The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) adopted by the co-legislators on 23 July 2014 is a milestone to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
The eIDAS Regulation:
- ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available.
- creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.
With eIDAS, the EU has managed to lay down the right foundations and a predictable legal framework for people, companies (in particular SMEs) and public administrations to safely access to services and do transactions online and across border in just "one click". Indeed, rolling out eIDAS means higher security and more convenience for any online activity such submitting tax declarations, enrolling in a foreign university, remotely opening a bank account, setting up a business in another Member State, authenticating for internet payments, bidding to on line call for tender, etc.
On 8 September 2015 the European Commission completed the adoption of all the implementing acts due by 18 September 2015.
On electronic identification:
- Commission Implementing Decision (EU) 2015/296 of 24 February 2015 on procedural arrangements for MS cooperation on eID:
Member States shall cooperate in order to reach interoperability and security of electronic identification schemes. The decision establishes the methods for exchange of information and creates the Cooperation Network to facilitate cooperation on the subject.
- Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework:
The regulation creates the platform enabling practical connectivity between eID means from different Member States, to foster interoperability.
- Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means:
The main goal of the eID mutual recognition is to enable EU citizens to do cross-border interaction with their own national eID means. Since each Member State has a separate system to manage electronic identities, a mechanism is needed to make them comparable and interoperable. The Commission Implementing Regulation on levels of assurance includes detailed criteria which allow Member States to map their eID means against a benchmark (low, substantial and high) and thus to compare each other.
- Commission Implementing Decision (EU) 2015/1984 of 3 November 2015 defining the circumstances, formats and procedures of notification:
Notification of electronic identification schemes by Member States is a prerequisite of mutual recognition of electronic identification means. The decision ensures uniform use of the notification form.
On electronic trust services:
- Commission Implementing Regulation (EU) 2015/806 of 22 May 2015 on the form of the EU Trust Mark for Qualified Trust Services:
The objective of the regulation is to foster transparency in the market. The trust mark clearly differentiates qualified trust services from other trust services; the aim is to foster confidence in and of essential online services, for users to fully benefit and consciously rely on electronic services.
- Commission Implementing Decision (EU) 2015/1505 of 8 September 2015 laying down technical specifications and formats relating to trusted lists:
Trusted lists are essential for ensuring certainty and building trust among market operators as they indicate the status of the service provider at the moment of supervision. The decision also aims at fostering interoperability of qualified trust services by facilitating the validation of e-signatures and e-seals.
- Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies:
by ensuring continuity with the principles adopted under the Service Directive, the decision facilitates cross-border transactions with public sector bodies in a different Member State. It also ensures technological neutrality by setting a method for the use of non-standardised formats.
- Commission Implementing Decision (EU)2016/650 of 25 April 2016 laying down standards for the security assessment of qualified signature and seal creation devices:
The decision lists the standards for the security assessment of qualified signature and seal creation devices.
- Questions and answers on eIDAS Regulation
- EU Trusted List of Trust Service Providers (browser)
- EU Trusted List of Trust Service Providers (machine readable format)
- Publication of the Regulation on electronic identification and trust services for electronic transactions in the internal market