5th anniversary eIDAS: the regulation of electronic identification and trust services in Europe

Today July 1st, 2021, we commemorate five years since the application of Regulation (eu) no 910/2014 of the European Parliament and of the council of 23 july 2014, on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, usually known as the eIDAS Regulation.

In this article, we will address the main aspects of the eIDAS Regulation, how the internal market of the European Union has evolved as a result of its application and a brief overview about the proposed modifications for this Regulation.

The eIDAS Regulation: a regulatory environment that reinforces trust in electronic transactions in the European Union

The eIDAS Regulation entered into force in mid-2014, however, it was not until July 1, 2016 when, in accordance with its article 52.2, it became fully applicable. This regulation represented at the time one of the clearest signs of the European Union to promote a climate of trust in the environment of electronic operations within the European Union, as an essential element of its economic and social development.
 
In the the eIDAS Regulation creation process, the European Union recognized the fragmentation of the digital market, the lack of interoperability and the increase of cybercrime activities as major obstacles to the development of the digital economy within the European Single Digital Market, which until today, it had encountered numerous barriers in front of the different regulations on trust services in each Member State.
 
One of the main objectives proposed and achieved by the Regulation is to strengthen the trust in electronic transactions in the internal market of the European Union, creating a common basis for secure electronic interactions between citizens, companies and public administrations. This achievement has resulted in an improvement in efficiency of public and private online services, e-business and e-commerce in the Union.

Evolution of the eIDAS regulation: regulated aspects in electronic transactions

The eIDAS Regulation ordered the repeal of Directive 1999/93/CE, which contained the general guidelines for the elaboration of national laws on electronic signatures. Unlike this Directive, the eIDAS Regulation would not only have a direct application within the Member States of the European Union, but also brought with it a global cross-border and cross-sector framework to guarantee safe, reliable and user-friendly electronic transactions.

This global framework conceived Trust Services beyond the electronic signature, recognizing the need to implement other additional services to provide security and trust to digital transactions within the European Union. In this sense, since it was sanctioned, in addition to the services for the creation of electronic signatures, the electronic stamps (legal entities) and electronic time stamps were recognized. These last two services, despite being quite widespread within the global market, had not had sufficient legal coverage yet.

Likewise, with the entry into force of eIDAS, electronic delivery services were recognized. These services were already regulated at that time in some countries of the European Union, but not recognized in a transversal and cross-border manner within the countries of the EU. This kind of services has opened a number of possibilities for the digitization of procedures historically carried out in non-virtual formats, such as reliable notifications between contractual parties.

 Another of the services that have been recognized by the eIDAS Regulation is the creation of certificates for web authentication, which historically had been provided by companies with a global scope and which, despite the extension of their use in the European Union, had not found the appropriate special regulation. By the date of publication of the eIDAS Regulation, this kind of services were already (and continue to be) recognized as of high importance for the generation of trust in online transactions such as e-commerce, which in collaboration with browsers, contributes granting trust to ecommerce websites.
 
This regulation also brought with it the recognition as a trust service of the conservation of objects in digital format, in this case the preservation of qualified electronic signatures and seals. The recognition of this trust service opened the door to regulate services that had been provided in an unregulated manner or, in cases such as Spain, with sectoral regulation for the digitization of invoices and other fiscal receipts. The conservation of qualified electronic signatures and seals has made possible the conservation of electronic documents and data messages with technical and legal guarantees that provide reliability to them, as well as enabling compliance with legal mandate for conservation of certain documents now in electronic formats.
 
Finally, the eIDAS Regulation made the verification and validation of electronic signatures, electronic stamps, time stamps and web authentication certificates a trust service.

Validation of electronic signatures, the service regulated by eIDAS that completes the guarantees of signatures, electronic seals, time stamps and web authentication certificates

Validation has always been a necessary element and intrinsic action to the trust that services such as electronic signature provide. Its recognition as a trust service allowed to close the full circle of trust around these services in benefit of the legal certainty required by multiple regulated sectors, historically resistant to the complete digitization of processes with high risks levels.

So important is to implement electronic signature processes with a qualified digital certificate in organizations as it is to implement reliable electronic signature validation systems that respond to national and European norms and standards. 

The convenience of the validation of electronic signatures lies on the need shared by companies, self-employed professionals and institutions to carry out electronic transactions without relinquishing the protection of a secure digital environment.

Why is the eIDAS Regulation so important? Benefits and reference model for other countries

In general, in the last 5 years, the implementation of the eIDAS Regulation has enabled a range of possibilities for new business models. In natively digital sectors, it has opened the door to provide security to multiple disruptive initiatives in traditional sectors such as Fintech, Insutech or Proptech and in general digital entrepreneurship.

However, the Regulation has also brought benefits in the digital transformation of traditional and highly regulated sectors, as has been the case of the massification of these services in Public Administration implementations that provide better citizen public services, banking sector that have obtained guarantees and regulatory compliance solutions, among others.

The benefits that the internal market of the European Union has obtained in recent years as a result of the application of the eIDAS Regulation are undeniable, especially in the last year due to the mobility restrictions caused by the global pandemic, which have found a response in the digitization of processes.

However, it is not the only place where it has managed to have influence. In the last five years, the whole world has turned its gaze to know, understand and replicate the European model in terms of trust services. In many cases modifying local regulations to incorporate new trust services in addition to the electronic signature, and in others directly embracing the eIDAS or its related technical regulations, as was the case in the Dominican Republic in 2019.

This five-year period has also made possible to recognize operational aspects necessary to maintain a regulation that responds to current socio-economic challenges, as well as to the rapid advance of technology, which together demand flexible and dynamic responses from the applicable regulations. In this sense, in November 2020, Spain enacted complementary legislation to the eIDAS Regulation, aimed at regulating certain aspects of trust services whose development corresponded to the Member States, by direct referral of the Regulation.
 
In the same way, these first 5 years of application have also made possible to recognize, study and evaluate both positive and improvable aspects of the Regulation, which require, in some cases, to be strengthened and, in others, modifications to take advantage of its full potential.

👉 Proposal for a Regulation of the European Parliament and of the Council

amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity 

Some of the proposed reforms include the European Digital Identity, which will allow decentralized solutions, stating that Member States will provide an European digital identity wallet to both natural and legal persons, allowing its issuance and recognition to both public institutions and private sector companies, which could create a new market for private operators.