NBU's BankID system undergoes preliminary assessment for compliance with EU requirements
The National Bank of Ukraine (NBU) carried out a preliminary assessment of the NBU's BankID System for compliance with the requirements of the European regulation eIDAS, established in the EU for electronic identification schemes with a medium (substantial) level of trust.
This is stated in the message of the NBU, Ukrainian News Agency reports.
The preliminary assessment is the first important step on the way to bringing the BankID System of the NBU into full compliance with the requirements of the eIDAS regulation.
In the long term, this may become a starting point for the recognition of the BankID System as an electronic identification scheme that can be used in the EU, facilitating cross-border mobility and access of Ukrainian citizens to the services of EU providers.
The assessment was carried out by a consortium of companies headed by JSC "QMSCERT AUDITS-INSPECTIONS-CERTIFICATIONS S.A" (Greece, QMSCERT), with the support of USAID within the framework of the project "Investments for business sustainability".
Participants of the BankID System of the National Bank of Ukraine were included in the assessment of conformity - banks-identifiers, who took part in the questionnaire organized according to the QMSCERT methodology.
Based on the results of the assessment, QMSCERT identified a list of elements, the implementation of which will make it possible to ensure compliance of the NBU BanklD System with the eIDAS requirements established in the EU for electronic identification schemes with a medium (substantial) level of trust.
Among them, in particular:
- implementation and regulatory regulation within the system of elements inherent in electronic identification schemes, namely: definition of electronic identification services and means;
- implementation of the rules of use and the possibility of managing electronic identification means;
- specification of requirements for multifactor user authentication;
- implementation of plans for termination of participation in the electronic identification scheme for participating banks;
- conducting periodic audits of subscribers-identifiers;
- introduction and regular conduct of penetration tests (Penetration test);
- implementation and compliance with the lifecycle policy for cryptographic keys that subscribers use to encrypt personal data.
The implementation of these elements will contribute to strengthening the reliability, security and accessibility of the NBU BankID System, as well as its future registration with an electronic identification scheme with a medium (substantial) level of trust (in accordance with the Law of Ukraine "On Electronic Identification and Electronic Trust Services").
As Ukrainian News Agency earlier reported, eIDAS is Regulation of the European Parliament and Council (EU) No. 910/2014, which regulates electronic identification and trust services for electronic transactions on the EU market.
The Law of Ukraine "On Electronic Identification and Electronic Trust Services" implements eIDAS requirements in Ukraine.
The BankID system of the NBU is a national system of remote electronic identification and verification of users through banks, which enables users to confirm their identity electronically and receive public, financial and other services remotely.