Mar 4, 2019
eIDAS: New Electronic Signature Regulation in Europe
The new eIDAS regulation sets up a radical change in the paradigm of digital identification and electronic signature in Europe.
EIDAS is a paradigm shift in the usability of digital identification and electronic signatures and a major endorsement of electronic administration projects based on law 11/2007 on citizens electronic access to public services.
Identification, mobility, and interoperability will do a positive about-face with eIDAS for electronic administration projects.
Four things you need to know about eIDAS, the new electronic signature regulation:
Digital IDentification with eIDAS
Until today, going to registries in person was a requirement to verify their identity and start off relationships with full guarantees. The new law (Regulation EU No 910/2014) doesn’t change anything in this basic aspect and that makes sense: we need to create an environment of trust together and we should do so with the most guarantees possible.
The lessons learned in the last decade have raised awareness in Europe which allowed some leeway in the new eIDAS regulation that, clearly understood, opens the door to new digital identification mechanisms without lowering security during the process at all.
The door is opened to not having to go in person before obtaining a certificate from a registry and to being able to do so through a digital channel, in cases like: – see article 24 of the new eIDAS regulation-
Remotely, using electronic identification for which the presence of the individual has been guaranteed with a high level of security. Here’s where kinds of identification like remote video identification come into play, which can be very useful given the high penetration of cameras on all sorts of devices.
Through a qualified electronic signature certificate to inherit the value and the trust in the identity of a person from another recognized certificate, opening up the possibility that people participate in a new electronic administration ecosystem with just one click.
Lastly and although this one is a bit vague: using other identification methods recognized at the national level that provide equivalent levels of security in terms of reliability of face-to-face presence. Equivalent security will be confirmed by a compliance assessment body.
Bye, bye smart card readers, hello cellphones.
Sixteen years ago people started to design one of the electronic signature laws with the most guarantees in the world: it replaced the convenience of pens with a signature device that required “sole control.” They failed.
The consequences were devastating to drive what later would be the first laws on citizens’ electronic access to public services. This is no idle criticism and we have to understand things in their context. The criticism might be that 15 years have gone by and we haven’t done anything about it, till now.
The new identification and signature regulation, eIDAS, arose from the lessons learned. It nuances exclusive control to “a high level of confidence under sole control” and opens the door to centralized management of electronic certificates.
The consequence? Being able to work in solutions where security, and especially usability, can be increased. The citizen’s cellphone goes from being an inexpensive and useful instrument to extending the administration’s processes, unfettered, securely, making an administration that places it at the center of this entire ecosystem possible.
Welcome to the API world
Interoperability has always been a central issue in electronic administration projects and a lost battle in the integration of identification and signature systems, be they electronic national identity cards or other recognized certificates.
Due to its versatility and ease of development, the new interoperability model based on APIs has been disruptingcomplex industries like finance for some time now with easy to use and easy to integrate business models.
The fact that an electronic backoffice can carry out processes that involve citizens in a matter of hours is a highly interesting paradigm shift in the integration of new projects, facilitating the penetration of electronic administration in people’s lives.
These things not only give electronic administration processes the chance to have a relationship with citizens but they also mean a radical change in the revision of internal processes throughout the organization’s ecosystem, from signatures in civil servants’ internal work or the supplier relationship, with radical changes in the conception of alternatives to electronic invoices.
it’s important to highlight that new eIDAS Regulation establishes some requirements to operate with a high level of confident for digital identification and electronic signature.
eIDAS and AML5: The importance of a single market in Europe
On July 9, 2018, the new AML5 directive came into force, which together with the eIDAS regulation, created a new a “Digital Single Market” that allows the homogenization of the electronic identification in Europe.
If you want more information on this subject you can download the following guide on AML5.
This Directive allows financial companies to provide a service in a single market of 508 million consumers by eliminating barriers between different industries and markets.
In short, the European regulation of trusted services 920/2014 delegates to the AML5 Directive the ability to identify new customers in any country of the European Union.