The TUPAS countdown is underway: Up to 24% of Finnish organizations risk breaking the law after 1 October 2019

Only 76% of those using Tupas authentication believe they will meet the new security requirements after the transition, according to a survey conducted by IRO Research on behalf of Signicat.

The protocol used for bank authentication under the name Tupas no longer meets the security requirements for strong electronic identification on October 1, 2019 and must therefore be replaced by more modern protocols such as OIDC or SAML 2.0. The deployment of these protocols requires organizations that make use of strong electronic identification in their online services to make system changes. The order is based on the Finnish law on strong electronic identification and the EU eIDAS regulation.

The provider of electronic services must replace the old Tupas protocol for data transmission with the new message-level encryption technology. The change must be made before the end of the transition period, and Traficom recommends that you switch to this brokerage service at this juncture. This change has no direct impact on consumers.

"It is worrying that despite the long transition period, 24% of companies do not believe they will be able to make the required system changes. Traficom, the agency that oversees electronic identification, has been clear in its position that the transitional period should not be extended. In addition, the threshold for ensuring the legitimacy of identification services is lower, as the company using the identification services  does not have to enter into new agreements with the issuing banks, but uses an identity broker, "says Antti Harsunen, Country Manager of Signicat Finland. 

The Finnish Trust Network lowers threshold for digitalization

Authentication providers (banks and operators) and authentication brokerage services form a so-called Finnish Trust Network (FTN). Trusted network service providers must meet strict security and quality criteria monitored by Traficom. Signicat is one of the trusted brokers for authentication services.

However, in the light of the Signicat survey, the trust network has poor visibility: only 21% say they have heard of it.

“The trust network and the formalization of the role of the network's intermediaries is an important step in the electrification of Finnish society and business. It lowers the threshold for developing and deploying e-services and service channels, as e-service providers now have access to all available means of identification, such as online banking, through a single contract and interface through a broker", Harsunen sums up. 

For the survey, Finnish CEOs, corporate IT managers and corporate e-business decision makers were interviewed in July-August 2019.

Free guide to online identification 

Signicat has compiled a wealth of information on changes to Tupas bank connections and a trust network on a dedicated theme page. Read more

Signicat has published an electronic guide on the changes and backgrounds associated with electronic identification. The guide also provides plenty of tips for choosing an authentication service provider. The guide can be downloaded for reading on the Signicat website.

Download the Finnish Trust Network eGuide from Signicat

Get in touch

Want to talk to us about what we do, or need some additional information? Don’t hesitate to get in touch.