US and EU look for common ground on digital identity

batak1/Getty Images

The National Institute of Standards and Technology wants feedback on the EU-US Trade and Technology Council’s early attempt at mapping digital identity frameworks between the two entities.

The National Institute of Standards and Technology is looking for feedback on a new international draft report that will help the U.S. and European Union find common ground in digital identity practices. 

Jointly authored by a subgroup within the EU-US Trade and Technology Council, the draft version of the Digital Identity Mapping Exercise Report aims to help define specific technical terminology related to digital identity in a transatlantic setting. 

The draft document was released on December 22. It outlines both the U.S. and EU’s individual frameworks on digital identity, as established by the U.S. National Institute of Standards and Technology and the EU regulation on electronic identification.

“Trust, security, and usability of digital identities are of paramount importance to facilitate widespread adoption by individuals and organizations,” the document reads. “Strong transatlantic cooperation on emerging technologies and standardization can contribute to creating the conditions for meaningful strides in adoption to occur.”

Though the mapping exercise found “no major concepts that do not map to a companion concept,” one key distinction between both frameworks is how assurance levels are defined. These measure the confidence in identity authentication protocols when a given user is attempting to access the internet with a particular digital identity. In comparing both frameworks, some definitions, such as “authoritative source” and “authentication factor” are identical between the U.S. and EU, whereas others like “identity” and “signature” remain only partially matched.

While the goal of the Digital Identity Mapping Report is to establish a shared lexicon of terminology within which to operate, EU member countries will not be beholden to the U.S. and NIST’s formal guidance, and likewise, U.S. citizens will not need to adhere to EU guidelines. But the authors note that having both frameworks mirror each other to certain extents will promote secure transatlantic online access and facilitate the flow of digital goods and services. 

As a draft document, NIST is asking for commentary from communities with subject matter familiarity in areas such as digital identity, privacy, human-centered design, and cybersecurity, particularly in a cross-borders context. NIST anticipates publishing the final version of the document in 2024. Comments on the draft version will be accepted until 6 AM CET on March 1, 2024.