European Regulation No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS) represents a paradigm shift in digital identification and electronic signatures.
Establishes the figure of the trusted service providers(a natural or legal person that provides one or more trust services, either as a qualified provider (complies with the applicable requirements established in the regulation and the supervisory body has granted the qualification) or as a non-qualified provider of trust services.
A trusted service is an electronic service usually provided in exchange for remuneration. It is based on three aspects:
- The creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, certified electronic delivery services and certificates related to these services.
- Creation, verification and validation of certificates for website authentication
- Preservation of electronic signatures, seals or certificates related to these services.
The regulation regulates the figure of the qualified trust service provider in all EU states, through a conformity assessment report and will be subject to audit at least every 24 months by the supervisory body. Therefore, it has the function of transferring legal security and trust to the processes of electronic signature, electronic seal, time stamp, certified electronic deliveries and website authentication.
The new regulation opens the door to new remote identification mechanisms, without reducing process security. This is possible thanks to the use of other electronic means of identification based on:
- Pre-identification in person.
- Qualified electronic signature certificates.
- Qualified electronic seals, inheriting the value and trust of such a certificate.
- Other nationally recognized means of identification providing equivalent security and confirmed by a conformity assessment body.
The electronic identification with identification levels low and substantial (as well as high) that will possibly open up the possibility of using other identification mechanisms such as cloud-based signature solutions, one-time keys (OTP) sent to email and/or cell phone, handwritten signatures on mobile devices, etc.
The regulation recognizes the admissibility as evidence in a lawsuit and its legal effect in all electronic signatures, although it only equates qualified electronic signatures with handwritten signatures and grants qualified electronic seals the presumption of integrity and correctness of the origin of the data to which the seal is linked.
We can say that the eIDAS regulation represents an opening break in the management of electronic certificates, allowing to work with solutions that facilitate greater usability while maintaining security. Necessary legislation on data protection in a digital world that ensures EU-wide standards of protection adapted to a new, increasingly digital society.