Regulation (EU) No 910/2014 (eIDAS), which came into force in July 2016, has recently completed its first year of life.
We analyze the main keys of a regulation that has revolutionized electronic transactions in the European Union:
- The main novelty of this new Regulation is the harmonization of the requirements for the mutual recognition of electronic identification at EU level (and therefore, the repealing of the previous Directive 1999/93/EC and the respective national laws).
In this way, the EU Trust Service Providers can offer their services in any other EU country, eliminating previous barriers. Therefore, this harmonization particularly contributes to the creation of the “digital single market” which, according to EU forecasts, must be fully operational by 2020.
- The Regulation has created the “EU trust mark”, which clearly distinguishes qualified trust services from other trusted services.
- The Regulation has introduced the concept of Qualified Trust Services Providers and Electronic Trust Services.
In particular, it has created the following qualified services (those that meet the requirements applicable in Regulation (EU) No 910/2014): electronic signatures and electronic stamps. Electronic signatures are intended for individuals and electronic stamps to legal entities. In addition, it regulates other trusted services such as electronic time stamps, electronic documents, electronic delivery services and website authentication.
Qualified Trusted Service Providers obtain this status through a Conformity Assessment Report and must be audited at least every 24 months by a Supervisory Body.
- New levels of electronic identification, low and substantial,are specified, improving identification mechanisms for different business and technological contexts, such as handwritten signatures on mobile devices or cloud signature solutions.
- The Regulation has introduced the concept of Electronic Signature in three different levels:
– Electronic Signature: The definition of electronic signature is not modified under eIDAS. The electronic signature has legal effects and is admissible as evidence in legal proceedings.
– Advanced Electronic Signature: It allows the unique identification and authentication of the signer of a document and allows checking the integrity of the signed document. Normally, this authentication is usually achieved with the issuance of a digital certificate by a Certification Authority (CA).
– Qualified Electronic Signature: They are the electronic equivalent of handwritten signatures. They are based on Qualified Certificates, which can only be issued by a CA accredited by the EU Member States and must meet the requirements of eIDAS. These are the only signatures that ensure the mutual recognition of their validity by all EU Member States.
- Recognition of electronic signatures as evidence at trial within the EU.
This concept is reflected on Article 25 of eIDAS, which provides that legal effects and admissibility as evidence in court proceedings are not denied to an electronic signature by the mere fact of being an electronic signature or because it does not meet the requirements of qualified electronic signature. In fact, a qualified electronic signature has a legal effect equivalent to that of a handwritten signature.
In addition, a qualified electronic signature based on a qualified certificate issued in one Member State shall be recognized as a qualified electronic signature in all other Member States.
- The regulation recognizes admissibility as evidence in a trial and its legal effect for electronic signatures even though it only equates qualified electronic signatures with handwritten signatures and qualified electronic seals gives them the presumption of integrity and correctness of the origin of the data to the seal it is bound to.
- The Regulation creates the EU Trusted Lists, which reflects the Qualified Electronic Trust Services Providers and the services they offer. The TSPs and its services will be qualified if they appear on these lists.
- Qualified signature creation devices are regulated. They must meet the requirements listed in Annex II of Regulation (EU) 910/2014. The European Commission shall establish, publish and maintain a list of qualified electronic signature/stamp devices with the information provided by the Member States.
- Remote identification for electronic signature is enabled and, therefore, the on-site identification is no longer needed. To ensure the safety of the process, other identification means such as prior on-site identification, qualified electronic seals or qualified electronic signature certificates are used.
- The Regulation establishes that Trust Service Providers shall be audited every 24 months by a Conformity Assessment Body. The purpose of the audit is to confirm that both Qualified Trust Service Providers and the electronic trust services they provide meet the requirements of Regulation (EU) 910/2014.
The introduction of the eIDAS Regulation was a necessity at EU level, since prior to its entry into force the identity documents of citizens form one Member State were not valid in other EU Member States.
Therefore, eIDAS facilitates the provision of cross-border services and allows companies to operate outside their borders. Ultimately, it benefits citizens, businesses and Public Administrations in tasks such as paying taxes, public tenders, signing online contracts, economic transactions through electronic banking and online health services, among others.
Source: European Commission