eIDAS Regulation (EU) 910/2014
The cross border use of eID and trust services in the EU: experience and lessons
learnt UNCITRAL Colloquium on Legal Issues related
to Identity Management and Trust Services – Vienna (AT), 21 April 2016
Andrea SERVIDA
DG CONNECT, European Commission
Head of eIDAS Task Force
eIDAS
eIDAS: boosting trust & supporting businesses!
TRUST CONVENIENCE
CROSS-BORDER SEAMLESS 2
eIDAS Regulation provides
for eID & TS:
- Cross-border recognition
- legal certainty
- Interoperability
- Security
- Non-Discrimination
- Liability
- Technological Neutrality
3
eIDAS
eID
Electronic signatures
Electronic seals
Electronic time stamps
Electronic delivered registered services
Website authentication
Electronic documents
Validation Preservation
Website authentication: check if the cloud website you enter is really the one set for fulfilling obligations
stemming from the contract
Creation of the contracting document
Time stamp: Proof of the time of signing the
contract
E-registered
delivery: Formal
communications with the
counterpart may need to be
securely delivered
Preservation: Electronic storage of the
contract
eID: identify (or authenticate) yourself using, for instance, an
eID means
4
What does it mean for B2B? Cross-border signature of a
contract
E-signature: the legal representative
of the company confirms the
agreement to the terms and
conditions of the contract
E-seals: ensures the authenticity of
the contract as well as that it is from the company
•
eIDAS: Key principles for eID
eID
Sovereignty of MS to use or
introduce means for eID
Mandatory cross-border recognition
only to access public services
Full autonomy for private
sector
Principle of reciprocity relying on
defined levels of assurance
Interop. -framework
Cooperation between
Member States
The Regulation does not impose the use of eID
5
•
eIDAS: Key principles for trust services
Trust services
Transparency and
accountability
Technological neutrality
Non-mandatory technical standards ensuring
presumption of compliance Specific legal
effects associated to qualified trust
services
Non-discrimination
in Courts of eTS vs paper
equivalent
Risk management
approach
The Regulation does not
impose the use of trust
services
6
Legal Act Reference Adoption date
Entry into force
eIDAS Regulation 910/2014 23.07.2014 17.09.2014 (1.07.2016 - application
provisions on TS)
eID
ID on procedural arrangements for MS cooperation on eID (art. 12.7)
2015/296 24.02.2015
17.03.2015
IR on interoperability framework (art. 12.8) Corrigendum C(2015) 8550 of 4.02.2016
2015/1501 8.09.2015 29.09.2015
IR assurance levels for electronic identification means (art. 8.3)
2015/1502 8.09.2015 29.09.2015
ID on circumstances, formats and procedures of notification (art. 9.5)
2015/1984 3.11.2015 5.11.2015 (notified to Ms)
Trust services
IR on EU Trust Mark for Qualified Trust Services (art.23.3)
2015/806 22.05.2015 12.06.2015
ID on technical specifications and formats relating to trusted lists (art. 22.5)
2015/1505 8.09.2015 29.09.2015
ID on formats of advanced electronic signatures and seals (art. 27.5 & 37.5)
2015/1506 8.09.2015 29.09.2015
The eIDAS Legal Framework
7
2014
2015 2016 2017 2018 2019
29/09/2015 Voluntary cross-border recognition
1.07.2016 Date of application of eIDAS rules for trust services
29/09/2018 Mandatory cross- border recognition
Timeline
eID
17.09.2014 Entry into
force of the eIDAS
Regulation
Trust services
eSignature Directive rules
8
26.11.15 - eID DSI v.1 eIDAS compliant Specs and SW
•
eIDAS transformative role: Opportunities for eServices
9
•
• Free circulation of non-qualified trust services provided by trust service providers established in non-EU countries
• Assimilation of trust services provided by trust service providers established in non-EU countries only through international agreement between the EU and the third country of establishment of the trust service provider (art. 14) because:
• Strict procedure and stringent requirements to be granted qualified status at Member States' level
• National Trusted Lists have constitutive effect and ensure cross-border recognition
Stronger legal effects attached to qualified trust services
• eID: Full respect of procedures of the Treaty and of parallelism of internal and external competences of the EU based on EUCJ jurisprudence (AETR)
10
eIDAS - International Aspects
What's hampering the use of eID and eTS in global
businesses?
Lack of legal cross-border predictability
Diversity of legal frameworks differences in legal effects
national/regional legal frameworks
differences in security and accountability obligations
differences in liability regimes
Lack of interoperability on a global level
National silos vs global digital market/businesses
Lack of transparency on the quality of the services
Trust and security aspects
11
•
- Use of eIDs and eAuthentication means should be easy
- No one-fit-all approach: purpose, usage environment, benefits
- Bear in mind other usage scenarios beyond eGov
- Piloting eID projects and technical interoperability first
- Federating approach to interoperability ensures openness and
easily accommodates new technologies/solutions for eID.
- Cross-border recognition to access public services
- Full autonomy for private sector to use eID means
- Transparency: well-defined levels of assurance
- Clear liability rules
12
Lessons learnt: principles to facilitate international use
of eID and eAuthentication means
• - Framework for legal recognition of trust services
- No mandatory use of trust services
- Clear liability regime
- Comparable benchmark for risk management, security
and supervision
- Non-discrimination in Courts of electronic trust services
vis-à-vis their paper equivalent
- No one-fit-all approach Specific legal effects
associated to trust services with a high security level
- Technological neutrality
13
Lessons learnt: Principles to facilitate international
use of trust services
For further information and feedback Web page on eIDAS
http://ec.europa.eu/digital-agenda/en/trust-services-and-eid
Online eIDAS Participatory Platform http://europa.eu/!qc98fX
Text of eIDAS Regulation in all languages http://europa.eu/!ux73KG
Connecting Europe Facility – Catalogue of Building Blocks http://europa.eu/!DN99RQ
eIDAS functional mailbox & twitter account
[email protected] @EU_eIDAS
14