All Europeans must benefit from the emerging Information Society.  The eEurope initiative is important to this goal.

Smart cards empower people. They facilitate secure access to services and are a vital element in building trust and confidence.

Smart cards together with the needed infrastructure, supported by policy and legislation, provide the means to protect the privacy and the confidentiality of Citizens that are of paramount importance for the acceptance of electronic services.

Their wide use in Europe is already a strength for the Union, but the market is fragmented between countries and sectors. Further efforts are needed to accelerate, consolidate and harmonise their uses and usage across the Union and in the countries negotiating accession to it. The results will take advantage of existing standardisation work and legislation like the European directives on electronic signature and on data protection. It is crucial to include mobile solutions in a coherent way, supporting all aspects of security.

Efforts must be business-led and will require closer co-operation across business sectors and between countries.

The participants agreed to set up a high-level Task Force to initiate and support common developments in the deployment of smart cards in the European Union. The Task Force will build on existing activities and convene working groups such as mobile, e-business, and security & trust. This will co-ordinate and review developments, and report on them in April 2001 and April 2002.

 

 

We will welcome and encourage the widest possible participation from the private and public sectors in working groups addressing the specific developments listed in the Draft Action Plan attached to this Charter.

The results of their work will be open to all interested parties.

We invite Member State Governments, in parallel with our efforts, to consolidate harmonise and synchronise their public procurement specifications and timetables for smart card infrastructures in areas such as health care and public transport.

We also invite them to act quickly to ensure a consistent regulation framework in Europe for electronic signature recognition and for secure electronic payments of all sizes.

Finally, we call on all standardisation bodies, both those with formal institutional recognition, and those set up by the business community, to consolidate and rationalise their work. Better synergy between them and less duplication of work is essential to more cost-effective and faster progress towards greater interoperability and faster market development.

 

 

Annex to the Smart Card Charter:

 

The Way Forward: Breaking Barriers

 

There is no single response to the issues identified in this Charter. The actors within the various sectors have in their hands most of the tools allowing the harmonisation of smart card based infrastructures across industrial/administrative sectors and stimulating the inter-sector cooperation. Actions and initiatives to elaborate stable common technical specifications and standards should take into account the existence and activities of various consensus-building and standardisation organisations, working on the basis of openness and transparency and involving all interested parties committed to their application and use. This co-operation will complemented by proactive public (e.g. legal initiative, R&D funding) or private initiatives.

Standardisation organisations[i] are the major force for bringing the issues to a successful conclusion, whereas consensus building could take place in a variety of groups. To this effect, it is recommended to set-up a European chip card Task Force for the coordination of the development of the Common Specifications by the end of 2000, and later promoting the concept and supporting their implementation and acceptance. This task force would also play a key role in the implementation of the security policy.

Public procurement should also be seen as an important instrument to promote this secure access technology.

Finally, cooperation with the other actions of eEurope will be sought (eg. Accelerating  E-Commerce, eParticipation for the disabled , Healthcare online, Intelligent transport, Government online) and the co-ordination of R&D efforts will be further strengthened.

1.     Building Trust

A.     To develop a common set of scalable security requirements and relevant protection profiles for hardware devices (cards and all kinds of card accepting devices).

The proposed approach involves all players (manufactures, procurers, users, standardisation, etc) with the aim to agree, in a swift action, upon adequate level of security for cards and acceptance environments, in relation to the different application contexts. Critical to this goal will be the establishment of an agreed road-map of future security requirements - by the autumn of 2000.

B.     To define common, workable, affordable and timely security certification procedures and infrastructures for the security certification of products/devices and acceptance environments.

The Member States are invited to discuss and agree on common procedures for security certification and mutual recognition of certificates. Such procedures should be internationally recognised and extensible in order to embrace, with limited extra-costs, all stages of the development life-cycle of products/devices - by the mid of 2002.

C.     To agree on a common or interoperable technical specifications for Identification and Authentication infrastructures and services across Europe (eg. PKI).

A public / private dialogue should be stimulated in order to create minimum level schemes to support interoperation and integration of Identification and Authentication processes and policies. To ensure a comparable quality and for the sake of an interoperable use a common data format, common protocols for identification and authentication, common functionality and security policy shall be achieved.- by the end of 2000.

D.     To support the full liberalisation of the intra-community trade and use of cryptographic products and encryption.

Legislative actions at a European level to ensure free circulation of cryptographic products and use of encryption are needed.  Otherwise, at minimum common licensing procedures should be established - by the end of 2001.

E.      To ensure transparent and fair cost conditions of use of smart card infrastructures.

The operators will ensure (eg. by codes of conduct) an appropriate level of detail on costs incurred using a given infrastructure, especially for interoperable European wide applications. - by the end of 2000 for the existing infrastructures.

F.      To ensure citizen trust in the protection and use of personal data.

Citizens must be able to make an informed choice about the use of their personal data. Therefore, operators will increase efforts to use smart cards as a data protection device. Where appropriate the existing legislation on data protection will be complemented by codes of conduct.

 

1.     Enhancing Usability

 

A.     To ensure an easy access to smart card based infrastructures by designing it for all, including disadvantaged groups. To ensure, on the terminal, an overall interface consistency, the adaptation of the interface to the user preferences, a global consistency of the operation, in one word: user-friendliness.

A general commitment to contribute to implementation of usability standards (eg. EN-1332, Distinct ID, …) is granted.

Operators, manufacturers and standardisation bodies will assess the state of the art and draw a roadmap for further action (increasing standard coverage, agreement on style guides, launch of pilot projects, promotion of the usage of the “design for all” principles, ….) – by the end of 2000.

B.     To ensure coherent use of contact and contact-less cards.

This action aims at defining the technical solutions required by contact-less cards in order to reach industrial maturity and to complete their standardisation.

Industry, together with the operators and the users, will identify additional standardisation work needed to complete the standards and enable genuine interoperability to invite the standardisation bodies to strengthen their work in that field to obtain comprehensive standards - by mid-2001.

C.     To devise the appropriate mechanisms for seamless use of multi-application cards and terminals to optimise their utilisation.

This includes card management, application management, application inter-working, synchronisation of back end data, definition of a European multi-application file structure, standardised secured application loading, recognition, selection, activation, deactivation and deletion mechanisms, branding. This also may include the definition of common building blocks for specific lower level functions. Multi-application equally concerns the card and the card acceptance devices.

The proposed approach involves all players (manufactures, operators, users, standardisation, etc) with the aim to agree upon a global specification for multi-application cards and acceptance devices, in relation to the different application contexts. Critical to this goal will be the establishment of an agreed road-map - by mid-2001.

Industry will lead work to develop the above specifications where needed - by mid-2001.

 

1.     Improving Access

 

A.     To broaden access to services to the widest range of smart card terminals in different locations in different countries.

Operators, with the involvement of citizens and standardisation organisations, will devise a framework to allow for interoperability between card  terminals by defining standard levels for service access (e.g. generic service level agreement, rules for reciprocity between operators) - by the end of 2000.

B.     To ensure smart cards can be used as an easy and secure way to access digital applications and services from a wide range of terminals[ii] using existing standards[iii].

Improved Internet access includes at least the use of secure home terminals or wireless devices and specifications for a naming scheme to identify a card on the network, for standardised certificates to authenticate cardholders and merchants, for secure information exchange using smart cards as a storage medium for the keys and certificates, for performing secure authentication and transaction functions.

The proposed approach involves all players (manufactures, operators, users, standardisation, etc) with the aim to agree upon an adequate framework - by the end of 2000

C.     To reduce the risk of fragmentation of the access to mobile commerce by calling for a dialogue between the telecommunication industry and finance.

The proposed approach involves all players (manufactures, operators, users, standardisation bodies, etc) with the aim to agree upon an adequate framework to leverage the business opportunities in the field of mobile commerce- by mid-2001.

D.     To ensure reliable and efficient smart card based electronic payments and best use of the existing infrastructure.

There is a predominant conviction that the requirements of the financial sector will be addressed by the implementation of EMV, CEPS, FINREAD and similar specifications.

Payment and financial operators, other operators, standardisation bodies and citizen will undertake - by the summer of 2000 to allow non financial applications to benefit from these concepts with the objective to guarantee the following: fair commercial access to all types of merchants everywhere in Europe, the compatibility of all EMV implementations to ensure interoperability at terminal level, to accelerate the implementation by the financial institutions, the readiness of the standard owners to embrace the requirements of special sectors (e.g. public transport or health care) and to incorporate those into an open standard– by the end of 2000.

 

1.     Deploying Applications & Services

 

A.     To provide support as necessary to enable public sector applications to develop and flourish.

To foster the implementation of government applications using smart cards, materialising and validating the developments (standards, laws,..), through the launch of large scale projects (not just pilots) at national and European levels.

1.      Definition, rationalisation and implementation of a European model for digitally performed procedure employing smart cards for interfacing the public administrations. This is relevant for citizen gaining access to administrative documents (birth documents, marriages,…) and for automation of administrative procedures (VAT, social rights,…) through the Internet.

2.      Definition and implementation of a European model for secure public procurement over the Internet.  

A.     To define common requirements for major public services starting up with Public Transport (by the end of 2000) and Health Care (by the end of 2001).

B.     To exchange experiences and define common requirements regarding the deployment of smart cards for  electronic identification and digital signature (eg. Finland, Italy, The Netherlands, Sweden), by the end of 2001.

C.     The successful deployment of a wealth of applications and services will ultimately be the measure as to whether smart card technology fulfils its potential and makes its due contribution to ensuring that the citizen benefits from the information society.
Therefore there is a need to continuously monitor the success of the roll out of applications and services to identify unresolved problems in the practical exploitation of smart card technology.

D.     European strength would be to realise electronic communication on a wide front in cooperation with commerce, the banking sector and public administration, to produce versatile services that can facilitate the live of the citizen.