About DC4EU

DC4EU will contribute to a new paradigm in identity, data, and the once-only principle to enable the citizens’ perspective.

The social security domain

DC4EU Objectives

The eIDAS trust framework is undoubtedly one of the pillars of the European Union, which has laid the foundations of identity and trust in the digital world. The revision of this framework extends its scope of competence beyond identity, encompassing the electronic attestation of attributes (EAA). Establishing the technical measures, processes, and procedures for establishing trust frameworks in sectoral areas will be crucial to the construction of a digital Europe.

In this sense, the Project “Digital Credential for Europe” (“DC4EU”) will focus on identifying and applying all these aspects in the Education field, focusing on the issuance of educational credentials and professional qualifications, and in the Social Security field by engaging in the execution of the portable document A1 (PDA1) and the European Health Insurance Card (EHIC).

The social security domain objectives

The increasing mobility of citizens in the EU is leading to organisational and technical challenges in ensuring the social security of persons exercising their right to free movement within the EU. All persons have in principle the same rights and obligations as the nationals of the country in which they reside or work after the change. To prove and protect one’s rights as an EU citizen in the context of free movement, various entitle documents are issued in the social security domain (e.g., Portable Documents, EHIC). Most of them are provided in paper which creates a variety of problems in daily practice:

The process of updating information is slow
The current formats are an extensive source of fraud and error
The processes of provision and validation are lacking flexibility in terms of when and where.
The process of verification is complex, time-consuming and error-prone.

Thus, the introduction and implementation of digital and decentralized concepts and solutions for the provision and verification of legal documents is essential.

The overall objective for WP6 – DC4EU Social Security is the design and implementation of a sustainable, reliable, and secure technical and business architecture for the issuing, updating, revocation and verification of electronic attestation of attributes (EAA) (“Digital credentials”) in social security coordination.

The solution will be based on the European Digital Identity Architecture and Reference Framework (ARF) which contains the European Digital Identity Wallet. Large Scale Pilots will be executed in a pre-production environment. DC4EU WP6 will contribute to the development of the EUDI Reference wallet capabilities to facilitate the implementation of an EUDI wallet in the member states, especially in the social security domain.

The use of “electronic Identification, Authentication and Trust Services” (EIDAS), the “European Blockchain Services Infrastructure” (EBSI) as well as other Service Layers will be the basis for trust and verification in this transnational exercise.

DC4EU WP 6 – Methodology

A sustainable solution can be seen as a combination of several products and trust services that enables users to securely request, obtain and store their social security information allowing them to access online services, share data about them and electronically sign/seal documents.

The ARF guarantees that security and privacy issues are solved through the EUDI wallet capabilities and different standard interfaces and protocols which allow the interactions with other products and services.

The preparation and execution of large-scale pilots for several business cases will be the basic instrument to design, test and implement a scalable architecture for social security coordination. Due to the organizational heterogeneity of the social security domain in Europe, the introduction of such an approach with the technologies and frameworks mentioned above requires a sequential approach to reach the level of maturity for moving into production.

The WP6 covers the key implementation activities for business centred testing and piloting of entitlement documents use cases (“Cross-Border Journeys”) on a large scale. All activities will rely on the EIDAS reference implementations, available EBSI infrastructure and implementations provided by DC4EU in pre-production environment.

The following business cases are selected for the large-scale piloting in Work Package 6:

Portable Document (“PDA1”) – Statement of applicable legislation. Useful to prove that you pay social contributions in another EU country – if you are a posted worker or work in several countries at the same time. Estimations based on numbers from the program “Electronic Exchange of social Security information (EESSI)” show a size of more than 2 million PDA1 documents yearly issued in Europe.

Electronic Health Insurance Card (“EHIC”) – This is a free card that provides every citizen with access to medically necessary government-provided healthcare during a temporary stay in one of the 27 EU countries, Iceland, Liechtenstein, Norway, and Switzerland, under the same conditions and at the same cost (free in some countries) as persons insured in that country. The services covered include, for example, services related to chronic or existing illnesses, as well as in connection with pregnancy and childbirth. Currently approx. 400 million EU citizens are equipped with an EHIC.

The piloting initiative will serve as a reference and best-practice for other documents in social security which could be issued as a verifiable credentials:

S1 – Certificate of entitlement to healthcare if you don’t live in the country where you are insured. Useful for posted workers, cross-border workers, pensioners and civil servants and their dependants.
S2 – Authorisation to obtain planned health treatment in another EU or EFTA country. You should be treated the same as a resident of that country – you may have to pay a percentage of the costs up front.
S3 – Certificate of entitlement to healthcare in your former country of employment. Useful for retired cross-border workers who are no longer insured in their former country of employment.
U1 – Statement of insurance periods to be taken into account when calculating an unemployment benefit.
U2 – Authorisation to continue receiving unemployment benefit while looking for a job in another country.
U3 – Circumstances likely to affect the entitlement to unemployment benefits. It informs the employment services of the country paying your benefits of changes in your situation which may lead to a revision of your benefit payments.
DA1 – Entitles you to receive medical treatment under special conditions reserved for accidents at work and occupational diseases in another EU country
P1 – The summary of pension decisions provides an overview of the decisions taken in your case by the various institutions in the EU countries from which you have claimed an old age, survivors, or invalidity pension.

The piloting initiative will provide feedback towards the ARF for including additional functionalities and services for the benefits of all business domains.

DC4EU WP 6 – The conceptual architecture for Social Security

A sustainable, secure and reliable architecture for social security coordination requires a combination of several products and trust services that enables the exchange of information between the following business roles involved: (1) Issuer of credentials (“Issuer”), (2) EU Citizen as receiver of credentials and (3) Relying Party (“Verifier”) as a receiver and reviewer of credentials (Fig. 1).

The ARF, as the basic framework for the architecture, guarantees that security and privacy issues are solved through the EUDI wallet capabilities and different standard interfaces and protocols.

All components allow the interactions with other products and services of the overall architecture:

Backend systems at the Issuer side and Gateways for providing credentials for the Citizen.
Mobile/Non-Mobile Applications at the Verifier side to receive and review credentials.
National EUDI wallet deployment
Onboarding of citizen using eID
Standard Services and Standard Protocols to Transfer Different Verifiable Credentials between Issuer, Citizen and Verifier
Verification services for Online Verification
Verification services for Offline Verification
Schema Registries and Verification Services for Schemas
Revocation Registries and Verification Services for Revocation
Issuer Registries and Verification Services for Issuers
Verifier Registries and Verification Services for Verifiers
Onboarding of Issuers
Onboarding of Verifiers

Fig 1: The conceptual architecture for the information exchange and verification processes related to verifiable credentials in DC4EU

The use of industry recognized Standards for verifiable credentials, their different (verifiable) presentations and the underlying protocols will guarantee interoperability and scalability.

Data models for the Verifiable Credentials and their (Verifiable) Presentations will be designed using the status as well as talking into account additional requirements, creating an added value for the business (e.g., person identification, identity mapping, verification).

DC4EU WP 6 – The Lifecycle of a Verifiable Credentials

The Architecture can be also described by the Life Cycle of W3C based Verifiable Credentials (Qualified Electronic Attestations of Attributes, “(Q)EAAs”) which are covered by the basic ARF specification. These (Q)EAAs Credentials represent the digital (or parts of it) EHIC and PDA1 as well as the eID for authentication and identification processes.

Fig.2: Lifecyle of Verifiable Credentials in Social Security Coordination

Working Tasks

Due to the organizational heterogeneity of the social security domain in Europe, the introduction of such technologies and frameworks requires a sequential approach to reach an operational level. Within the WP6, this approach will be conducted by performing 4 major tasks in an iterative manner following a business-driven approach:

6.1	The definition of the Business Blueprint (BBP)
6.1.1	Analysis Status Quo Issuing of EHIC
6.1.2	Analysis Status Quo Issuing of PDA1
6.1.3	Definition System Architecture
6.1.4	Definition Business Process for Issuing, Updating, Revocation and Verifying of EHIC Credentials
6.1.5	Definition Business Process for IIssuing, Updating, Revocation and Verifying of PDA1 Credentials
6.1.6	Data Model for EHIC credentials
6.1.7	Data Model for PDA1 credentials
6.1.8	Implementing RI-UseCase Specific: Issuing, Updating, Revocation and Verifiing of EHIC and PDA1
6.1.9	Implementing RI-Backend-Interfaces for EHIC-Issuers
6.1.10	Implementing RI-Backend-Interfaces for PDA1-Issuers
6.1.11	Implementing RI-Backend-Interfaces for EHIC-Verifiers
6.1.12	Implementing RI-Backend-Interfaces for PDA1-Verifiers
6.1.13	Provision of deliverables

6.2	The activities for Onboarding procedure. (Including trusted registries preliminary activities)
6.2.1	Definition of Onboarding Business Process for institutions EHIC case
6.2.2	Definition of Onboarding Business Process for institutions PDA1 case
6.2.3	Onboarding of institutions involved in the EHIC case
6.2.4	Onboarding of institutions involved in the PDA1 case
6.2.5	Provision of deliverables

6.3	The testing and piloting execution
6.3.1	Concept for Testing (Design, Layout)
6.3.2	Testing EIDAS, EBSI components and DC4EU reference implementation for EHIC credentials
6.3.3	Testing EIDAS, EBSI components and reference implementation for PDA1 credentials
6.3.4	Requirements engineering and DC4EU reference implementation development & User Support
6.3.5	Concept for Large Scale Pilot (Design, Layout and Marketing)
6.3.6	Pilots for issuing (Issue, Update, Revoice) EHIC credentials
6.3.7	Pilots for issuing (Issue, Update, Revoice) PDA1 credentials
6.3.8	Pilots for validating EHIC credentials
6.3.9	Pilots for validating PDA1 credentials
6.3.10	Provision of deliverables

6.4	Identification of opportunities and synergies
6.4.1	Alignment of Issues related to EHIC credentials
6.4.2	Alignment of Issues related to PDA1 credentials
6.4.3	Analyses of results concerning the piloting of EHIC credentials
6.4.4	Analyses of results concerning the piloting of PDA1 credentials
6.4.5	Provision of deliverables