LCubed AB

iGrant.io

iGrant.io (™), a platform owned and operated by LCubed AB, iGrant.io is a consented data exchange platform that enables access to the right data for businesses while complying with regulations.

Links

Website Transparency Register Profile

ID: 503277638298-41

Lobbying Activity

Response to Person identification data and electronic attestations of attributes issued to European Digital Identity Wallets

7 Sept 2024

The comments provided earlier (F3491039 and F3492347) also apply to this IA. Following is the additional feedback: Article 3 - Issuance of Person Identification Data to Wallet Units: Article 3(3): The IETF SD-JWT seems missing, and schema definitions for Legal Person Identification Data need to be present. Article 4 - Issuance of Electronic Attestations of Attributes to Wallet Units: Article 4(1): Missing OpenID4VCI and OpenID4VP protocol standards, which deviate from the ARF. This is crucial for the payment industry, and not supporting these standards is critical to the mainstream adoption of the EU digital identity wallet.

Read full response

Response to Functionalities and integrity of European Digital Identity Wallets

7 Sept 2024

Our comments from iGrant.io (Sweden) are in a separate attachment, as they exceed the 4000-character limit.

Read full response

Response to Protocols and interfaces to be supported by the European Digital Identity Wallets

3 Sept 2024

Article 2 (2): Clarify that the wallet provider may not supply the cryptographic device. For example, smartphones, which often serve as cryptographic devices, are typically not provided by the wallet provider. Article 2 (4): Clarify the scenario where a natural person can be a wallet provider. Article 2 (7): Replace "host" with "interact" to better describe the relationship within the framework. Article 2 (8): Clarify what constitutes an "asset" in the digital wallet. Providing examples like private keys and attestations can help. Suggested revision: Critical assets means information such as private keys, attestations, etc., that could put a wallet unit in a critical state if compromised, requiring protection against duplication and tampering. Article 2 (10): Distinguish the roles by introducing "Attestation Provider" for issuers while using "wallet relying party" exclusively for verifiers. Article 2 (11): Clarify the meaning of "access." If it implies that only a certified relying party can access data from a specific wallet, this could hinder interoperability. Article 2 (15): The constraint may not be feasible for LPID issuers. Article 3 (1)(c): The relying party, as the data controller, is already regulated under GDPR Article 17 and eIDAS 2.0 Art 5(a)(d)(ii). This article should focus on wallet instance logs, and the responsibility should not be on wallet providers. Wallet providers should only provide a mechanism for communication, not be part of the communication chain. Article 3 (1)(d): Clarify that the user, not the wallet provider, is responsible for reporting. Numbering Issue in Article 3: Articles 3(3), (4), and (5) should be numbered under 3(f), as 3(f)(1), 3(f)(2), and 3(f)(3). Article 4 (2): Clarify why a wallet provider must issue a certificate to a PID issuer. Authenticating the PID issuer might suffice. Article 4 (5): Correct the typographical error: "person identification n data" should be revised. Article 4(5)(a): Clarify whether a wallet instance can hold multiple formats of the same attestation and if it is advisable or permissible to issue multiple formats for the same attestation. Article 7 (3): Clarify what constitutes a sufficiently substantive report format.

Read full response

Response to Legislative framework for the governance of common European data spaces

11 Jan 2021

It is very welcoming that intermediaries can provide data sharing services and provide the means to access and control the data from an individual perspective. This we believe is enhancing digitalisation while complying to Regulation (EU) 2016/679 The EU data strategy is clear in its ambition to establish a level playing field to foster innovation, growth and competitiveness. However, as an innovative StartUp/SME looking to be a data intermediary providing human-centric services (in accordance with MyData Operator principles) we are concerned that the registration process and compliance requirements under the Data Governance Act might impose considerable administrative overhead. Hence, this could work against the EU data strategy ambition. We urge to address this and provide better clarity and guidance to the competent authorities so that the execution of this is harmonised across the member states. It need to be clear: - What is required for the registration? - What is the approximate costs involved to demonstrate compliance? - How long is the application process?

Read full response