eIDAS Regulation: Most important facts for companies and consumers.
The future belongs to companies that offer customers an eIDAS-compliant digital contract – whether for a private home loan, a company purchase or opening an account. Signing and sending paper documents by hand is no longer common practice. However, electronic signatures as a digital alternative have only hesitantly been used in the European Union (EU) due to security and legal concerns.
With the eIDAS Regulation, the EU has created legal certainty for digital transactions in the internal market. We explain which regulations the eIDAS Regulation contains, how companies, financial institutions and private individuals benefit and how business processes can be digitalized in compliance with eIDAS.
Table of Contents:
- eIDAS Regulation: Most important facts for companies and consumers.
- What is the eIDAS Regulation?
- What does eIDAS stand for?
- Why was the eIDAS regulation created?
- What are the advantages for companies and consumers?
- Most used terms in the eIDAS regulation.
- eIDAS and its three types of electronic signatures.
- How do companies and public authorities integrate digital signatures into their processes?
- Meeting the requirements of the eIDAS regulation.
- What does eIDAS mean for EU companies?
- eIDAS 2.0—level up.
What is the eIDAS Regulation?
The eIDAS Regulation is the abbreviation for “Regulation (EU) No 910/2014 of the European Parliament and of the Council of July 23, 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.” It has been in force in all EU member states and in the European Economic Area since July 1, 2016 and creates a new common legal and technical framework for the provision of trust services, electronic identification and website authentication.
Through the mutual recognition of electronic identities, the eIDAS Regulation is primarily intended to facilitate electronic exchange between the various EU member states. It sets new standards and requirements for service providers to ensure a high level of security and reliability.
What does eIDAS stand for?
electronic Identification, Authentication and trust Services or eIDAS is an EU Regulation on electronic identification and trust services for digital transactions, and is applied as law within the EU.
The eIDAS Regulation ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access services. It aims to facilitate commerce in the EU through harmonized laws, security, technical neutrality and interoperability.
In order to ensure the smooth functioning of the internal market while providing adequate security for electronic identification means and trust services, this EU-wide Regulation provides for the following (Article 1):
- eIDAS lays down the conditions under which Member States must recognize the means of electronic identification of natural and legal persons subject to an electronic identification scheme notified by another Member State.
- The eIDAS Regulation lays down binding rules for trust services, in particular for electronic transactions. (Note: what were previously certification service providers are now referenced as trust service providers).
- It establishes a legal framework for electronic signatures, electronic seals and stamps as well as electronic time stamps, documents, electronic enrollment services and certification services for the authentication website.
The eIDAS regulations apply directly and take precedence over any conflicting national legislation. It can also be extended by the EU member states.
Why was the eIDAS Regulation created?
Until the eIDAS Regulation came into force, different laws on the legally valid conclusion of digital transactions applied in the EU member states and incompatible technologies were used in some cases.
As a result, cross-border contracts were rarely concluded digitally. The legal uncertainties and technical problems were too great. Companies wanted to play it safe and kept to the traditional paper route. However, this was a brake on growth for European economic development. The eIDAS Regulation brought legal certainty.
What are the advantages for companies and consumers?
For EU companies, various bureaucratic hurdles on the way to inter-European business relationships are eliminated. Digital contract processes are fast and cost-efficient. Especially in volatile and uncertain markets, the speed advantage can make the difference between growth and stagnation.
The European Economic Area (EEA) is now also much more attractive for companies from third-world countries. This is because they can rely on a reliable, uniform legal framework, which reduces the investment risk. At the same time, business transactions can be more securely completed remotely and digitally.
For private individuals, eIDAS means they can enter into transactions with companies and individuals from the European Economic Area without the need for time-consuming identification procedures. Whether opening an account, concluding a loan agreement or identifying themselves to a public authority – with a digital signature in accordance with eIDAS, they can be sure that strict data protection and security requirements are met when transmitting data and that their signature is legally valid.
Most used terms in the eIDAS regulation.
There are many terms in the regulatory framework of eIDAS that are often used interchangeably – yet mean different things depending on how the term is used:
Electronic Identification (eID)
- an electronic method that guarantees the identification of a person
- (e.g. the use of IDnow product platform)
- an individual’s electronically-stored identity data
- (i.e. on a chip or credentials on a mobile phone)
- the act of identifying or authenticating oneself in a digital environment
- (through a National ID card e.g., the German National ID card)
eID scheme (simply put – a method of using an eID)
- The scheme describes “a system for electronic identification that is developed by public sector, private companies, or public-private joint ventures”.
- These schemes can be “notified” and approved by a Member State to ensure the scheme meets security requirements at substantial or high. (The German eID is a notified scheme based on the National ID chip card)
- The Digital Wallet can serve as an eID scheme
The process of formally approving an eID scheme is known as “notification.” Each Member State is responsible for notifying its own eID schemes, and must ensure it meets eIDAS security and quality requirements.
eIDAS and its three types of electronic signatures.
The eIDAS Regulation defines categories for electronic identification and distinguishes between three types of electronic signatures. Which signatures are effective for which legal acts depends on the national laws. In principle, the higher the technical security standards, the greater the probative value and thus the legal certainty in court.
Simple electronic signature (SES)
With the simplest form of electronic signature, it is sufficient if the document and signature are “logically linked,” for example by scanning a handwritten signature and copying it into the document.
Advanced electronic signature (AES)
The advanced electronic signature must meet special requirements, including the use of encryption technology. It is usually created using e-signature software. It is significantly more forgery-proof than the SES.
Qualified electronic signature (QES)
The most secure form of electronic signature is the qualified electronic signature. In addition to the requirements of the AES, further requirements must be met. For example, the signature must contain an official certificate and the signatory must authenticate themselves via e-ID or video.
How do companies and public authorities integrate digital signatures into their processes?
In order to use advanced and qualified electronic signatures, companies turn to a provider of e-signature solutions such as IDnow, which works together with a state certification authority and implements signature processes in accordance with eIDAS specifications.
As the signature solutions are usually cloud platforms, they can be easily integrated into existing digital workflows via interfaces.
With eSign, IDnow offers a suitable solution with which companies can easily implement digital contract signatures (QES) on all end devices. The usability is so convenient that even less tech-savvy customers can quickly find their way around.
Meeting the requirements of the eIDAS regulation.
The eIDAS Regulation sets the definitions and categories for electronic identification and thereby aims at harmonizing services for its citizens. IDnow customers have benefited by our ability to meet eIDAS requirements in order to offer our customers Video and AutoIdent + QES for AML and non AML use cases.
By setting legally-accepted standards into law, eIDAS will enable new eID methods for digital services and at the same time, a way to store one’s digital identity credentials. eIDAS will affectively introduce a digital identity and digital wallet to all EU citizens and residents who want it.
What does eIDAS mean for EU companies?
EU regulation sets legally binding standards for digital means of identification in the European Economic Area. It thus makes an important contribution to strengthening trust in digital contracts and driving forward the digitalization of the European economy.
The central content of eIDAS is the definition of three types of electronic signatures, each of which has different probative value in court. Companies and authorities wishing to offer eIDAS-compliant signatures turn to e-signature service providers.
The efficiency of digital processes is increasingly becoming a question of survival for companies. The integration of digital contract signing is therefore not an option, but a pure necessity. The social importance of digital identification processes is also reflected in the continuous development of eIDAS and the plan to introduce an EU-wide online ID card.
eIDAS 2.0—level up.
In June 2021, a revised version of eIDAS, called eIDAS 2.0, was published differing from the original version in three key aspects: addressing vulnerabilities, introduction of trust services and the introduction of the ID wallet.
The EU proposed a new framework for a European Digital Identity, which will be available to all EU citizens, residents and businesses in the EU. The new eIDAS Regulation introduces all EU citizens with the ability to prove their identity and share electronic documents via a European Digital wallet on their phone. Their aim is to offer a new way to access online public and private services with a national digital identification, which will be recognized throughout the whole of the European Union.
An e-wallet will (as part of eIDAS) enable the following:
- Store and manage digital identity credentials from an official Gov’t source
- Store and manage additional credentials (i.e. education, professional or health certificates)
- Store a QES
The wallet can be used for onboarding and authenticating a user for AML, non-AML, Telecom, Trust Service use cases as well as public e-government services.
- Wallets can be introduced by the Member State or private sector through certification.
- The technical standards and implementing act are yet to be determined – this will be done with EC standardization bodies.
IDnow will continue to offer multiple products from the traditional VideoIdent, to more automated solutions like the AutoIdent, in all its versions, eID and also newer products in design. It will also include its own version of a digital wallet to its solution offers.
Learn more about eIDAS 2.0.