eIDAS (shorthand for ‘electronic identification, authentication, and trust services) is a European Union regulation that creates the legal basis for secure digital identities. It sets the minimum standards for authentication, protection and management of digital identities.
eIDAS was introduced in 2014 and has been fully in force since 1 July 2016 as a result of the European Commission’s focus on Europe’s Digital Agenda. With the Commission’s oversight, eIDAS was implemented to spur digital growth within the EU. To that end, they implemented the legal framework, and its guidelines to ensure that businesses use the highest standards of data security and innovation.
eIDAS also emphasizes the need for interoperability and transparency, requiring member states to create a common framework that recognizes eIDAS from other member states, while also providing a clear and accessible list of trusted services.
This makes it easier for users to conduct business across borders, while also allowing security stakeholders the ability to engage in dialogue about the best technologies and tools for securing digital signatures.
The eIDAS Regulation has created a single European market for electronic identification services (eIDs) enabling easy, secure and trustworthy identity verification, in short, to establish trust in electronic transactions between organizations, governments and individuals.
It has further set pan-European technical, organizational, and legal requirements to ensure that users of a service have a secure digital identity (This identity must be unique, trustworthy and secure, and users can be confident that it is only shared with service providers who deserve their trust)
EU Establishes Digital Identity Principles for Secure and Reliable Online Services
EU digital identity has been defined by nine principles: user choice, privacy, interoperability and security, trust, convenience, user consent and control proportionality, counterpart knowledge, and global scalability. These principles allow users to use services in a secure and reliable way, while also cutting down on the cost associated with such services.
The eIDAS Regulation ensures that digital identities can only be used with the explicit consent of the individual and that the processing of personal data is carried out in accordance with EU data protection regulations. These regulations allow individuals to decide how their digital identities and data are used and to ensure that their data is secure.
In addition, the eIDAS Regulation will also help make e-government services more secure and easier to use and enable EU citizens to quickly and securely authenticate and gain access to e-Government services while increasing the efficiency and security of e-Government services.
Digital Identity Management: Key to Post-Covid-19 Economic Recovery in Europe
Covid-19 has accelerated the transition towards digital systems and emphasized the importance of digital identity management in order to facilitate the post-pandemic recovery of the European economy. The Recovery and Resilience Facility covers, among other things, investment in digital technologies, such as eID and trust services.
Good examples of those services would be the obvious one, Banking: eIDAS -based eID would help financial institutions meet their legal obligations in terms of know-your-customer, anti-money laundering and strong authentication of parties. For example, an account could be opened without a physical meeting.
The eIDAS network would allow universities to exchange reliable student identification data seamlessly. For example, the Erasmus+ programme already offers such services for student mobility data. Aviation: eIDAS -based eID would give airlines an adequate basis for cross-border recognition processes. Passengers would not need to have physical passports to share the requested attributes.
“Digital technologies can make our life so easy. I am convinced that a European digital identity wallet is indispensable for our citizens and businesses. We are looking at a massive advancement in how people use their identity and credentials in everyday contact with both public and private entities, and in how they use digital services. All while firmly keeping control over their data.”
Ivan Bartos, Czech Deputy Prime minister for digitalisation and minister of regional development
European Commission Proposes Update of Digital Identity Framework for EU Citizens and Businesses
In June 2021, the European Commission proposed an update of the 2014 digital identity framework that would be available to all EU citizens, residents and businesses, via a European digital identity wallet.
The proposed new framework amends the 2014 eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market, which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU.
There is a strong desire to strengthen cooperation between different services. To this end, they must be easily established, recognizable and compatible with each other. In addition, there is a need for a clearer link between private and public services.
In order to achieve this, regulators propose a modular approach that is able to adapt to the fast paced market changes and technological adoption by introducing certification schemes that are specific to individual service sectors.
eIDAS 2.0 seeks to accelerate the provision of cutting-edge technology services and products to citizens, providing them with faster access than ever before. It will ensure that users have access to the latest identification services, enabling them to authenticate securely online.
UK EIDAS Supervisory Body Maintains Close Ties with EU Member Countries Despite BREXIT
Following the UK withdrawal from the EU the eIDAS Regulation was adopted into UK law and amended by The Electronic Identification and Trust Services for Electronic Transactions.
By retaining many of the important features of the EU eIDAS Regulation, allowing technical standards and specifications in the UK to reflect those of the EU, it preserves mutual recognition of electronic signatures and other trust services. Thus, e-signature platforms and trust service providers based in the EU can still serve UK customers.
So, although the UK is no longer part of the EU, if you provide trust services within the EU, you are still required to comply with the EU eIDAS Regulation, which includes being regulated by a supervisory body from another member state of the European Union. Despite the fact that the UK no longer has any direct EU eIDAS regulatory responsibilities, the UK eIDAS supervisory body still maintains close working relations with the supervisory authorities of other EU member countries.
And although the UK no longer has any direct EU eIDAS regulatory responsibilities, UK eIDAS supervisory body continues to maintain close working relations with the authorities of EU member countries.
English