By Andrea Servida, European Commission
With the adoption of all the implementing acts, we have taken a concrete step to building and unleashing the potential of Europe’s Digital Single Market. Less than a year ago, eIDAS Regulation entered into force and now we have also completed the adoption of all the implementing acts that were due by 18 September last year. This is a remarkable accomplishment, that makes the EU the first and only region in the world having a workable and balanced legal framework for cross border use of electronic identification and trust services.
Operationalizing eIDAS via the recently adopted implementing acts is a concrete step to building and unleashing the potential of Europe’s Digital Single Market. With eIDAS, the EU has managed to lay down the right foundations and a predictable legal frame-work for people, companies (in particular SMEs) and public administrations to safely access to services and do transactions online and across borders in just “one click”. Indeed, rolling out eIDAS means higher security and more convenience for any online activity, such as submitting tax declarations, enrolling in a foreign university, remotely opening a bank account, setting up a business in another Member State, authenticating for internet payments, bidding for online call for tenders, etc.
What does this mean?
Today, four implementing acts have been published in the official journal: two for eID (on the interoperability framework and on levels of assurance) and two for trust services (on the formats of advanced electronic signatures and seals and on the technical specifications of the national Trusted Lists).
Let me briefly highlight what this means in practice. For eID, by the end of last September 2015, Member States could, on a voluntary basis, start the procedure to notify and recognize national eID, meaning that citizens and companies could use “cross border” to access online public services. This is because the EU now has a set of legal rules (the eIDAS Regulation) and tools (i.e. the level of assurance and the interoperability framework) to support the transparent and accountable mapping of the trustworthiness of existing and diverse national eIDs, together with agreed operational and security specifications for interoperability. Is this all? Not really. Under the Connecting Europe Facility (CEF) the European Commission and EU Member States are also rolling out the eID technical interoperability infrastructure and components to operationally support the cross border use of eID. This was a real premiere in the world!
But, are we done with all this? Not really. The journey has just started and everybody (in particular Member States, the private sector stakeholders and the Commission) has to get ready to fully benefit from EU-wide use of eID. A key enabling role is for MS which have the possibility to notify their eID means without waiting for 2018 when the cross border recognition of eID becomes mandatory.
For the trust services, eIDAS has significantly upgraded and improved the existing legal framework for e-signature. The newly published acts on the formats of trusted lists and of advanced e-signatures and e-seals to be recognized by the public sector, complete the set of tools to ensure transparency and efficiency for cross border use of trust services (i.e. e-signature, e-seal, time stamping, e-registered delivery services, website authentication). Indeed, it would be easier and more convenient for citizens and companies to use their e-signatures/e-seals everywhere in the EU, for transactions with public administrations as well as, we also expect, private sector businesses.
In addition, the establishment at National and EU levels of trusted lists of trust service providers, together with the possibility to differentiate qualified services by means of the EU trust mark, will greatly improve both the transparency of the market, as well as the user’s understanding of the quality and security of the services they rely upon. To conclude, I emphasize that on 1st July 2016, eIDAS will apply and the existing e-signature directive will be repealed. By then, all Member States have to have a supervisory body in place as provided in eIDAS regulation. Such a body will have to be operational in order to allow market players to become compliant with eIDAS in due time. It is not only time for you to get ready, but also for us.
What would come next?
We, at the European Commission, are working and will continue to support you in this last phase of eIDAS implementation. Through the technical solutions deployed under CEF, we foster interoperability of eIDAS tools such as e-ID, e-Delivery and e-Signature by linking up Member States’ infrastructures.
Besides this interoperability layer, we also design activities to ensure continuity of our engagement actions, as well as support a permanent exchange and discussions among stakeholders.
Building on the key messages gathered in the past events and the suggestions that we‘re receiving on our online participatory platform, we are also working to:
- Set up an eIDAS European Observatory to boost online trust, security and transparency in the DSM as a virtual network
of stakeholders to exchange ideas and good practices, as well as recommend actions and initiatives to ease the uptake of electronic identification and trust services.
- Launch a series of high-level roundtables to define strategic lines to foster eIDAS as an enabler for market digitization.
There is much more to come. Stay tuned!