What is eIDAS – How do you know who to trust?
If you want to streamline digital onboarding and transactions across borders, an EU regulation can give you complete confidence in digital identity providers.
The eIDAS (Electronic Identification, Authentication and Trust Services) is an EU regulation that took effect in 2016. According to the European Commission, the Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation), provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities. This means it provides a set of standards for electronic identification and trust services for digital transactions in the European Single Market. It allows citizens and companies within Europe the right to use their own national eID (electronic identification) scheme to access public services in different member states.
eIDAS creates harmony among EU eIDs
The eIDAS regulation aims to harmonize eIDs and trust services across the EU and allows them to work together. Initially, the eIDAS regulation was only meant for public services, but there is a lot of opportunity to use it for private services too. The European Commission and the regulation itself, encourages member states to work with the private sector. It encourages them to use their national eID schemes for digital identification in private business.
This is a major step in building a Digital Single Market. It boosts trust, security and convenience online, not only for governments and businesses, but also consumers. There is major convenience for anything you want to do online. You can submit tax declarations, enroll in a foreign university, remotely open a bank account, or even set up a business in another member state.
- Makes cross-border electronic transactions more secure
- Decreases red tape for businesses, reducing costs
- Increases convenience of government services
- Allows for transparency and standardization in trust services
What are the different types of trust services?
Trust Service Providers (TSPs) are responsible for assuring the digital ID of people through authentication, digital certificates and digital signatures. eIDAS regulates how these TSPs perform these services throughout EU member states.
These are the trust services defined in eIDAS:
- Issuance of qualified electronic certificates for electronic signature, electronic seal and website authentication
- Electronic time stamp
- Validation of electronic signatures or seals
- Preservation of electronic signatures or seals
- Electronic registered delivery
There are qualified and non-qualified TSPs. Non-qualified providers can be almost any start-up and they may not be fully trustworthy. For a trust service to be a qualified trust service, it must meet the requirements set out in the eIDAS regulation. An example of a qualified TSP is Signicat which provides qualified time stamps, signatures and seals.
How are TSPs regulated?
A TSP must have been granted qualified status from a government body to provide qualified trust services. Under eIDAS, the EU maintains an EU Trust List, which contains the providers and services that are given qualified status per each EU member state. If a provider is not on the list, they are not permitted to provide qualified trust services.
In order to be qualified the provider must undergo an extensive audit, which is incredibly difficult to pass. This means that not all startups are able to achieve qualified status allowing you to know exactly which provider to trust and not trust. For more information and regulations on trust services visit eid.as.