eIDAS: The Digital Identification Regulation for Europe
The eIDAS regulation introduces a paradigm shift in digital identification and electronic signature in Europe.
This new community regulation has forever changed the way of doing business and how companies and users in Europe interact with each other.
What is eIDAS Regulation (EUR-LEX Definition)
The eIDAS acronym is for electronic IDentification, Authentication and trust Services. It corresponds to Regulation (EU) No. 910/2014 of the European Parliament and Council of July 23, 2014.
This new eIDAS EU regulation for identification and digital signature is opposed to electronic administration projects based on Law 11/2007 of citizen electronic access to public services.
eIDAS implementation standards
The eIDAS certification sets the standards and criteria for simple electronic signature, advanced electronic signature, qualified electronic signature, qualified certificates and online trust services. Furthermore, it rules electronic transactions and their management.
Previously, the need for physical attendance in a Registration Entity was a compulsory condition to verify user’s identity and begin a relationship with security. Nowadays, this can be done digitally thanks to eIDAS and Certification Authorities, and a reliable online environment is built with maximum guarantees, leading to new digital identification mechanisms. This way, eIDAS becomes key for open banking.
The face-to-face presence act required to receive a certificate in a Registration Entity is avoided because of the eIDAS Regulation and can instead be completed via a remote digital channel, as stated in Article 24. Means of verification, such as video identification, act as a key solution within this framework.
The eIDAS framework manages the certificate issuance of a qualified electronic signature, making it possible to maintain trust in a person’s identity from another recognized certificate. This way, a new ecosystem of electronic administration is created and needs just one click to integrate new users.
Thus, eIDAS regulation introduces other recognised identification methods that provide security equivalent to physical presence. This security level and legality are confirmed by a Conformity Assessment Body.
eIDAS countries of application: creating a single market in Europe with AML
5AML Directive (or the 5th Anti Money Laundering Directive), together with eIDAS regulation, involves creation of a Digital Single Market that allows homogenising electronic identification in Europe and acquiring customers immediately and remotely.
5AMLD, or AML5, allows financial companies to work in a single market of 508 million consumers by removing barriers between the user and the company in the customer acquisition process.
The European regulation of trust services 920/2014 (eIDAS) delegates to the AML5 Directive the ability to identify new customers in a simple, safe, and remote way in any country of the European Union.
In addition, eIDAS regulation also defines the requirements for certificate PSD2 compliance with digital certificates. This includes standards designed to verify their holders’ identity, as well as the operation of the Qualified Trust Service Providers (QTSPs) that issue them. eIDAS Certificates which are issued in accordance with eIDAS standards by Qualified TSPs are also known as “Qualified Certificates” and provide special status in certain legal and regulatory contexts across the EU.
In terms of the eIDAS level of assurance, eIDAS encompasses the following.
eIDAS countries vs eIDAS level of assurance:
- High, substantial, and low: Czech Republic, and Italy.
- High: Estonia, Spain, Malta, Germany, Austria, Slovakia, Croatia, Belgium, Luxembourg, Norway, Lithuania, and Portugal.
- High and substantial: Sweden, The Netherlands, and Latvia.
- Substantial: France, Denmark.
eIDAS qualified certificate for digital identification
The new eIDAS regulation establishes a level of assurance with basic and reasonable standards for digital identification: it is needed to create a reliable environment and it must be done with the maximum technical guarantees for the users’ and companies’ safety.
Lessons learned in the last decade have allowed companies and regulators to become aware of the needs and, consequently, allow new licenses in the eIDAS regulation that led to new digital identification mechanisms without lowering process security.
Article 24 avoids the act of personalisation prior to obtaining a certificate in a Registration Entity and allows to do everything from a digital and remote channel. Identification methods such as synchronous and asynchronous remote video identification come into play to achieve eIDAS compliance.
Through an eIDAS electronic signature legally binding by its qualified certificate, it is possible to inherit the confidence and guarantee in the identity from another recognised certificate. Equivalent safety is confirmed by a conformity assessment body.
eIDAS compliance: why is it so important?
eIDAS certification introduces, for the first time in history, electronic identification methods for companies to not require the physical presence of their customers in a commercial office or branch to operate or, for example, open a bank account.
Regulated sectors, such as financial or telecommunications sector, can now acquire customers online anytime and anywhere. eIDAS regulation establishes a completely new framework for action and a common economic language for operations between companies and users.
But eIDAS compliance is not just a regulatory peak for the private sector in terms of digitalisation. Thanks to the 5AMLD and eIDAS implementation, the digitalisation of certain bureaucratic and sales processes becomes a reality, decreasing costs and time spent while offering users a comfortable experience to become customers of a company, managing their products and services, or interacting with the public administration.
This way, eIDAS regulation EUR-LEX eliminates the situations in which users give up due to a complex process and a need to personify themselves in a commercial office, store or branch of the company they want to become clients. In addition, it gives the government necessary tools to improve their digital processes in favour of citizens, creating better and much more seamless relationships, reducing waiting times, workload, and, overall, frustration.
Signicat, leading partner for optimal eIDAS compliance
Our video identification, authentication and electronic signature (Electronic Signature API) solutions, pioneering and unique in the market, offer a wide range of trust services for KYC processes (Know Your Customer), digital onboarding and online acquisition of customers, as well as for contractual customer relationship management.
We created VideoID, the first and only technology that combines video streaming with advanced artificial intelligence and machine-learning techniques to identify people quicker than ever from any device and through any channel. It has become completely legally binding and provides the same technical security as face-to-face identification.