The 6 key questions to understand the eIDAS Regulation

The rise of digital services has made clear the need for a standard or regulation that guarantees security in remote operations.

Broadly speaking, this is how the eIDAS came about. In this post, we address 6 key questions to understand eIDAS in a simple way.

1 – What is the eIDAS Regulation?

The eIDAS Regulation is a regulatory framework that regulates digital identification and trust services in Europe, that is, it standardizes the necessary requirements to carry out transactions online.

This regulation establishes a common legal and security framework for the Member States, which includes the conditions for recognizing natural and legal persons through means of electronic identification.

Specifically, the eIDAS regulates electronic signatures, electronic seals, electronic time stamps, electronic documents, certified electronic delivery services (certified email) and certified services for website authentication (we delve into these points in question 6).

In short, eIDAS is a tool to facilitate secure cross-border electronic transactions. This is a key element to allow the connection of electronic services and identification systems between European administrations.

eIDAS stands for Electronic IDentification, Authentication and trust Services.

⚠️ The eIDAS Regulation was approved in July 2014, and various modifications were subsequently added. Currently all EU members accept the electronic identification (eID) of the other member states.

What information does the eIDAS Regulation contain?

The eIDAS is divided into four blocks:

• In the first one, it defines the regulations and the basic requirements that must be adopted.
• In the second one, it establishes the standards to comply with the regulation.
• In the third one, it explains the rules of the EU implementation (we break them down in question 6).
• And, finally, the national regulations that can be extended or adapted.

2 – What is the purpose of eIDAS?

The objective of eIDAS, in line with the purpose for which the European Union was created, is to facilitate any type of electronic transaction between citizens, companies and public administrations of any State of the Union.

In other words, this regulation is created so that EU citizens can easily and safely access any service, public or private, offered by any European State or company. In short, it is about moving towards a true digital single market.

The eIDAS was created as a tool to support the creation of a Digital Single Market in the European Union.

3 – Why is eIDAS important?

The regulatory framework established by the eIDAS is important because it establishes the bases for the management of operations and sensitive transactions remotely, without compromising the security of citizens. Specifically, the eIDAS Regulation is important because:

• It guarantees that companies and individuals can access online public services from other EU countries, facilitating interoperability.
• It favors digitization and guarantees that online services have the same validity as face-to-face services.
• It formalizes the legal framework for digital or electronic identification and trust services used in digital transactions.
• It establishes the supervision and responsibility guidelines that trust service providers must comply with.
• It simplifies access to public services and procedures with public administrations.
• It stimulates the creation of innovative digital services.
• It improves the online experience of EU citizens.
• From the point of view of companies, this regulation favors the digital transformation of their bureaucratic processes and allows them to reduce costs and time. As for users, this regulation translates into comfort and freedom of movement, without waiting and without travel, with full guarantees.

4 – What is the origin of eIDAS?

The origin of the eIDAS that we know today dates back to 1999 (specifically, to the Directive 1999/93/CE, which established a community regulatory framework for electronic signatures). At that time, some common guidelines were established to standardize the use of electronic signatures in the European Union.

With Directive 1999/93/EC, the validity of electronic signatures was equated to handwritten signatures (including their validity in court).

The fundamental problem with this first directive was that it included regulatory loopholes and that each Member State could interpret it in its own way. For example, each country had a way of identifying users in electronic services, which did not have to coincide with the mechanisms of other countries.

Actually, this went against the very intention of the standard, since it blocked many processes and hindered interoperability. In fact, it was a great complication for the recognition and validity of electronic signatures between countries.

For this reason, in 2006 a binding law was decreed for the entire EU with the aim of creating a single electronic signature system (in accordance with the ultimate objective of creating a Digital Single Market).

And in 2014, the eIDAS, Regulation (EU) No. 910/2014 on electronic identification and trust services, was published. In this way, the regulations are extended not only to electronic signatures, but also to trust services.

The eIDAS entered into force on July 1, 2016 throughout the European Union as a Regulation (that is, applying directly in all Member States) to establish a new framework legal framework for electronic signatures and trust services in Europe.

With this extension, it was intended to:

• Eliminate differences and borders between member countries in terms of citizen identification and validity of electronic signatures
• Streamline services, increase efficiency and reduce costs
• Promote transparency and trust in online public and private public services

5 – Who does eIDAS impact?

The regulation directly impacts trust service providers, since it imposes specific requirements on them when it comes to implementation and operation.

The eIDAS also applies to commercial services and to any organization that needs to carry out transactions through the public network, involving commercial or legal matters in which verify the identity of those involved. Such as, for example, legal and insurance contracts, banking agreements, electronic invoicing, tax statements, rentals, etc.

For its part, the public administration is also affected, since it will have to recognize standard signature formats and pan-European identities.

As for the individual consumer of this type of service, that is, European citizens do not have to worry about eIDAS compliance. Compliance falls on the entities that offer trust services.

6 – What does the eIDAS regulate? What does the regulation cover?

As we have been commenting, the eIDAS stipulates a set of regulations related to electronic identification and trust services. And, specifically, it regulates the following electronic tools:

Electronic identification

→ The eIDAS is responsible for standardizing electronic identification in all EU Member States.

Electronic electronic identification refers to the identity verification method used by entities to digitally confirm the identity of their new clients (that is, verify that they are who they say they are).

Fiduciary services

→ The eIDAS establishes the rules that govern trust services for authentication and signatures.

Fiduciary services, understood as contracts between two parties, which are carried out to carry out a certain project.

Trusted Services

→ The eIDAS establishes the rules according to which trust services are established and operate, specifically, for electronic transactions. 

Trust services are electronic tools that help various parties settle binding transactions or operations.

The eIDAS Regulation includes the following trust services:

• The creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, certified electronic delivery services and certificates relating to these services.
• The creation, verification and validation of certificates for website authentication.
• The preservation of electronic signatures, seals or certificates related to these services.

Electronic signature

→ The eIDAS defines three categories of electronic signatures, according to the evidence required to prove that the signature is authentic.

Electronic signature means an electronic confirmation that you agree with the content of a document, that is, the electronic signature represents you and confirms your will.

More info here.

Electronic seals

→ The eIDAS regulates two types of electronic stamps:

1. Electronic seals. It is an electronic declaration, which associates documentation to a legal person. 
2. Time stamps, can be advanced or qualified. They correspond to data in electronic format, linked to a specific moment.

Electronic seals can be defined as data linked to electronic information and that guarantee its integrity and origin. They certify authenticity and have legal validity. 

Notifications

→ And, finally, the eIDAS provides the rules on certified electronic delivery services.

The regulation understands the certified electronic delivery service as a service that allows data to be transmitted between third parties by electronic means and provides evidence related to the management of the transmitted data, including proof of sending and receiving the data. data, and that protects transmitted data against the risk of loss, theft, deterioration or unauthorized alteration.

---

TOP resources to delve into the subject

• 526 Reglamento eIDAS (UE) 910/2014 servicios de confianza y LSEC (Ley 6/2020), at ViCoTAE
• Guidelines on Supervision of Qualified Trust Services › download
• The eIDAS Regulation For Dummies › download