ALLEXIS - ID ISSUER FOR SWEDEN 1 st meeting with tobacco industry - PowerPoint PPT Presentation

ALLEXIS - ID ISSUER FOR SWEDEN 1 st meeting with tobacco industry

AGENDA

LEGISLATION Directive 2014/40/EU of the European Parliament and of the Council of  3 April 2014 on the approximation of the laws, regulations and administrative provisions of the Member States concerning the manufacture, presentation and sale of tobacco and related products and repealing Directive 2001/37/EC Commission Implementing Regulation (EU) 2018/574 of 15 December 2017  on technical standards for the establishment and operation of a traceability system for tobacco products (Text with EEA relevance. ) Commission Delegated Regulation (EU) 2018/573 of 15 December 2017  on key elements of data storage contracts to be concluded as part of a traceability system for tobacco products (Text with EEA relevance. ) Commission Implementing Decision (EU) 2018/576 of 15 December 2017  on technical standards for security features applied to tobacco products (notified under document C(2017) 8435) (Text with EEA relevance. ) Commission Implementing Regulation (EU) 2018/1602 of 11 October 2018  amending Annex I to Council Regulation (EEC) No 2658/87 on the tariff and statistical nomenclature and on the Common Customs Tariff

TRACEABILITY SYSTEM FOR TOBACCO PRODUCTS

ID ISSUER ROLES & RESPONSIBILITIES  Control over unique identifiers and product codes Article 8 of Implementing Regulation  Issuing unit level UIs Article 9 of Implementing Regulation  Issuing aggregated level UIs Article13 of Implementing Regulation  Registration of economic operators, facilities and machines Article 15, 17, 19 of Implementing Regulation  Establishing offline flat-files Article 20 of Implementing Regulation  Security protocols and connectivity rules for communications between ID Issuer and Economic Operators Article 36 of Implementing Regulation

REGISTRATION OF ECONOMIC OPERATORS Collaboration Registration of UIs Need for registration Acceptance Contract to information, EOID request UIs Economic Operator and code received needed? End No Request for Creation of registration account Contract for Account update Yes information signature Decline received received information Confirm the need received Sign contract for contract End End Signed Account update Contract for Request contract information signature Receipt Signed contract received of the request Account update information End Contract signed? ID Issuer Yes Storing of request Decline Send contract for Enable generation information signature to EO of UIs for EO End No No Yes End Validation of rq Generation of EO Return rq result, EO Was information identifier code ID and confirm. code request approved?

REGISTRATION OF ECONOMIC OPERATORS Collaboration Registration of first retail outlet Economic Operator ID Issuer Need for registration Receipt of the request Request Validation of request Storing of request Request for registration information for first retail outlet (GUI/API) Was request approved? Decline No information received Yes Decline information for EO Generation of EO identifier code End End Acceptance information, Return of request result, Creation of user groups EOID and user EO ID and user groups with roles for EO groups Inform first retail outlet about registration End End

REGISTRATION OF ECONOMIC OPERATORS

INTEGRATION INTE INTEGRA GRATIO TION N INTE INTERF RFACES CES  Built in accordance with Data dictionary and Interface specification published by provider of secondary repository.  We will use OAUTH2 authentication.  We presume that systems of EOs will expose interfaces for delivery of generated codes and UIs, implemented also according to Data dictionary and Interface specification published by provider of secondary repository, with OAUTH2 authentication.

SECURITY PROTOCOLS AND CONNECTIVITY RULES Secu Security pr rity prot otoc ocols and ols and co conn nnec ectivi tivity r ty rules ules for or co commun mmunica ication tions s be betw twee een n ID ID issu issuer r and economic mic operato tors  For the purpose of authentication and authorisation OAUTH2 protocol will be used. As the solution will be integrated with other information systems, the communication will use encrypted protocols only.  Authentication and authorisation will be mandatory for end-user activities and integration purposes (APIs) as well.  The proposed solution will be compliant with GDPR in all areas: process setup, software capabilities and infrastructure. Access to and processing of personal data will be available only to authenticated and authorised users.  From the perspective of infrastructure protection, physical access to the data centre will be restricted to authorised users only and all activities will be logged using logging mechanisms at the operating system level.

STRUCTURE OF UNIT LEVEL UI CODE Feature: Code length Code length of 26 characters including time stamp. Feature: Algorithm used The algorithm guarantees uniqueness of each number and difficulty to predict it with the required probability. Feature: One lookup table One lookup table minimises length of product code.  ID Issuer generates unit level UIs according to Article 9 of Implementing Regulation.

STRUCTURE OF AGGREGATED LEVEL UI CODE Feature: Code length Code length of 31 characters including time stamp. Feature: Algorithm used The algorithm guarantees uniqueness of each number and difficulty to predict it with the required probability.  Aggregated-level UIs can either be requested from the ID issuer, or self-generated by the economic operator, in accordance with ISO/IEC 15459-1:2014 or ISO/IEC 15459-4:2014 (Art. 10).  ID Issuer generates unit level UIs according to Article 13 of Implementing Regulation.  There are two separate sequences for serial numbers, one for unit level UI and one for aggregated level UI.

GENERATION OF UNIT LEVEL UIS Business Process Generation of UIs Economic Operator ID Issuer Secondary repository Need for UIs Receipt Request of the Request for UI request (GUI/API) Info for SR The end of the next business day UI generation Recall Recall the request Recall request for Updated request UIs info for SR Recall received Expiration of deadline for recall Transmission of generated UIs End End Electronic UI UIs (GUI/API) received End

GENERATION OF UNIT LEVEL UIS

TIMELINE OF ID ISSUER PROJECT

INFORMATION PORTAL https://idissuer.se

CUSTOMER SUPPORT - JIRA

CALL CENTER ฀ Available to you from 9:00 -17:00 ฀ Up to 15 consecutive calls ฀ Issues discussed can be projected to Jira ฀ Callback option available

IMAGINE ALL THE POSSIBILITIES IF YOU WATCH YOUR PLAN UNVEIL FROM OUTER SPACE. THAT IS HOW WE WORK . Phone +421 2 33 00 06 11 E-mail information@allexis.com Web allexis.com Slovak Republic Czech Republic Malta Allexis s. r. o. ALLEXIS GROUP a.s. Allexis Assets Ltd Stare Grunty 1/B Na Strži 1702/65 Macerata St. 17 Floriana 841 04 Bratislava 140 00 Prague