eIDAS 2.0 regulation: what will the new regulation cover?
Discover the changes compared to eIDAS 2014 regulation
In June 2021, the European Commission proposed an update to its pan-European digital identity framework that will enable every European to have a set of digital identity credentials that are recognised anywhere in the EU. In this blog, we take a closer look at eIDAS, what it is, what its objectives are, and it's evolution over time.
Definition and objective of the eIDAS regulation
What does eIDAS mean?
eIDAS stands for electronic IDentification, Authentication and Trust Services. The eIDAS regulation is therefore a regulation on electronic identification and trust services for electronic transactions in the internal market. Identification and authentication are fundamental needs: the eIDAS regulation therefore defines identification schemes and authentication means required as part of a common electronic identity.
The eIDAS Regulation 2014 follows on from Directive 1999/93/EC, and extends the possibility of digital cooperation within the EU and the UK. The eIDAS set a common definition of the levels of electronic signature in the European Union for the first time, as well as a principle of mutual recognition and acceptability of the electronic form.
To put it simply, the eIDAS regulation created a real common digital space in the European Union and the UK for the first time.
What are the objectives of this regulation?
The same, as your company surely: to improve economic activity and business in the EU and the UK by helping companies, citizens and public authorities to conduct secure and transparent electronic interactions.
When it comes to electronic signatures, the key thing to remember is that the eIDAS regulation:
- defines the concept of e-signature
- affirms its admissibility in court throughout the EU
- deals with its legal effect
In terms of electronic identification, the eIDAS regulation already allows citizens and businesses to use their own national electronic identification systems (eID) to access public services available online in other EU countries.
Nevertheless, these means remain under-utilised while a true European internal market for trust services has been created.
The evolution of eIDAS from 2014 to 2022
Since eIDAS defines a clear common framework for the European digital space, why amend this regulation in 2022? First of all, because the market is evolving. Digital services are growing rapidly, including, as you may have noticed, in sectors where maximum security is paramount, such as the banking and insurance sector. Who doesn't use online banking services today?
Secondly, because a large number of services require high levels of assurance, both to subscribe to them and to access them.
Although the eIDAS regulation already dealt with electronic identity, today less than 30% of the population is equipped with a sufficiently practical and secure electronic identity solution. Moreover, not all countries accept authentication on their public services when the means presented derives from an identity provided by a third country and it is clear that few offer adequate solutions today.
Finally, a second version of the eIDAS regulation is necessary to deal with new trust services, which were not present in the old regulation. For example, it is necessary to define qualified electronic archiving or to work on defining and managing electronic identity attribute certificates.
What are the main objectives of the eIDAS 2.0 regulation?
There is a real desire to increase cooperation between the various services offered. The services must therefore be easily set up, recognised and operable between them. Moreover, there is a need for a simpler connection between private and public services. Will this desire for a connection between private and public services be translated into a legal obligation or remain a simple recommendation? This is a point that is not yet defined. Finally, the new version of the eIDAS regulation aims to define additional services.
One of the objectives of eIDAS 2.0 is to create the means for a unified and secure identification service able to offer new authentication methods. To achieve this, the regulation wants to offer a modular approach and adapt to the market by creating certification schemes specific to each of these services.
This approach will encourage the development of a myriad of technical offers and will lead to them being made available to the citizen in a shorter time than in the past.
The final objective is clear: within three years, to equip more than 80% of the European population with a digital wallet that will allow them to prove their identity and authenticate themselves on public services in all EU countries and the UK, regardless of their nationality. Thus, the eIDAS 2.0 regulation aims to cover the increase of authentication in all public services, as well as the scope of services, including banking, for example in the subscription process.