In 2017 the Bulgarian startup Evrotrust Technologies has launched a new generation solution for remote identification, remote issuing of qualified certificates and remote signing with qualified signature via smartphone. The company uses face recognition technology and verifications with different state registers to confirm the identity of the person issuing e-signature. The solution has the potential to make possible mass use of user friendly and cost effective remote services for identification, signing and secure delivery of messages and documents in the areas of banking, insurance, telecoms, e-commerce, as well as for e-government purposes.
The company has recently won the Raiffeisen acceleration program Elevator Lab in Bulgaria and has integrated its solution with several banks, telecom providers and governmental institutions. Evrotrust, which has been developing the solution for 3 years has registered capital of €300k and has received support of €500K is the first company to offer multi-use qualified trust services certified in Europe completely remotely and is now in negotiations with several European institutions. Konstantin Bezuhanov, CEO of Evrotrust, explains in an interview with Trending Topics why the company was invited to present infront of the European Commission and what’s the future of IDs.
Trending Topics: This September Evrotrust was invited to present its solution before the eGovernment and Trust unit at DG Connect at the EU Commission. What does this mean?
Konstantin Bezuhanov: We were invited by the division that is responsible for the legal and compliance framework that will bring the Digital Single Market concept to life. The idea they are currently working on is a no-border submission of identifications and documents for SMEs and corporations. The Commission sees our solution as a catalyser of the digital single market and their agenda. Apparently our technology is a great use case for remote e-identification which is an enabler for a real DSM. Later in September we are invited to present Evrotrust in front of a broader audience of stakeholders and experts working on the new guidelines for electronic identification. The hot topics at the moment are the Know-Your-Customer, Anti Money Laundry, PSD2 and GDPR requirements for highly regulated enterprises such as financial institutions, telecom providers etc.
Could those presentations and the participation of Evrotrust in front of the EC turn into a competitive advantage for the company? Yet as a private company you are participating in the creation of the legal framework you are supposed to operate within.
It’s rather the other way around. Thanks to the regulations that this division has already developed our solution is compliant in the whole EU. This automatically makes Evrotrust a very interesting pan-European player on the identification market. Once we are certified within one EU country, we could operate on the whole EU market. That’s the beauty of those regulations and they apply to any business. If we take the example of a bank – it would be able to sell products not only to the physical clients who come to the branches, but could also sell to anyone in the European Union. The new regulation, the way we developed the technology and the fact that it’s recognized in any EU country means that we could offer our service on any market and enable other businesses to do so. We already have business activities in Bulgaria, Romania, Macedonia, Austria.
Coming back to the question, the EC is working on a legal framework and is looking towards compliant solutions so there is security and transparency for both end customers and enterprises. That’s the idea of the regulations in itself and this is the reason for our participation in the meetings. For us on this stage being invited to present the solution only means a very strong validation from the people who create the framework of tomorrow.
What are the potentials of the Evrotrust technology?
So far the identification and trust services has been a very small market and the companies have been local based – 1-2 big local players. The reasons are thаt till now there were no regulations that would allow them to offer certification for more than the basic facts like qualified signatures and timestamps. On the other hand, the current technology is pretty unusable – as customer you need to go to an office, to wait for some time and than you get a USB stick with your certificates on it. We started with the idea to remove those burdens and put it all in the pocket of the customer. This opens up the opportunity for identification and trust services to be mass usable.
It’s applicable in cases for banks, telecoms where both sides need to have security for their data. To the customers we give the opportunity to sign anything digital from their smartphone or table – completely on the go. The businesses, on the other hand, also get more confirmations of facts. All this makes up a tool box for digital transformation. Speaking of use cases Evrotrust was developed to be used by enterprises, but we are also looking for solutions for startups and various digital companies. We are currently testing use cases such as carsharing, IoT and peer to peer platforms. Our goal is to offer a technology so usable that a our consumers would use it at least once a day – creating a scalable ecosystem for the enterprises.
Evrotrust is also working with governmental institutions. What is their use case?
Like private sector, the public one will also be able to offer all its services remotely. We already have use cases in Bulgaria, and also negotiations in other EU states. So far the main target has been eGovernment services offered to the citizens. It, of course, depends on the readiness of each and every state, when such a integration would be possible. For example in Austria over 90% of the services for citizens are digitalised, in Bulgaria the proportion is much lower but is growing very encouraging. In both cases Eurotrust could allow the same thing to the consumers and citizens. It a matter of state decision and we are there to support it.
Tech companies that get governmental tenders are traditionally doing well, but they are often criticized exactly because of this. On the other hand the solution seems to be something that public administration in EU needs almost urgently. What is your priority – public or private sector?
Both of them. Our model is different to any other identity provider,because it is specific and consumer centered. We are putting the end customer in the middle of all the identification and signing processes and our goal to have a one system that works for all and a customer doesn’t need to identigy multiple times in front of every single provider like the bank, the telecom or thepublic services. In other words, we are not willing to sell the solution to companies and authorities one by one. Once there is a critical mass of consumers using Evrotrust, companies and governmental structures will need to get on board.
Operating with so much personal data is a tricky thing. How do you deal with that?
The security measures are on very high level and national and international regulators make sure that it is so. Evortrust is officially certified as qualified trust service provider meeting all statutory requirements by the French conformity assessment body LSTI. We are constantly re-certifying and auditing the solution and our business processes to offer a truly secure place for our customer’s eIDs. We have also put a lot of effort on building security on highest level and everything going through our system is stored on blockchain.
It all sounds like very perspective business. How many companies are on this market and willing to disrupt it?
The market has been very limited because of the current technology. However, with the development of disruptive technologies, such as ours, the way of identification and the information deployment between companies and consumers has a very big potential to grow. On the identity provision market there are several players with interesting solutions. The ones who offer qualified e-signatures are under 150 in Europe, qualified electronic validations are offered by only seven companies, some of services, like those covered by the certificate for remote onboarding are offered only by Evrotrust as to our knowledge. We have a complete and inclusive solution, certifying many digital facts- from identification and signatures to time, delivery and many other. We are able to provide anyone – foreign citizen inclusive with the service. By the end of the year – new products for peer to peer proxy authorization will be launched. This means it would be then possible to get a proxy to represent someone remotely and online.
What are the next steps?
We see that services like this could be much more developed than just offering remote data. The identification of person is much more that what is written on ones ID so we want to go one step further and offer a personal place for the customer – the bank of digital ID. It is an exciting concept. Let’s take banks for example – you and me now have our money in the bank because its safe there, when we need them we have a bank card to use them. In tomorrow’s consumption we envision our identifications stored securely in a hub and you could access yours compeltely remotely with biometrics for example. The standards now are not eligible for tomorrow’s world – to send around pictures and scans of IDs and passports is not secure and not convenient as well. That’s our vision. I’m very confident that we will be able to have significant popularity in Europe with this new type of bank by the first quarter of 2020.