Less than a year ago, eIDAS Regulation entered into force. Today we have completed the adoption of all the implementing acts due by 18 September 2015. This is a remarkable accomplishment that makes the EU the first and only region in the world having a workable and balanced legal framework for cross border use of electronic identification and trust services.
Operationalising eIDAS via the just adopted implementing acts is a concrete step to building and unleashing the potential of the Europe’s Digital Single Market. With eIDAS, the EU has managed to lay down the right foundations and a predictable legal framework for people, companies (in particular SMEs) and public administrations to safely access to services and do transactions online and across border in just "one click". Indeed, rolling out eIDAS means higher security and more convenience for any online activity such submitting tax declarations, enrolling in a foreign university, remotely opening a bank account, setting up a business in another Member State, authenticating for internet payments, bidding to on line call for tender, etc.
What does this mean?
Today, four implementing acts were published on the official journal: two for eID (on interoperability framework and on levels of assurance) and two for trust services (on the formats of advanced electronic signatures and seals and on the technical specifications of the national Trusted Lists).
Let me briefly highlight what this means in practice.
For eID, at the end of this month (September 2015) Member States could on voluntary basis start the procedure to notify and recognise national eID means that citizens and companies could use cross border to access online public services. This is because the EU has now a set of legal rules (the eIDAS Regulation) and tools (i.e. the level of assurance and the interoperability framework) to support the transparent and accountable mapping of the trustworthiness of existing and diverse national eID together with agreed operational and security specifications for interoperability. Is this all? Not really. Under the Connecting Europe Facility (CEF) the European Commission and EU Member States are also rolling out the eID technical interoperability infrastructure and components to operationally support the cross border use of eID. This is a real premiere in the world!
But, are we done with all this? Not really. The journey has just started and everybody (in particular Member States, the private sector stakeholders and the Commission) has to get ready to fully benefit from EU-wide use of eID. A key enabling role is for MS which have the possibility to notify their eID means without waiting for 2018 when the cross border recognition of eID becomes mandatory.
For the trust services, eIDAS has significantly upgraded and improved the existing legal framework for e-signature. The newly published acts on the formats of trusted lists and of advanced e-signatures and e-seals to be recognised by the public sector complete the set of tools to ensure transparency and efficiency for cross border use of trust services (i.e. e-signature, e-seal, time stamping, e-registered delivery services, website authentication). Indeed, it would be easier and more convenient for citizens and companies to use their e-signatures/e-seals everywhere in the EU, for transactions with public administrations as well as, we also expect, private sector businesses.
In addition, the establishment at National and EU levels of trusted lists of trust service providers together with the possibility to differentiate qualified services by means of the EU trust mark will greatly improve both the transparency of the market as well as the user's understanding of the quality and security of the services they rely upon. To conclude, I emphasise that on 1st July 2016 eIDAS will apply and the existing e-signature directive be repealed. By then, all Member States have to have in place a supervisory body as provided in eIDAS regulation. Such a body will have to be operational in order to allow market players to become compliant with eIDAS in due time. It is time to get ready for you but also for us.
What would come next?
We, at the European Commission, are working and will continue to support you in this last phase of eIDAS implementation. Through the technical solutions deployed under CEF, we foster interoperability of eIDAS tools such as e-ID, e-Delivery, e-Signature by linking up Member States’ infrastructures.
Besides this interoperability layer, we also design activities to ensure continuity of our engagement actions as well as support a permanent exchange and discussions among stakeholders.
Building on the key messages gathered in the past events and the suggestions that we‘re receiving on our online participatory platform, we are also working to:
- Set up an eIDAS European Observatory to boost online trust, security and transparency in the DSM as a virtual network of stakeholders to exchange ideas and good practices as well as recommend actions and initiatives to ease the uptake of electronic identification and trust services.
- Launch a series of high-level roundtables to define strategic lines to foster eIDAS as enabler for market digitisation.
Much more to come. Stay tuned.