensions of sovereignty - infrastructure, data, decision-making and platform sovereignty - elaborates specific demands of the financial industry:

  • Revision of the existing competition law framework to a modern competition law that creates fair conditions in digital competition
  • Promotion of cloud banking in Europe by abolishing regulatory hurdles and creating European standards to make IT infrastructure more flexible and more efficient
  • Supporting the data economy by creating a cross-industry data framework to enable data-driven value creation in all industries and for the benefit of customers
  • Establishing and expanding competencies in the field of cybersecurity in order not only to protect critical infrastructures, but in particular to strengthen individual trust in the digital economy
  • Focusing on a multi-stage approach to the introduction of a programmable euro, in particular to support German industrial companies in their digital transformation
  • Creation of a European digital eID ecosystem

All efforts to strengthen digital sovereignty should aim to follow a common European path. This European path must be based on values ​​and standards such as trust, openness, a high level of data protection and wise governance, while at the same time maintaining the competitiveness of European companies.

2 How much digital sovereignty does Europe need?

“Europe must strengthen its digital sovereignty” - with this appeal, four European heads of government, including Chancellor Angela Merkel, approached the European Commission at the beginning of March 2021 and called for an action plan for more digital sovereignty. This latest venture underlines once again the importance of this topic in recent years. There is hardly a political debate about Europe's role in the world that lacks the demand for digital sovereignty; the term has meanwhile become a synonym for the European race to catch up in the global race for technological leadership, especially with the USA and China. But this does not yet define what digital sovereignty should include. At the last digital summit of the federal government at the end of 2020, Chancellor Angela Merkel put it this way: “In principle, Europe must be able to do anything” - in other words, Europe must be independent without restrictions. The Minister of State for Digitization, Dorothee Bär, has restricted something: “For me, digital sovereignty means that we go our own European path in digitization and want to shape the digital transformation (...) in a self-determined manner. It's not (...) about doing everything in Europe yourself. It's about deciding confidently in which areas we want to be independent and where we have to invest. "

In the context of the political discussion about how the competitiveness of banks and FinTechs in Europe can be secured, the debate on digital sovereignty has already found its expression in the regulation of the European financial sector. Legislative initiatives such as DORA and MiCA, DSA and DMA show the efforts of politics to strengthen the digital sovereignty of the European business location and financial center. But the European GAIA-X initiative for an open data infrastructure initiated by the German government also points in this direction. And yet Europe has a long way to go if it wants to secure its digital sovereignty. Some data and figures make this clear: China has been working on a digital central bank currency since 2015, Google dominates almost the entire European market for search engines and the vast majority of European Internet users are daily active on Facebook - together with its two other services WhatsApp and Instagram is The Facebook group is already an indispensable part of the life of many Europeans.

It will be crucial to strengthen Europe's digital sovereignty while at the same time ensuring that open and flexible economic activities are not endangered in a globalized world. The goal of regaining technological self-determination must not ignore the fact that we live in a networked world and benefit from this networked world. In other words: In a globalized world where there is a high division of labor, complete digital sovereignty will not be achievable; a balancing act is necessary. In the following we therefore show ways to a balanced digital sovereignty of Europe and at the same time present the demands of the banking association, which are specifically related to the financial sector and which are dedicated to this goal.

3 What is digital sovereignty?

3.1 Origin of the term

With the concept of digital sovereignty, the claim has recently emerged to achieve European leadership and strategic autonomy in the digital area. The term describes the ability of Europe to act independently in the digital world and to use protective mechanisms as well as aggressive instruments to promote digital innovations.

A report by the European Commission on media sovereignty (from March 2019) [1] highlights that the power of global technology companies that put data collection and analysis at the center of their strategy and do not always follow European rules and values , represents a major political challenge for Europe. In 2019, the European Parliament also expressed deep concern about the security threats associated with China's growing technological presence in the EU and called for possible action at EU level to reduce Europe's dependency.

What does this mean in concrete terms for the concept of “digital sovereignty”? Which areas have to be defined and which level of competence and autonomy should be achieved so that one can speak of digital sovereignty? In the summer of 2020, the Bertelsmann Foundation stated in an article that "digital sovereignty" is defined differently, and has attempted to define it itself:

"Digital sovereignty is the ability of an entity to decide for itself about the future design of established dependencies in digitization and to have the necessary authorizations." [2]

From our point of view, it is important that digital sovereignty in the sense of an individual's ability to make decisions and act must not only be based on an analysis of the present. In considering how critical and indispensable a service, product or industry is, future developments and the overall global context must also be taken into account.

The Karlsruhe Institute of Technology (KIT), together with the Fraunhofer Society, put forward theses on the digital sovereignty of Europe and differentiated the term [3]. A distinction is made between four dimensions of digital sovereignty:

  • Infrastructure sovereignty: the ability to establish technical infrastructures in a trustworthy manner or to check their trustworthiness and to operate them in such a way that the services offered on them can be trustworthy.
  • Data sovereignty: the ability to make informed and self-determined decisions about how and by whom information about one's own person or institution, one's own actions or products is collected, processed and passed on.
  • Decision-making sovereignty: the possibility to understand the origins and reasons for decisions and recommendations for action of autonomous systems and assistants and to influence them if necessary through human intervention.
  • Platform sovereignty: Arises when the market power of large players in a platform economy is limited by regulation and conscious customer decisions to a level that enables fair competition.

If European competences and common goods are discussed on the basis of these dimensions of sovereignty, it becomes clear that the EU member states can only be successful in each of these four areas if they work together. This is also clear from the example of the financial sector.

3.2 Importance for the financial sector

The digital sovereignty of Europe is of considerable importance for the innovative capacity of European companies and organizations. Both the supplier and the user side must be taken into account, since users of IT services and users of digital technologies that are critical to success depend on the fact that there is sufficient competition on the supplier side. As users of a large number of IT services, banks have also felt this for years. The establishment of a competitive European IT provider landscape, prominent in the cloud sector, and active funding of European IT cooperation projects, such as the German government's GAIA-X initiative to create an open data infrastructure, are of great importance. These initiatives pay attention to the dimension of the Infrastructure sovereignty a.

This is linked to the expansion of secure technological infrastructures (e.g. 5G) and a digital euro. Although Europe has a sovereign and efficient payment infrastructure with payment transactions based on the SEPA standard, this is threatened by initiatives such as the Facebook foundation “Libra” (now renamed to “Diem”). In order to introduce a programmable euro and thus meet the needs of industry in the Internet of Things (IoT), a high-performance telecommunications network is again essential. On top of that, real digital infrastructure sovereignty can only be achieved through strong European competence in the field of cybersecurity, as this will dominate the security policy issues of the future.

The core of value creation in the digital economy as well as a strategic production and competitive factor are data. The finance industry supports the principle of Data sovereignty with the Europe-wide opening of interfaces in payment transactions since the entry into force of the second EU Payment Services Directive, PSD2 for short. However, this opening is now one-sided and limited to the financial sector. An interface opening must now be enforced for all industries such as large technology companies, because the promotion of cross-industry data exchange is elementary for European data sovereignty. This includes the free choice of customers about the storage, processing, access and use of their data at any time. This would enable banks, among other things, to better satisfy customer needs and to modernize and thus significantly improve their risk management.

The Decision-making sovereignty in the digital world increasingly depends on competencies in the field of artificial intelligence. Entire business models and even government action are based more and more on the evaluation of huge amounts of data using complicated algorithms. The COVID-19 pandemic already showed that decisions based on the use of advanced AI systems can mean great advantages in combating pandemics. [4] The USA and China in particular are taking the lead in research and development on artificial intelligence. A lack of European skills in this area can have devastating consequences for Europe's sovereignty, as technologies have to be bought blindly without real testing opportunities. Even today, complete tracing of every decision when using advanced AI methods, such as neural networks, may no longer be possible in all cases. The ability to understand the origins and justifications for decisions and recommendations for action of autonomous systems and, if necessary, to influence them, is important for individuals as well as for companies and industries. Here one has to act with a sense of proportion in order to enforce decision-making sovereignty against large US and Chinese technology companies and at the same time to avoid excessive regulation for European providers such as banks.

In the sense of the Platform sovereignty Market distortions resulting from the gatekeeper function of the large online platforms must be countered: with more modern regulation of digital services and new competition law. Banks are particularly affected here, as in some business areas they are already in competition with large online platforms, but at the same time are dependent on cooperation with them, such as the expansion of cloud solutions in bank IT. Especially when it comes to acquiring new customers, banks are increasingly dependent on platforms; the customer journey usually begins with providers such as Google. The banks are left behind here because they are gradually losing the customer interfaces. A digital European identity network as a public-private partnership between all industries and governments could provide a counterpoint to the solutions of large platforms in the area of ​​“identification”. However, even with existing customers, an enormous dependency and the loss of customer interfaces can be observed, as the examples Apple Pay, Samsung Pay, Google Pay show.

In principle, digital sovereignty should not be achieved by copying what already exists from other countries, but rather through own, future-oriented accents that build on a European path. This European path should be shaped by values ​​and standards such as trust, openness, a high level of data protection and smart governance. But we don't have much time: Digitization is not subject to a linear innovation process, it is exponential, and quick action should be the top priority.

In the following we present the specific political demands of the private banks, which were formulated with the intention of moving Europe forward on the way to digital sovereignty.

4 Political demands to strengthen Europe's digital sovereignty

4.1 Create fair conditions in digital competition

  • The increasing concentration of economic power in large online platforms that act as gatekeepers of the digital economy is distorting the European digital single market and global competition. Online platforms can use their economies of scale, network effects and databases to continuously improve their services and to penetrate ever more business areas. At the same time, the “winner takes it all” effect results in the problem that existing or potential competitors and newcomers in many cases have no way of gaining the gatekeeper's competitive edge.
     
  • In some business areas banks are already competing with large online platforms, in others they are dependent on cooperation with them.As the gatekeeper role of large online platforms could put banks in danger of losing their direct customer access to these platforms, some of them decide to adapt platform-based business models themselves. A differentiation between gatekeeper platforms and young, innovative platform models is therefore important. It must be made easier for banks in particular to operate technology developments and new business models in other corporate divisions far removed from the traditional banking business in order to maintain a long-term competitive European financial sector.
     
  • We consider some business practices of large online platforms to be particularly problematic, including the “Take it or leave it” approach, which means that gatekeepers often completely rule out negotiations or compromises in their business relationships. In this context, it is important that large gatekeeper platforms should not be able to restrict access to the technical infrastructures of their platforms, for example by limiting access to the NFC interface for third-party applications in the financial services sector. Large gatekeeper platforms should also be required to be more transparent about data and to share data with their customers (i.e. companies / banks).
     
  • We support the goal of maintaining fair and competitive markets. Because competition promotes innovation and benefits consumers. Competition increases companies' willingness to innovate. At the same time, functioning competition prevents the emergence or consolidation of too strong a position of social and political power. Consumers in particular benefit from a competitively organized market because they can choose from a wide range of goods and services that most closely match their expectations in terms of quality and price.
    • The proposal for the Digital Markets Act recently submitted by the EU Commission is a step in the right direction in this context, as it addresses the negative consequences of the behavior of very large online platforms (so-called gatekeepers) - i.e. search engines, social Networks or online marketplaces - surrender. The proposal aims to close loopholes in the regulation of gatekeepers and to enable enforcement measures to maintain competitive markets. The private banks welcome the clear limitation of the scope of these rules to very large online platforms with clearly defined quantitative thresholds as well as the clear do's and don'ts. The regulations of the Digital Markets Act must now be implemented as quickly as possible in European competition.
    • In Germany, at the beginning of the year, with the 10th amendment to the GWB, the legislature introduced significant changes to national competition law that respond appropriately to the increasing importance of digital and platform companies. These are in particular the inclusion of intermediation power as a criterion for determining a dominant market position, the new regulation of the right of access to essential infrastructures, obligations of conduct for "companies with paramount cross-market importance for competition" as well as the antitrust evaluation of cooperations by the cartel office upon request. We welcome these changes.
       
  • A uniform digital EU internal market is the basis for competitive and dynamic market development for digital services within the EU. The existing legal fragmentation of the EU digital single market should be reduced in order to improve opportunities for innovation and deepen the single market for digital services.
    • Banks are faced with a fragmentation of regulation, supervision and responsibilities of different authorities in the EU single market in many areas. Analogous to the demands of the banks for a capital markets union in the EU, a digital single market is of great relevance for the increasingly digital services of the banks.
    • In the EU authorities, a much deeper level of competence must be built up in the area of ​​"digital services" and, above all, technical know-how must be acquired.

4.2 Promote cloud banking in Europe

  • A technological paradigm shift has been taking place in the IT of many banks for several years. In view of the ever faster change in industries and customer needs, a flexible and high-performance IT infrastructure has become vital. Driven by digital competition and changed customer behavior, agility, customer focus and cost efficiency must be increased step-by-step with reduced time-to-market.
    • The foundation for this is the cloud as the technological basis for modern analytics solutions, artificial intelligence applications, big data, micro services and API connections. The target image of the bank's IT architecture usually results in a hybrid mix of traditional IT systems and cloud applications.
    • The targeted migration of the bank infrastructure from local systems to the cloud is an important component in securing the competitiveness of the bank of the future.
       
  • However, regulatory challenges often make it difficult to implement cloud projects quickly, efficiently and in accordance with the rules. The interpretation of the existing regulations and their supervision are not yet sufficiently adapted to the rapidly increasing use of the cloud in banks. At the same time, in new regulatory projects, such as recently with the DORA (Digital Operational Resilience Act), there are also proposals that hinder the banks' cloud journey and could have negative effects on the range of cloud services or their prices. In our opinion, some adjustments are necessary to change this. Here regulators and supervisory authorities are called upon to actively participate as supporters of an innovative financial sector in removing practical hurdles to the broader use of cloud technologies in banks.
     
  • We advocate EU-wide, uniform rules and the establishment of standards. The regulation and supervision of cloud outsourcing should always be based on a risk-based approach. The basis for this has already been created by the existing regulation [5]. Together with the European Banking Federation (EBF), the European banks have published several technical position papers [6] on these demands, which are intended to take an educational approach and encourage discussion.
    • A common understanding of the risks and available controls for cloud services is essential. The assessment of the risk dimension should be based on uniform criteria, such as the degree of transfer of responsibility and the importance of the outsourced data and functions.
    • The requirements for reporting to supervisory authorities and exit strategies (e.g. business continuity in the event of termination by the outsourcing user or significant service failure, etc.) must be clear and uniform across Europe.
       
  • There is currently a concentration on a few, very large global cloud infrastructure providers. In order to minimize the resulting dependencies, cross-industry standards should be supported that ensure the fundamental transferability of data between cloud providers. With this goal in mind, SWIPO [7] (Switching Cloud Providers and Porting Data) was founded in 2020 as an association of various stakeholders with the support of the European Commission. The initiative has developed a code of conduct to prevent vendor lock-in. In addition, the supervision of cloud providers under discussion should not have any negative effects on the use of cloud services by banks.
     
  • The GAIA-X initiative initiated by the federal government could be another means of making the cloud market more transparent and thereby increasing the number of cloud providers. We welcome the initiative and are actively involved in the finance domain and in the “Financial Big Data Cluster” funding project. However, GAIA-X will not replace the established cloud providers, but will serve as an additional alternative in the market.
    • The European finance and insurance community in GAIA-X has agreed on "Compliance by Design" as a core requirement. This means that all services provided with the GAIA-X label must already comply with the financial market regulation when they are published, i.e. ex ante.
    • The broad support and involvement of relevant departments and supervisory authorities must take place in GAIA-X right from the development phase. In this way, GAIA-X could ultimately also help ensure that cloud regulation takes better account of the requirements of the financial sector.

4.3 Promotion of the data economy by creating a cross-sector data framework

  • Data is the core of all value creation processes in the digital economy and is therefore a strategic production and competitive factor; they make a significant contribution to the economic success of companies and economies.
     
  • In international competition between locations, a European data economy opens up the opportunity to decisively strengthen the continent's competitiveness through data-driven innovations.
     
  • Access to data and the possibility of reusing it are decisive success factors and contribute to Europe's digital sovereignty.
     
  • The framework conditions of a data economy must give all market participants equal opportunities, promote the sharing of data under fair conditions and at the same time protect personal data and trade secrets.
     
  • The current legal framework creates asymmetries in which some companies - especially established technology groups - act as data gatekeepers, whereas banks have to allow access to their customer data unilaterally. There is a lack of reciprocity, which has a negative impact on Europe's digital sovereignty.
     
  • In view of the increasing market penetration and diversification of non-European technology groups and platform companies, sector-specific approaches could further increase the imbalances. A cross-industry data exchange framework could counteract this.
     
  • From the perspective of the banking association, a European legal framework is required that enables data to be exchanged across different companies and industries:
    • Regarding personal data Companies in all industries should be obliged to share the data provided by a person in real time via standard mechanisms if the person concerned so wishes. This could operationalize the existing right to data portability according to GDPR and lead to new services and added customer value.
    • In addition, data cooperations must be exchanged non-personal Data are facilitated, among other things, by creating more legal certainty (e.g. with regard to anonymization). Such collaborations, for example in the form of data pooling, are an essential success factor in order to gain new knowledge from the analysis of a wide variety of data and to develop the potential of artificial intelligence and machine learning for research and the economy in Europe.
    • There should also be access to Public sector data be consistently promoted. In addition to the establishment of standardized electronic access options, the consolidation of the access points in the public sector is desirable in order to reduce transaction costs and to ensure that the data is used as widely as possible.
    • The EU Commission as part of the Data Governance Regulation The proposed instruments to promote data availability and use, in particular by increasing trust in data intermediaries via a statutory registration and supervisory framework, can provide additional impetus. But they alone should not be enough to make a European data economy a reality.

4.4 Developing cybersecurity competencies

  • The risk of cyber incidents has increased in recent years. This is due in particular to technological developments and the stronger networking of companies, but also to the increasing professionalization of cyber criminals and attackers. It is not for nothing that cyber attacks are seen as the greatest operational risk in the financial sector today. Accordingly, it is absolutely essential to consistently pursue the path we have chosen to steadily improve Europe's cyber resilience.
     
  • With the regulation on the operational stability of digital systems in the financial sector (Digital Operational Resilience Act - DORA), the European Commission has now presented a proposal for the harmonization of IT (security) regulation in the financial sector. This coordination or harmonization of the regulatory requirements is absolutely necessary in order to create synergy effects and increases in effectiveness in the security architectures of banks and to strengthen cyber resilience in Europe. In addition, this means that disproportionate effort, double burdens and uncertainties in view of today's diverging requirements must be eliminated. The resources released as a result, in turn, strengthen the banks in expanding their own cyber defense measures and response options.
     
  • European IT experts are more in demand than ever before for the tasks ahead. Their education and training or their availability on the market is one of the main challenges nowadays. Studies [8] currently show a deficit of almost 170,000 experts for Europe alone - estimates are 350,000 for the year 2022. This has a negative effect on the level of security in companies. But with digitization, which is currently accelerating significantly, IT and information security must not be neglected. It is therefore imperative to invest in training IT professionals.
     
  • In addition, cross-company and cross-sector networking of cybersecurity officers is essential. The interweaving of state and private security incident and response teams is an essential prerequisite for being able to cope with possible major incidents. Identifying and assessing incidents and, if necessary, responding to a crisis are a joint task in cybersecurity and must also be managed as such.
     
  • In addition, the future effects of quantum computers on the security of the cryptographic security procedures currently in use should be pointed out. In order to be able to protect themselves against cyber attacks with the help of quantum computers in the future, companies, the security industry and relevant national and supranational authorities must pull together and design suitable solution concepts and implement them in good time. Only then can the advantages and potential of the new technology be used sensibly, the security risks recognized and counteracted efficiently.
     
  • The European direction will undoubtedly also have an impact on how cybersecurity issues are addressed at the global level. In the end, coordinated measures and joint efforts by politicians, regulators, central banks and the financial industry are required. Collective measures taken by governments to deter malicious cyber activities directed against financial institutions, such as international standards and diplomatic processes to increase cyber stability, should also be examined.

4.5 Introduction of a programmable euro

  • Distributed ledger technology (DLT) and smart contracts will fundamentally change economic processes in many areas of all industries. However, they will only be able to develop their full potential if payment processes are also integrated into smart contracts. This can only be done efficiently and without system disruption with programmable money on a DLT.
     
  • The availability of a programmable form of the euro will therefore have a say in the international competitiveness of companies in Germany and Europe in the competition between Europe and Asia and North America. The discussion about Libra / Diem has therefore given an important impetus to the discussion about the design of the global monetary and currency order for the digital age.
     
  • However, new forms of money based on DLT must be integrated into the monetary and currency order in such a way that their Stability and resilience are not endangered.
     
  • The characteristics of the two-tier banking system should also be reflected in the new forms of money. With a digital euro, the ECB should maintain the basic function of central bank money, guarantee the stability of other forms of money, such as bank money, and thereby enable the development and diversity of forms of money.
     
  • The private banks are faced with the task of developing deposit money into a programmable form of money, the deposit token.
     
  • The private banks propose a three-step approach in front:
    • A Adaptation of the existing payment system in Europe to the challenges of digitization, in particular an improvement and optimization of TIPS and EPI.
    • Bundling the strengths of the German and European banking industry to design and issue one Tokens based on bank money (Deposit token). A joint solution based on private law agreements is required because this is the only way to guarantee the interoperability and convertibility of the tokens created by individual banks. Support through European regulation for the creation of standards - analogous to SEPA / PSDII - should promote this process.
    • Advancing efforts to achieve that Making central bank digital money (CBDC) available to the general public. Great care must be taken to ensure that the functionality of the existing financial system, including the banks, is not damaged. It will be particularly important that CBDC can only be accessed through the banking system. This is one of the prerequisites for minimizing the risks of CBDC - namely disintermediation and bank run.
    • In any case, all efforts with a view to "time-to-market" must be intensified in order not to lose touch with the discussion through reactive behavior and to no longer be able to help shape the future target.
       
  • It goes without saying that it must be ensured that the forms of money emerging around the world on a DLT basis are internationally convertible. This requires coordinated international regulatory measures. Experience from the financial crisis has shown, however, that this is very time-consuming and that the international consensus can become fragile very quickly.

4.6 Creation of a digital ID ecosystem

  • For digital business transactions, we need easy-to-use, secure, legally recognized and reusable digital identities. These are currently not available.
     
  • In order to help digital identities to break through and to overcome existing barriers (e.g. insufficient distribution), we are committed to the creation of a national and, in the second stage, European ID ecosystem.
     
  • A digital ID ecosystem promises the smooth exchange of identity data and features of natural and legal persons and possibly also of things ("Internet of Things") - and this across different industries and use cases in the private and public sectors.
     
  • The prerequisite for this is that the jungle of different legal requirements and supervisory practices on identification is removed, within the EU and with a view to the various sectors (banks and other parties subject to money laundering law, trust services, telecommunications providers, public sector). Otherwise, depending on the location, there is a risk of individual European providers being placed at a disadvantage compared to their EU competitors, as is currently the case with German trust services, for example.
     
  • Banks are legally obliged to identify customers and are therefore very interested in using reliable digital identities for their customer processes. At the same time, they can bring high-quality and reliable identity data of their customers in the broader sense (e.g. ID data, proof of income, account data) into an ecosystem.
     
  • The lack of availability of widely usable, qualified digital identities in Germany today can - at least temporarily - be compensated for by better reusability of verified customer identities that were collected, for example, by banks as part of the know-your-customer process.
     
  • In terms of the digital sovereignty of the individual, it is important to give all citizens the opportunity to decide for themselves how their data is used. This applies first and foremost to data that directly affect one's own identity. Consumers should have transparency about it at all times and it should be in their own hands to whom they provide their identity data and for what purposes.
     
  • One solution for this is provided by digital self-determined identities or self-sovereign identities ("SSI" for short), in which citizens manage their own identity data themselves and, if necessary, release it for use by a third party, for example when establishing a contractual relationship or using a service. Only the users themselves know all of their identity data and decide for themselves with whom this data is shared.
     
  • We therefore welcome the Federal Government's latest initiative for a European ecosystem of digital identities based on an SSI approach and share the assessment that such an ecosystem can only be achieved within the framework of close cooperation between the private sector and the public sector (institutions and authorities).
     
  • Together with its members (banks and FinTechs), the banking association has developed proposals on how such an ecosystem can become a reality and published it in a separate position paper "Digital identities - steps on the way to an ID ecosystem".

[1] https://ec.europa.eu/info/sites/info/files/guillaume_klossa_report_final.pdf, accessed on March 10, 2021

[2] https://www.bertelsmann-stiftung.de/fileadmin/files/BSt/Publikationen/GrauePublikationen/Digitale_Souveraenitaet_in_der_EU_Policy_Brief_BSt_EZ_European_Public_Goods_DE.pdf, accessed on December 8, 2020

[3] https://www.fzi.de/fileadmin/user_upload/PDF/2017-10-30_KA-Thesen-Digitale-Souveraenitaet-Europas_Web.pdf, accessed on December 8, 2020

[4] https://thediplomat.com/2020/12/covid-19-underscores-the-benefits-of-south-koreas-artificial-intelligence-push/, accessed on March 10, 2021

[5] https://www.eba.europa.eu/documents/10180/2761380/EBA+revised+Guidelines+on+outsourcing_DE.pdf/5546a705-bff2-43eb-b382-e5c7bed3a2bc, accessed on March 10, 2021

[6] https://www.ebf.eu/priorities/cybersecurity-innovation/cloudbanking/, accessed on December 21, 2020

[7] https://swipo.eu/, accessed on December 21, 2020

[8] Cybersecurity Workforce Study from 2020 and 2018; Trend Micro 2019 Cyber ​​Security Study