EIDAS

From Glitchdata
Jump to navigation Jump to search
EU trust mark for qualified trust services
The EU digital single market and the facilitation of public services across borders.

Template:Lowercase title eIDAS is an EU regulation on electronic identification and trust services for electronic transactions in the internal market. It is a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. It was established in EU regulation № 910/2014 of 23 July 2014 on electronic identification and repeals directive 1999/93/EC.[1][2]

Description

eIDAS oversees electronic identification and trust services for electronic transactions in the European Union's internal market. It regulates electronic signatures, electronic transactions, involved bodies and their embedding processes to provide a safe way for users to conduct business online like electronic funds transfer or transactions with public services. Both the signatory and recipient have access to a higher level of convenience and security. Instead of relying on traditional methods, such as mail, facsimile service, or appearing in person to submit paper-based documents, they may now perform transactions across borders, e.g., using “1-Click” technology.[2][3]

eIDAS has created standards for which electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof for authentication mechanisms enable electronic transactions with the same legal standing as transactions performed on paper.[4]

The eIDAS Regulation came into effect in July 2014 as a means to facilitate secure and seamless electronic transactions within the European Union. EU member states are required to recognize electronic signatures that meet the standards of eIDAS.[2][5]

Vision

eIDAS is a result of the European Commission’s focus on Europe’s Digital Agenda. With the Commission’s oversight, eIDAS was implemented to spur digital growth within the EU.[6]

The intent of eIDAS is to drive innovation. By adhering to the guidelines set for technology under eIDAS, organizations are pushed towards using higher levels of information security and innovation. Additionally, eIDAS focuses on:[5][7]

  • Interoperability – Member states are required under eIDAS to create a common framework that will recognize eIDs from other member states, while ensuring its authenticity and security. This allows users to easily conduct business across borders.
  • Transparency – eIDAS provides a clear and accessible list of trusted services that may be used within the centralized signing framework. This allows security stakeholders the ability to engage in dialogue about the best technologies and tools for securing digital signatures.

Regulated aspects in electronic transactions

The eIDAS Regulation provides the regulatory environment for the following important aspects related to electronic transactions:[2]

  • Advanced electronic signature – an electronic signature is considered advanced if it meets certain requirements. It provides unique identifying information that links it to its signatory. The signatory has sole control of the data used to create the electronic signature. It must be capable of identifying if the data accompanying the message has been tampered with after being signed. If the signed data has changed, the signature is marked invalid. Certificate for electronic signature – electronic proof that confirms the identity of the signatory and links the electronic signature validation data to that person. Advanced electronic signatures can be technically implemented, following the XAdES, PAdES, CAdES or ASiC Baseline Profile (Associated Signature Containers) standard for digital signatures, specified by the ETSI.[8]
  • Qualified electronic signature – an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
  • Qualified digital certificate for electronic signature – a certificate that attests to a qualified electronic signature’s authenticity that has been issued by a qualified trust service provider.
  • Trust service – an electronic service that creates, validates and verifies electronic signatures, time-stamps, seals and certificates. Additionally, a trust service may provide website authentication and preservation of created electronic signatures, certificated and seals. It is handled by a trust service provider.

Evolution and legal implications

The eIDAS Regulation evolved from Directive 1999/93/EC, which set a goal that EU member states were expected to achieve in regards to electronic signing. The directive made the European member states responsible for creating laws that would allow them to meet the goal of creating an electronic signing system within the EU. As a regulation, all Member States are required to abide by the specifications given under eIDAS as it is legally binding throughout the EU as of July 1, 2016.[9]

eIDAS provides a tiered approach of legal value. It requires that no electronic signature should be denied legal effect or admissibility in court solely because it is not an advanced or qualified electronic signature.[10] For qualified electronic signatures it is required that they be given the same legal effect as handwritten signatures.[11] For electronic seals (the legal entities' version of signatures) probative value is explicitly addressed, since seals should enjoy the presumption of integrity and the correctness of the origin of the attached data.[12]

References

Template:Reflist

  1. Turner, Dawn. "Understanding eIDAS". Cryptomathic. http://www.cryptomathic.com/news-events/blog/understanding-eidas. Retrieved 12 April 2016.
  2. 2.0 2.1 2.2 2.3 "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". The European Parliament and the Council of the European Union. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG. Retrieved 18 March 2016.
  3. van Zijp, Jacques. "Is the EU ready for eIDAS?". Secure Identity Alliance. https://www.secureidentityalliance.org/index.php/blog/item/20-eidas-eu-identity-assurance/20-eidas-eu-identity-assurance. Retrieved 18 March 2016.
  4. Turner, Dawn M.. "eIDAS from Directive to Regulation - Legal Aspects". Cryptomathic. http://www.cryptomathic.com/news-events/blog/eidas-from-directive-to-regulation-legal-aspects. Retrieved 18 March 2016.
  5. 5.0 5.1 Bender, Jens. "eIDAS Regulation: EID - Opportunities and Risks". Fraunhofer-Gesellschaft. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekAusweise/SmartCard_Workshop/Workshop_2015_Bender.pdf?__blob=publicationFile. Retrieved 18 March 2016.
  6. "A Digital Agenda For Europe". The European Commission. http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52010DC0245R(01). Retrieved 18 March 2016.
  7. J.A., Ashiq. "The eIDAS Agenda: Innovation, Interoperability and Transparency". Cryptomathic. http://www.cryptomathic.com/news-events/blog/the-eidas-agenda-innovation-interoperability-and-transparency. Retrieved 18 March 2016.
  8. Turner, Dawn M.. "The Difference Between an Electronic Signature and a Digital Signature". Cryptomathic. http://www.cryptomathic.com/news-events/blog/the-difference-between-an-electronic-signature-and-a-digital-signature. Retrieved 21 April 2016.
  9. "Regulations, Directives and other acts". The European Union. http://europa.eu/eu-law/decision-making/legal-acts/index_en.htm. Retrieved 18 March 2016.
  10. Articles 25 (1) and definitions in article 3 (10) to 3 (12)
  11. Article 25 (2)
  12. Article 35 (2)