Legislation Digital Signature

The eIDAS Has Been Revisioned after 5 Years since the Application

It has been five years since the application of Regulation (EU) no 910/2014 of the European Parliament and the Council of 23 July 2014, on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, usually known as the eIDAS Regulation.

On February 19, 2020, the European Commission announced the revision of Regulation (EU) No. 910/2014 (eIDAS Regulation) to extend its benefits to the private sector and promote reliable digital identification data for all Europeans.

The coronavirus pandemic and the transition to the use of digital services showed that eIDAS Regulation has limitations that need to be urgently solved.

For the above reasons, the European Commission published a Proposal to amend the eIDAS Regulation on 3 June 2021 (“Proposal”).
The proposed amendment is aimed at establishing a more consistent approach to digital identification in the internal market and cross-border transactions.

New in the Proposal in a nutshell

1. European Digital Identity Wallet
The Proposal introduces the concept of a "European Digital Identity Wallet". It should be both a product and a service that, among other things, allows users to store identity data, credentials, and attributes linked to their identity. It will be used to:

a) provide them to the relevant parties upon request and to use them for authentication, online and offline, to receive services; and

b) sign via qualified electronic signatures.

The use of the European Digital Identity Wallet should be free of charge for everyone and accessible to people with disabilities. Such a wallet can be used in many sectors, including the healthcare sector.

The European Digital Identity Wallet must be issued by a Member State (or under its mandate) or independently, but recognized by a Member state.

Member States should provide validation mechanisms for European Digital Identity Wallet, namely:

a) to provide the possibility of verifying authenticity and validity;

b) to allow the relevant parties to verify that the attestations of attributes (e.g. driving license, diplomas, bank account) are valid;

c) allow the relevant parties and qualified trust service providers to verify the authenticity and validity of the attributed person's identification data.

2. Electronic Identification Schemes
To make more electronic means of identification available for cross-border use, Member States should notify at least one “electronic identification scheme” that includes at least one means of identification.

The “electronic identification scheme " means an electronic identification system under which electronic identification means are issued to

I. individuals or legal persons; or

II. individuals representing legal entities.

3. Unique Identification
To guarantee the unique identification, Member States should include

I. a minimum set of identification data required for the unambiguous and persistent representation of an individual or legal person; and

II. a unique and permanent identifier following the legislation of the Union for identifying the user at their request in cases where user identification is required by law.

This is important in cases where identification is required by law, for example, in the field of healthcare, finance to fulfill anti-money laundering obligations or for judicial use.

4. Cross-border recognition of European Digital Identity Wallets

The electronic identification means issued in another Member State should be recognized in the first Member State for cross-border authentication for that online service, provided that some conditions are met. This is necessary in cases where authentication is required under national legislation or administrative practice to access an online service provided by a public sector authority in a Member State.

5. Qualified preservation service for qualified electronic signatures and qualified electronic archiving service for electronic documents

The services may only be provided by the standards, adopted by the Commission, by a qualified trust service provider that uses procedures and technologies capable of extending the trustworthiness of a qualified electronic signature beyond the technological validity period.

6. Electronic attestation of attributes
The current eIDAS framework does not cover the provision of electronic attributes, such as medical certificates or professional qualifications, which makes it difficult to ensure the pan-European legal recognition of such credentials in electronic form.

For this reason, the electronic attestation of attributes is introduced in the Proposal.

According to the Proposal, the electronic attestation of attributes should not be denied legal force and admissibility as evidence in court proceedings solely because it is performed in electronic form.

The attestation of the above attributes must have the same legal force as legally issued attestations in paper form.

7. New qualified trust services
In addition to the qualified electronic archiving service for electronic documents (as described above), the Proposal introduces other new qualified trust services, namely:

a. Remote qualified signature creation device

The “remote qualified signature creation device” means a device for creating a qualified electronic signature in which a qualified trust service provider generates, manages, or duplicates data for creating an electronic signature on behalf of the signatory.

Management of the devices as a qualified service can only be carried out by a qualified trust service provider that meets the conditions set out in the Proposal.

b. Electronic Ledgers

An Electronic ledger is a tamper-proof electronic record of data, providing authenticity and integrity of the data it contains, the accuracy of its date and time, and its chronological ordering.
An electronic ledger should not be denied legal effect and admissibility as evidence in legal proceedings solely because it is in an electronic form or that it does not meet the requirements for qualified electronic ledgers.
A qualified electronic ledger should enjoy the presumption of the uniqueness and authenticity of the data it contains, the accuracy of its date and time, and its sequential chronological ordering within the ledger.

 This masterly written article was created by Gian Marco Rinaldi and Marta Breschi. You can find the original article here. If you find our articles interesting, you may subscribe here.