The past, present, and future of eIDAS - How to comply with eIDAS regulations

Online security has become a key factor when it comes to customer trust and conducting business online. The representatives of organizations, legal authorities and consumers can all become hesitant to make an electronic transaction if they don’t feel as if their data would be adequately secured.

Luckily, the European Union established the eIDAS regulation five years ago (in 2014), which has been a crucial constituent of the European Commission’s initiative to form Digital Single Market (DSM) for EU Member States.

To celebrate the 5th anniversary of this key development, on 01 July 2021, you will be able to virtually attend the go.eIDAS Summit 2021 that will cover topics like;

1. eIDAS (P)Review
2. Mobile and cross-border eID – State of play and future directions
3. Qualified trust services – an outlook into the future
4. The future of eGovernment – Towards implementing the Single Digital Gateway

Before we get down to the details of the event, and show you how you can make sure your company complies with eIDAS regulations, let’s start at the beginning and explore what is eIDAS exactly.

What is eIDAS?

eiDAS stands for electronic IDentification, Authentication and trust Services that aims to make electronic transactions more secure and trustworthy within the territory of the Union. It offers a standardized approach and a common blueprint for secure electronic interactions, such as payments or administration, between private individuals, businesses and public authorities nationally and internationally alike. eIDAS aims to increase the efficacy of public and private online services, electronic business and e-commerce within the internal market of the EU.

Image source: https://www.leypal.com/en/blog-electronic-signature-eidas/

What kind of trust services does this regulation include?

1. Advanced and Qualified Electronic Signatures for legal and natural entities
2. Advanced and Qualified Electronic Seals for legal entities
3. Qualified validation for Qualified Electronic Signatures and seals
4. Qualified preservation of Qualified Electronic Signatures and seals
5. Timestamping
6. Electronic delivery services
7. Website authentication

What are the advantages of eIDAS?

The former eSignature Directive (Directive 1999/93/EC) had many defects, as being a 15-years-old directive at the time of the establishment of eIDAS, it wasn’t able to keep up with the fast-paced technological advancement, and lacked specific directives about the supervision of national and international ICTs.

To further secure online transactions and to assure private individuals, authorities and organizations about the security of online transactions, eIDAS bridges the gap between a fastly changing societal demand and institutionalized regulation by;

1. Making cross-border electronic transactions even more secure
2. Supporting standardization in the market
3. Making processes more transparent
4. Ensuring accountability across all parties involved
5. Promoting interoperability across all EU Member States
6. Reducing paperwork with the use of online administration
7. Supporting the profitability of organizations
8. Increasing convenience and flexibility

Join the go.eIDAS Summit 2021

The organizers of the Summit have assembled a team of leading international experts and stakeholders from 10 different EU Member States in the sector of secure digital identities, trust services and mobile government The representatives of Austria, Belgium, France, Estonia, Germany, Italy, Latvia, Luxembourg, Spain and last but not least, the Netherlands, will talk about their latest experiences, knowledge and ideas about the past, present, and future of eIDAS and EU’s cybersecurity landscape.

If you are interested in the latest security trends, register, and join this panel of experts on 01 July 2021!

How to comply with cross-border and national eIDAS standards?

The Commission Implementing Decision 2016/650 specifies the unavoidable security assessment standards of qualified signature and seal creation devices (QSCD). At the same time, it also lays down the thresholds for their certification, which official conformity assessment bodies use as the foundation for their consultation, and compliance assessment services.

As the assessment of compliance of the applying service providers, and their services is carried out by a certified conformity assessment body, organizations need to go under a thorough analysis, and consult with an eIDAS specialist in order to obtain the conformity assessment report that they can provide to the supervisory board.

CCLab, an accredited software security laboratory, provides full support to service providers in order to help them fulfill the requirements of eIDAS. Our organization have demonstrated history and experience in:

1. Conformity Assessment and Consultation for Qualified Trust Service Providers (QTSP) within the European Union
2. Common Criteria Evaluation for qualified signature and seal creation devices, both client and server side, according to Commission Implementing Decision 2016/650
3. Common Criteria Evaluation of the software environment of remote electronic qualified signature according to eIDAS Article 30. (3) b)

Our team of experts make sure your organization meets all necessary prerequisites to obtain the eIDAS certification by analyzing your company and services, providing professional consultation about the necessary modifications, executing the conformity assessment, and compiling the report required by the supervisory board.