Electronic identification and trust services in accordance with the eIDAS Regulation
What is eIDAS Regulation?
The ubiquitous digitization of business leads to the need to use various solutions for remote electronic identification and authentication, signing documents with electronic signatures or authenticating with electronic seals and electronic time stamps. Until recently, contracting services, such as bank loans, was unthinkable without the client personally coming to the bank and signing the loan documents by hand. Today, the contracting of such and similar services is made possible from the comfort of one’s own home, using sophisticated information systems with the help of which the user (client or buyer of a service or product) is identified securely from a remote location and using trust services such as an electronic signature or seal. reaches the desired service or product or exercises a right to use the services of the public sector and state institutions or simply and securely exchanges data with other parties equally involved in electronic data exchange.
THE OLD WAY- Using smart cards and USB tokens for local electronic signing
THE NEW WAY – Using Cloud infrastructure and remote signing
eIDAS stands for “electronic identification, authentication and trust services” and is the common name for EU regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market, which repeals the old signature directive 1999/93/ EC. The eIDAS Regulation and its implementing acts are Law in all EU member states.
Under eIDAS, citizens and businesses can use their original eIDS (electronic identification means) when accessing public services within other EU member states that use eIDS. This regulation defines the conditions under which Member States will recognize the electronic identification of such users.
Additionally, this regulation implements standards for electronic signatures, time stamps, electronic seals and other proof of authentication, including electronic certification and registered delivery services that give these electronic transactions the same legal status as if they were carried out on paper.
Trust services covered by eIDAS to create an electronic internal market include:
• Advanced and qualified electronic signatures associated with a legal or natural person;
• Advanced and qualified electronic seals associated with a legal entity;
• Qualified verification of the validity of qualified electronic signatures and seals;
• Qualified custody of qualified electronic signatures and seals;
• Time marking (electronic time stamp);
• Electronic delivery services;
• Website authentication;
Why is eIDAS Regulation important?
The eIDAS regulation prescribes and ensures that electronic interactions between companies, companies and citizens, citizens and public authorities are safer, faster and more efficient, regardless of which European country they take place in. It is a European regulation that created a single framework for electronic identification (eID) and trust services, which facilitates the delivery of services across the European Union. eIDAS promotes interoperability across the 27 EU member states, ensuring that countries recognize each other’s notified electronic identification schemes. It also ensures that trust services provided by service providers that comply with the requirements of the Regulation can be accepted as evidence in legal proceedings. The eIDAS Regulation has increased the level of transaction security for businesses and citizens and offers many other benefits including:
• Less administrative burden in electronic transactions with other companies, customers and public administration;
• More efficient business processes;
• Significant reduction of costs and increase of profits for companies;
• More secure electronic transactions leading to increased consumer confidence and a larger potential consumer base;
• The eIDAS Regulation provides a greater guarantee between parties thanks to secure solutions and legal certainty;
• Better user experience and satisfaction of end consumers, product buyers and service users;
• Facilitated cross-border transactions. According to the eIDAS Regulation, all EU countries will have to recognize foreign eID schemes that have been notified to the European Commission.
eIDAS affects almost every organization that executes transactions over a public Internet network, especially transactions involving commercial or legal issues where it is important to be sure of the digital identity of the participants and their activities:
The special significance of the eIDAS regulation for the financial sector
The financial services sector is one of the biggest potential beneficiaries of eID and trust services as they can provide significant business opportunities and improved banking services within a single EU.
The identification, authentication and assurance of transactions in the financial services sector are becoming highly digitized to accommodate increased customer demand for online services and to cope with increasingly onerous compliance obligations.
Examples of the use of eID and trust services in the financial services sector include:
• eID for reliable verification of the client’s identity and compliance with “Know Your Customer” requirements and the fight against criminal activities (money laundering);
• Facilitating the opening of new bank and financial services accounts with clients in other countries using remote and reliable identification and account access;
• eSignature for remote signing of contracts on financial services with clients;
• Electronic registered delivery service for fast and secure exchange of important documents such as contracts;
Comparison of the “old” traditional process of raising loans in the Bank and the new approach with the use of electronic identification of the client and a qualified personal signature certificate for electronic signature, legally as valuable as a handwritten signature.
Secure electronic transactions are especially important for online business. Using reliable solutions for electronic identification and trust services is essential. The eIDAS Regulation provides a comprehensive legal framework to ensure such reliability, as well as legal validity and security throughout the EU. In accordance with the above, except for the financial sector, eIDAS regulation also plays an important role in other spheres of business life, such as trade
(retail), transport and logistics, as well as a wide range of intellectual services provided to EU citizens.
How can ZIH help you?
In this field, ZIH offers the following consulting services:
• Analysis of the existing PKI system and its compliance with the eIDAS regulation (GAP analysis);
• Consulting services in the process of obtaining the status of a Qualified Trust Service Provider, due to the further possibility of providing services to clients for whom the Law prescribes the use of personal handwritten or equally valid electronic signatures of documents;
• Defining the Bank’s regulated (key) business processes as a qualified trust service provider in order to comply with the eIDAS regulation;
• Creation of complete QPKI documentation (General Rules and Regulations, and other regulatory, mandatory documentation), aligned with the eIDAS regulatory framework and ETSI relevant standards;
• Conducting an internal Audit of the QPKI system and preparing the Bank for an external annual Audit according to the eIDAS regulation and ETSI standards;
• Technical implementation of the QPKI system and related consulting (conducted in cooperation with partners)
Education in the mentioned field:
• Electronic identification and trust services in accordance with the eIDAS regulation
You may also be interested in these services and trainings:
Certified ISO 27001 Lead Auditor
ZIH has significant experience in the preparation and implementation and auditing of QPKI (Qualified public key infrastructure) systems for qualified trust service providers, aligned with the eIDAS regulatory framework and technical ETSI norms for the design and implementation of electronic services such as qualified personal electronic signature and seal and qualified timestamp.