The European Parliament and the Council adopted Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the “eIDAS Regulation”) on 23 July 2014. This eIDAS Regulation repeals the E-Signatures Directive 1999/93/EC and creates a comprehensive legal framework for both electronic identification and authentication services.
This Regulation seeks to create a system of mutual recognition among Member States with regard to their national identification systems and thereby aims to enhance trust and effectiveness within the European internal market for public and private cross-border online services and e-commerce.
The first part of the Regulation sets up a legal framework to ensure, for the purpose of cross-border identification, a harmonized recognition of the numerous electronic identification means (“eIDs”) used by Member States for natural and legal persons. However, the primary target is the public sector, and Member States have only the obligation to recognize those eIDs that are contained in a list published by the Commission based on the Member States’ notifications. Member States remain free to decide which of their national existing eIDs they want to submit to notification, and the Regulation lays down the conditions under which the other Members States must recognize those eIDs. Moreover, Member States must cooperate with each other to ensure the interoperability of the multiple national electronic identification schemes.
The second part of the Regulation focuses on trust services (electronic identification and signatures, i.e., eIDAS). Whereas the E-Signatures Directive only dealt with electronic signatures and had gaps in its framework, especially regarding cross-border interoperability issues and technological updating, the new eIDAS Regulation is much broader in scope. Indeed it now regulates a wide range of trust services such as electronic signatures, among others, but it also regulates electronic seals, electronic time stamping, electronic delivery service, electronic documents admissibility, and website authentication. The framework is based on the Member States’ reciprocal obligation to recognize such trust services if those services are based on a qualified certificate issued in one Member State.
This new Regulation is an important step towards the enhancement of a trustworthy and secure online environment within the EU internal market. Most of it will enter into force by 1 July 2016 and thereby repeal with effect the E-Signatures Directive. Like all EU Regulations, it will not only apply directly to the services it regulates but also have an impact on some related existing national legislation. For instance, the inconsistent provisions of various national laws to implement the former E-Signatures Directive will automatically be replaced by the new Regulation’s provisions.