eIDAS and the Digital Single Market
The development of a Digital Single Market (DSM) for EU Member States was among the European Commission’s 10 priorities for the period 2015-2019.
In order to provide a clear legal framework for the formalization of a wide range of digital transactions, the regulation of eIDAS is a crucial support to this initiative.
In support of the DSM, eIDAS aims to facilitate the smooth flow of commerce in the EU through transparency, security, technical neutrality, cooperation and interoperability. In pursuit of these values, eIDAS:
- Standardises the use of electronic identification (eID)
- Defines a new class of “electronic trust services” (eTS)
- Clarifies and ensures the legal validity of electronic signatures
- Creates a European internal market within the EU for electronic trust services
These standards apply across borders as well as within individual member countries.
CCLab provides support to all available platforms and service providers in order to fulfill the requirements according to eIDAS.
We are experienced in:
- Conformity Assessment and Consultation for qualified trust service providers (QTSP) within the European Union.
- Common Criteria Evaluation for qualified signature and seal creation devices (both client and server side) according to Commission Implementing Decision 2016/650.
- Common Criteria Evaluation of the software environment of remote electronic qualified signature according to eIDAS Article 30. (3) b)
THE CONFORMITY ASSESSMENT
In order to ensure the compliance of qualified trust service providers and the services they provide with the requirements set out in eIDAS - should be carried out by a conformity assessment body and the resulting conformity assessment reports should be submitted by the qualified trust service providers to the supervisory body.
Commission Implementing Decision 2016/650, laid down standards for the security assessment of qualified signature and seal creation devices (QSCD) pursuant to Articles 30(3) and 39(2) of the Regulation.
The Commission Implementing Decision 2016/650 specified the mandatory standards for the certification of QSCDs where the creation data is held in an entirely but not necessarily exclusively user-managed environment (e.g. smart cards, USB tokens) and - because the protection profiles/standards have not yet been defined for remote qualified electronic signatures (e.g HSM, signatory server) - laid down the framework for an alternative certification process.
The eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market is a milestone as it provides a predictable regulatory environment for electronic identification and trust services. It was established in EU Regulation № 910/2014 of 23 July 2014, which repeals Directive 1999/93/EC.
eIDAS has created standards for which electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof for authentication mechanisms enable electronic transactions with the same legal standing as transactions performed on paper.
The eIDAS Regulation came into effect in July 2014 and provisions to trusts services are applicable directly in the 28 Member States since 1th of July 2016.
- Certificates for electronic signatures can only be issued to natural persons. Legal persons can only use certificates for electronic seals. Electronic seals serve as evidence that an electronic document was issued by a legal person, ensuring certainty of the document’s origin and integrity.
- A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States.
- The eIDAS laid down the legal and technical framework of remote qualified electronic signature.
- The eIDAS introduced the conformity assessment terminology in order to grant the fulfilment of the requirements for the qualified trust service providers in all Member States specified by eIDAS.
- New standards and regulations have been introduced in the electronic signature and other trust services area.