The eIDAS Regulation corresponds to Regulation (EU) No. 910/2014, a European Union regulation that deals with electronic identification, authentication, and trust services for electronic transactions. It was adopted on July 23, 2014, and came into force on September 16, 2014. Let’s find out more!
Table of Contents
What is the eIDAS Regulation about?
The eIDAS (electronic IDentification, Authentication, and trust Services) is a regulation that applies to all member states of the European Union. It offers a uniform and standardized legal framework for the acceptance of electronic signature and digital identity. In addition, it introduces digital seals for commercial entities. The regulation also simplifies the rules for cross-border electronic transactions.
The eIDAS Regulation builds on the previous Directive 1999/93/EC, which was based on the principle of mutual recognition. The new regulation extends the scope of application to cover all types of electronic signatures, electronic seals, and electronic time stamps.
Contents of the Regulation
- Chapter I – General Provisions
Subject matter, scope, definitions, internal market principle, data processing and protection.
- Chapter II – Electronic Identification
Mutual recognition, eligibility for notification of electronic identification schemes, assurance levels of electronic identification schemes, notification, security breach, liability, cooperation, and interoperability.
- Chapter III – Trust Services
- Section 1 – General Provisions
Liability and burden of proof, international aspects, accessibility for persons with disabilities, penalties.
- Section 2 – Supervision
Supervisory body, mutual assistance, security requirements applicable to trust service providers.
- Section 3 – Qualified trust services
Supervision of qualified trust service providers, initiation of a qualified trust service, trusted lists, EU trust mark for qualified trust services, requirements for qualified trust service providers.
- Section 4 – Electronic signatures
Legal effects of electronic signatures, requirements for advanced electronic signatures, electronic signatures in public services, qualified certificates for electronic signatures, requirements for qualified electronic signature creation devices, certification of qualified electronic signature creation devices, publication of a list of certified qualified electronic signature creation devices, requirements for the validation of qualified electronic signatures, qualified validation service for qualified electronic signatures, qualified preservation service for qualified electronic signatures.
- Section 5 – Electronic seals
Legal effects of electronic seals, requirements for advanced electronic seals, electronic seals in public services, qualified certificates for electronic seals, qualified electronic seal creation devices, validation, and preservation of qualified electronic seals.
- Section 6 – Electronic time stamps
Legal effect of electronic time stamps, requirements for qualified electronic time stamps.
- Section 7 – Electronic registered delivery services
Legal effect of an electronic registered delivery service, requirements for qualified electronic registered delivery services.
- Section 8 – Website authentication
Requirements for qualified certificates for website authentication.
- Chapter IV – Electronic Documents
Legal effects of electronic documents.
- Chapter V – Delegations Of Power And Implementing Provisions
Exercise of the delegation, committee procedure.
- Chapter VI – Final Provisions
Review, transitional measures, entry into force.
Main aspects of the Regulation
The regulation deals with the following aspects of electronic transactions:
- Digital identity
There are nine principles of digital identity to respect: user choice, privacy, interoperability and security, trust, convenience, user consent and control proportionality, counterpart knowledge, and global scalability.
- Electronic signatures
– The eIDAS establishes the validity of all electronic signatures and the legal admissibility regardless of the format.
– Advanced electronic signatures (AdES) must meet certain requirements:
– they must be uniquely linked to the signatory,
– the signatory has sole control over the data used to create the electronic signature,
– they make it possible to understand if the data accompanying the message has been tampered with after the signature,
– the certificate for the electronic signature is the electronic proof that confirms the identity of the signatory and links the validation data of the electronic signature to them.
– they can be implemented according to XAdES, PAdES, CAdES, or ASiC Baseline Profile standards.
– Qualified electronic signatures (QES) are a type of advanced electronic signature created with a dedicated device based on a qualified certificate for electronic signatures.
– The qualified digital certificate for electronic signature certifies the authenticity of a qualified electronic signature issued by a qualified trust service provider.
- Qualified Website Authentication Certificate
It is a qualified digital certificate under the trust services defined in the regulation.
- Trust Service
Is an electronic service for creating, validating, and verifying electronic signatures, timestamps, electronic seals, certificates, and more. It is managed by a trust service provider
Why is the eIDAS Regulation so important?
The eIDAS regulation creates a single market for electronic signatures and other electronic trust services. This makes it easier for companies to do cross-border business activities within the EU. Furthermore, EU citizens can use a digital identity to authenticate themselves when transacting online with other businesses or public administrations.
The benefits are different.
First of all, thanks to the electronic identification methods, people can avoid going to the offices of companies, banks, or others to operate. They can do everything online, from tax returns to opening a bank account, from enrolling in a foreign university to authenticating for payments on the Internet.
At the same time, private companies can acquire customers online anytime, anywhere, while public companies can improve their processes.
In essence, eIDAS favors the digital transformation which, in turn, reduces the waste of money and time. All this while offering users a comfortable experience.