eIDAS – the European Union’s Electronic Identification, Authentication and Trust Services regulation – is being applied directly and in its entirety in the whole of EU since September 29, 2018. Stefan Runneberger, expert on public information infrastructure at identity and security company Nexus Group, explains the regulation in 3 minutes.
What’s the eIDAS elevator speech?
“eIDAS regulates electronic identification and so-called trust services for electronic transactions in the EU’s internal market. It aims to facilitate secure and seamless electronic transactions within the EU, spur digital growth, drive innovation, and make it easier to live and work in other EU member states. To give electronic transactions the same legal standing as paper-based transactions, eIDAS has created technical standards for electronic signatures, electronic seals, qualified digital certificates, timestamps, and more,” says Runneberger.
How does eIDAS affect my organization?
“All organizations delivering public digital services in an EU member state that accept electronic IDs with a ‘substantial’ level of assurance must accept all eIDAS-approved electronic IDs, regardless of the EU member state in which they are issued. And in some cases, eIDAS compel public organizations to accept e-signed documents. These are the only obligatory demands eIDAS puts on organizations that are not trust-service providers. Aside from this, it’s up to you to make use of the regulation as you see fit. Using eIDAS-approved electronic IDs and signatures can improve your business processes a lot: it makes it much easier to conduct secure digital transactions, both inside a single EU member state and across different member states. Norway, Iceland and Liechtenstein are also included in the regulation,” says Runneberger.
How can I accept foreign, eIDAS-approved electronic IDs?
“Each EU member state is creating one node – or more – to which anyone who wishes to authenticate to e-services in that country using a foreign eIDAS-approved electronic identity will be directed. The authentication solution your organization uses needs to be adapted and able to connect to that specific country’s node,” says Runneberger.
How do electronic IDs get eIDAS-approved?
“National eIDs need to be approved in their respective countries and nominated for use within the entire EU,” says Runneberger.
Download the checklist: ”6 crucial considerations when choosing an e-signature solution.”
What does eIDAS say about electronic signatures?
“The eIDAS definition of an electronic signature is data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign. eIDAS defines three levels of electronic signatures: simple electronic signature, advanced electronic signature and qualified electronic signature. Advanced electronic signatures are considered proficient for many scenarios,” says Runneberger.
What’s the eIDAS definition of advanced electronic signatures (AdES)?
“An advanced electronic signature is an electronic signature that is uniquely linked to and capable of identifying the signatory, created in a way that allows the signatory to retain control, and linked to the document in a way that any subsequent change of the data is detectable. The most common method for creating advanced electronic signatures is to use a so-called public key infrastructure (PKI) and a cryptographic mechanism called digital signature,” says Runneberger.
What does eIDAS say about trust services?
“Trust services includes services that involve electronic signatures, electronic seals, electronic time stamps, authentication of websites, and secure electronic delivery. eIDAS defines the standards of how trust service providers are to perform their services, and it provides guidance to EU member states on how trust service providers are to be regulated and recognized,” says Runneberger.
How can my organization benefit from eIDAS as much as possible?
“Digitalize your processes and use an e-signature solution that enables your users to make advanced electronic signatures when contracts, transactions, and administrative procedures are to be signed. This can increase your competitiveness and can save you both time and money. And make sure to accept foreign, eIDAS-approved electronic IDs even if you’re not obliged to: this makes it much easier to attract customers and close deals,” says Runneberger.
