What is the eIDAS regulation?

What is the eIDAS regulation?

The eIDAS Regulation corresponds to Regulation (EU) No. 910/2014, a European Union regulation that deals with electronic identification, authentication, and trust services for electronic transactions. It was adopted on July 23, 2014, and came into force on September 16, 2014. Let’s find out more!

What is the eIDAS Regulation about?

The eIDAS (electronic IDentification, Authentication, and trust Services) is a regulation that applies to all member states of the European Union. It offers a uniform and standardized legal framework for the acceptance of electronic signature and digital identity. In addition, it introduces digital seals for commercial entities. The regulation also simplifies the rules for cross-border electronic transactions.

The eIDAS Regulation builds on the previous Directive 1999/93/EC, which was based on the principle of mutual recognition. The new regulation extends the scope of application to cover all types of electronic signatures, electronic seals, and electronic time stamps.

Contents of the Regulation

  1. Chapter I – General Provisions
    Subject matter, scope, definitions, internal market principle, data processing and protection.
  2. Chapter II – Electronic Identification
    Mutual recognition, eligibility for notification of electronic identification schemes, assurance levels of electronic identification schemes, notification, security breach, liability, cooperation, and interoperability.
  3. Chapter III – Trust Services
  • Section 1 – General Provisions
    Liability and burden of proof, international aspects, accessibility for persons with disabilities, penalties.
  • Section 2 – Supervision
    Supervisory body, mutual assistance, security requirements applicable to trust service providers.
  • Section 3 – Qualified trust services
    Supervision of qualified trust service providers, initiation of a qualified trust service, trusted lists, EU trust mark for qualified trust services, requirements for qualified trust service providers.
  • Section 4 – Electronic signatures
    Legal effects of electronic signatures, requirements for advanced electronic signatures, electronic signatures in public services, qualified certificates for electronic signatures, requirements for qualified electronic signature creation devices, certification of qualified electronic signature creation devices, publication of a list of certified qualified electronic signature creation devices, requirements for the validation of qualified electronic signatures, qualified validation service for qualified electronic signatures, qualified preservation service for qualified electronic signatures.
  • Section 5 – Electronic seals
    Legal effects of electronic seals, requirements for advanced electronic seals, electronic seals in public services, qualified certificates for electronic seals, qualified electronic seal creation devices, validation, and preservation of qualified electronic seals.
  • Section 6 – Electronic time stamps
    Legal effect of electronic time stamps, requirements for qualified electronic time stamps.
  • Section 7 – Electronic registered delivery services
    Legal effect of an electronic registered delivery service, requirements for qualified electronic registered delivery services.
  • Section 8 – Website authentication
    Requirements for qualified certificates for website authentication.
  1. Chapter IV – Electronic Documents
    Legal effects of electronic documents.
  2. Chapter V – Delegations Of Power And Implementing Provisions
    Exercise of the delegation, committee procedure.
  3. Chapter VI – Final Provisions
    Review, transitional measures, entry into force.

Main aspects of the Regulation

The regulation deals with the following aspects of electronic transactions:

  • Digital identity

    There are nine principles of digital identity to respect: user choice, privacy, interoperability and security, trust, convenience, user consent and control proportionality, counterpart knowledge, and global scalability.

  • Electronic signatures

    – The eIDAS establishes the validity of all electronic signatures and the legal admissibility regardless of the format.

    – Advanced electronic signatures (AdES) must meet certain requirements:
    – they must be uniquely linked to the signatory,
    – the signatory has sole control over the data used to create the electronic signature,
    – they make it possible to understand if the data accompanying the message has been tampered with after the signature,
    – the certificate for the electronic signature is the electronic proof that confirms the identity of the signatory and links the validation data of the electronic signature to them.
    – they can be implemented according to XAdES, PAdES, CAdES, or ASiC Baseline Profile standards.

    – Qualified electronic signatures (QES) are a type of advanced electronic signature created with a dedicated device based on a qualified certificate for electronic signatures.

    – The qualified digital certificate for electronic signature certifies the authenticity of a qualified electronic signature issued by a qualified trust service provider.

  • Qualified Website Authentication Certificate
    It is a qualified digital certificate under the trust services defined in the regulation.

  • Trust Service
    Is an electronic service for creating, validating, and verifying electronic signatures, timestamps, electronic seals, certificates, and more. It is managed by a trust service provider

Why is the eIDAS Regulation so important?

The eIDAS regulation creates a single market for electronic signatures and other electronic trust services. This makes it easier for companies to do cross-border business activities within the EU. Furthermore, EU citizens can use a digital identity to authenticate themselves when transacting online with other businesses or public administrations.

The benefits are different.

First of all, thanks to the electronic identification methods, people can avoid going to the offices of companies, banks, or others to operate. They can do everything online, from tax returns to opening a bank account, from enrolling in a foreign university to authenticating for payments on the Internet.

At the same time, private companies can acquire customers online anytime, anywhere, while public companies can improve their processes.

Furthermore, setting minimum standards for electronic signatures, seals and time stamps ensures the legal validity of electronic transactions and guarantees stronger cybersecurity.

In essence, eIDAS favors the digital transformation which, in turn, reduces the waste of money and time. All this while offering users a comfortable experience.

Articolo precedenteThe benefits of digital onboarding for the acquisition of new customers
Articolo successivoWhen do you need a time stamp?