With the rise of online interactions, ensuring the security of transactions and protecting digital identity is essential. In this context, the eIDAS 2.0 regulation positions itself as a key element in building a secure and harmonised European digital identity. This new version, which succeeds eIDAS 1.0, introduces more robust measures for electronic identification and the management of digital signatures within the European Union.
In this article, you will discover the detailed implications of the eIDAS 2.0 regulation, its benefits, and its impact on the European digital environment.
Table of contents
Definition of eIDAS 2.0 Regulation
The eIDAS regulation (Electronic Identification, Authentication and Trust Services) aims to establish a unified legal framework for electronic transactions within the European Union. Its second version represents a significant advancement, expanding its scope and strengthening its security measures. It also includes developments in trust services, reorganising the list of existing services and introducing two new ones: electronic archiving and electronic registers.
Creating a digital identity wallet
The creation of the digital identity wallet, or Wallet, aims to securely store personal data of European citizens, independent of the authentication technology used, ensuring the confidentiality of this data.
Expansion of Electronic Trust Services
The services of electronic signatures, electronic seals, and electronic timestamps are complemented by the new services of electronic registers and electronic archiving. These additional services ensure the integrity and accuracy of recorded data, with strict requirements for qualified trust service providers.
In its first version, eIDAS included only electronic signatures, electronic seals, and electronic timestamps.
The initial eIDAS regulation enumerates several levels of signatures:
Simple Signature
This form of electronic signature cannot be legally dismissed solely because of its electronic format. Examples include signing a name at the end of an email or a scanned signature.
Advanced Electronic Signature (AES)
Uniquely linked to the signatory, this signature allows the signatory to be identified and ensures the integrity of the document.
Qualified Electronic Signature (QES)
More stringent than AES, it holds the same legal value as a handwritten signature.
Signatories must use a digital identity certificate issued by a qualified and accredited EU trust service provider according to eIDAS standards. Signatories also use a Qualified Signature Creation Device (QSCD), such as a smart card or USB token, or a mobile application with a unique secret code.
An electronic seal, or digital seal, is defined as a set of electronic data attached to other electronic data to ensure their origin and integrity. Thus, the electronic seal is comparable to a company stamp or the signature of a legal entity.
An electronic timestamp certifies that data existed at a specific moment. For instance, it can validate promotional prices in e-commerce, ensure the traceability of supply chains, build infringement reports, guarantee regulatory compliance, etc.
eIDAS 2.0 now includes the electronic register, aimed at sequentially recording data to guarantee their integrity and the accuracy of their chronological order. A qualified register must be managed by one or more qualified trust service providers, establish the origin of the records, maintain a unique chronological order, and detect any subsequent modifications.
eIDAS 2.0 also introduces the electronic archiving service, defined as a service that guarantees the receipt, storage, retrieval, and deletion of electronic data or documents, ensuring their longevity, readability, integrity, and confidentiality.
A qualified archiving service must:
- Be provided by a qualified trust service provider.
- Utilise processes and technologies ensuring data longevity and readability, even after technological obsolescence, at least for the legal retention period or as established in the contract, ensuring their integrity and origin.
- Ensure that data retention methods protect against any loss or modification, except in cases of modifications due to transfer of media or electronic format.
- Ensure that authorised parties automatically receive a report confirming that an electronic data retrieved from a qualified archiving service has maintained its integrity from entry into the archive to its exit.
Electronic archiving and registers are now included in the list of trust services established in the eIDAS regulation, benefiting from recognition and interoperability among Member States. An electronic data archived in a qualified service will benefit from a presumption of origin and integrity during its retention period.
Advantages of eIDAS 2.0 Regulation
The eIDAS 2.0 regulation offers several advantages:
Facilitation of Cross-Border Transactions
By harmonising identification and electronic signature standards, eIDAS 2.0 promotes transactions between Member States and encourages digital transactions within the EU.
Strengthening Security
The use of qualified identifiers and electronic signatures enhances the security of digital transactions, protecting and reassuring citizens and businesses against cybercrime and fraud.
Simplification of Administrative Procedures
By promoting the use of electronic identifiers for access to public and private services, eIDAS V2 helps reduce costs and shorten administrative delays within the European Union.
Development of Digital Innovation
Through this new legal framework for online identification and authentication, eIDAS 2.0 aims to promote innovation in the digital services sector and encourage the development of new products and services.
Conclusion
The eIDAS 2.0 regulation represents a crucial step towards creating a European digital identity. With these new shared standards within the EU for electronic identification, digital signatures, and qualified timestamps, eIDAS V2 facilitates cross-border transactions and strengthens trust in online transactions, building a secure and harmonised digital future for European citizens, businesses, and governments.
Disclaimer
The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.
