eIDAS Regulation: What You Need to Know

Find out what eIDAS is, its history, importance and the key steps that are required to build a secure and compliant identity verification aligned with these regulations, ensuring digital trust and security.

Gabija Stankevičiūtė

April 3, 2024

BlogRegulations by Country

One of the key regulatory frameworks that has influenced digital identity verification is eIDAS, which stands for Electronic Identification, Authentication, and Trust Services. It’s a regulation designed to enhance the safety, speed, and efficiency of electronic interactions between businesses across European countries.

Incorporating electronic identification and trust services into your business can provide a bunch of benefits, such as increased security or better user experience. More importantly, the eIDAS regulation establishes a unified framework for electronic identification (eID) and trust services, simplifying the process of delivering services throughout the European Union.

So, in the landscape of digital transactions and online services, verifying digital identities and preventing financial crimes are essential for businesses. This is where solutions that are compliant with eIDAS merge with Know Your Customer (KYC) processes and bring a completely new security standard.

What is eIDAS?

eIDAS, or Electronic Identification, Authentication, and Trust Services, is a regulatory framework implemented by the European Union. Its purpose is to standardize the framework for eID and trust services, simplifying the delivery of such services across the EU.

eIDAS facilitated interoperability among the 27 EU Member States. It was introduced in 2014, ensuring mutual recognition of each other’s notified electronic identification schemes. The Regulation guarantees that trust services offered by compliant service providers can be accepted as evidence in legal proceedings.

A visual representation of the key factors that describe the essence of the eIDAS Regulation.

eIDAS regulation seeks to elevate the security and dependability of electronic transactions, bringing several key benefits for businesses:

  • Streamlined business operations for enhanced efficiency.
  • Reduced administrative workload in electronic transactions with other businesses, customers, and public administrations.
  • Substantial cost savings and improved profits.
  • Safer electronic transactions and increased consumer trust.

eIDAS ensures that electronic identifications and trust services are interoperable and legally acknowledged throughout the EU. This includes services like digital signatures, e-delivery services, electronic seals, or website authentication. 

eIDAS Beyond the EU

After Brexit, the UK adopted the eIDAS Regulation into its own law. While it might not be legally binding in other jurisdictions, it’s common for businesses or citizens outside Europe to use eIDAS infrastructure, especially if they have substantial operations or business interests in the participating states.

According to eIDAS regulation, citizens and businesses have the right to use their national eIDS when accessing online public services in other member states also using eIDS. This arrangement establishes a European internal market for trust services, guaranteeing their functionality across borders.

eIDAS Standards on Different Identification Methods

The eIDAS regulation sets up a legal framework governing various electronic identification methods. It establishes standards for electronic signatures, seals, timestamps, documents, registered delivery services, and certificate services for website authentication

Under the eIDAS Regulation, trust services  benefit businesses in various ways, for example: 

  • Electronic signatures. Qualified electronic signatures hold the same legal weight as handwritten signatures. 
  • Electronic seals. Similar to traditional business stamps, they ensure document origin and integrity when applied electronically.
  • Electronic timestamps. Links electronic documents to specific times, providing evidence of document existence. They are issued to guarantee that the time associated with data or documents is accurate.
  • Electronic registered delivery services. They create secure electronic document forwarding, providing proof of sending and delivery while protecting against loss or theft. 
  • Website authentication certificates (WACs). Certify website trustworthiness to customers, linking the website to the certificate holder and preventing data breaches.

This regulation grants electronic transactions the equivalent legal status of paper-based transactions with handwritten signatures, enabling their inclusion in legal proceedings. That’s why the private sector has started to use these advancements in various industries, including the adoption of eSignatures in professional services, financial sectors, and the RegTech landscape. 

Why Was the eIDAS Regulation Established?

Before the implementation of the eIDAS Regulation, EU member states had various laws governing the legally valid conclusion of digital transactions, often using incompatible technologies. Consequently, cross-border contracts were infrequently finalized digitally due to legal uncertainties and technical challenges. Some businesses chose to stick with old-fashioned paper methods to be extra careful, which slowed down economic growth in Europe. The eIDAS Regulation was established to bring legal clarity and help companies tackle these problems.

The eIDAS Regulation was established mainly to:

  • Simplify cross-border transactions by focusing on a smoother user experience. 
  • Enable a unified system for reliable digital IDs, so people can prove who they are online without needing face-to-face checks. 
  • Solve the legality issue by ensuring that these digital IDs are just as secure as showing ID in person, verified by a trusted body.

For individuals, eIDAS now facilitates transactions with entities within the European Economic Area, eliminating time-consuming identity verification procedures. Whether it’s finalizing a loan agreement, opening an account on a digital platform, a digital signature in accordance with eIDAS guarantees compliance with strict data protection and security standards, ensuring the legality of the signature and safe data transmission.

eIDAS in the Context of Digital Identity Verification

Having a digital identity, like a digital ID card, enables people to prove who they are online more easily. But it doesn’t show details about their skills or qualifications. However, many online services need this kind of information. With eIDAS, companies have a crucial foundation for developing secure, efficient, and compliant digital identity verification procedures. 

The goal of eIDAS 2.0 is to achieve the target set in Europe’s ‘Path to Digital Decade’ initiative. This initiative aims to ensure that 80% of EU citizens can use digital identification by 2030.

In other words, the eIDAS Regulation establishes the legal framework and standards for electronic identification and trust services. So, documents like driving licenses or medical certificates have become important parts of digital identity systems. They represent the electronic proof of these attributes, making it easier to use them for secure identity proofing practices. 

The Meaning of eIDAS for Businesses

Companies can use eIDAS solutions for both business dealings and interactions with consumers. eIDAS offers businesses the chance to conduct more thorough identity checks on customers and other companies. This is especially beneficial for age-restricted items or services like alcohol and gambling, as well as handling high-value transactions such as artwork sales or luxury item auctions, which involve transferring large sums of money. 

Some common examples of how eID and trust services can be used in business include:

  • eID for remotely verifying a customer’s identity and ensuring compliance with KYC and anti-money laundering (AML) regulations.
  • Automating the process of opening new accounts for users in different countries through remote and trusted identification methods.
  • Employing electronic registered delivery services for swift and secure exchange of documents, such as contractual agreements.

For businesses, eIDAS offers a framework for conducting compliant customer due diligence (CDD). This means financial services and other regulated entities can verify a potential customer’s identity using their eID and perform checks on their financial history, meeting AML requirements. It also enables companies to broaden their customer reach by providing a trusted way to identify customers and businesses across EU borders. 

The History of the eIDAS Regulation

The law was set up in the EU Regulation 910/2014 on electronic identification, replacing an older law from 1999. eIDAS became active on September 17, 2014, and started being used on July 1, 2016. 

From September 29, 2018, all public digital service providers in EU countries must accept electronic IDs from all other EU countries. This rule applied to all countries in the European Single Market. However, the eIDAS Regulation has undergone reforms and is now moving towards a new version expected to come into effect by 2026 at the earliest.

A simplified figure showcasing the difference between eIDAS 1.0 and eIDAS 2.0.

We examine the exact eIDAS timeline in more detail below. 

eIDAS 1.0

eIDAS 1.0 was introduced in 2014 to facilitate safe and smooth electronic interactions within the EU. The regulation laid down a standardized framework for digital identity by establishing guidelines for trust services and granting them the same validity as traditional paper methods. 

eIDAS has provided the EU with a foundation and a clear legal framework for individuals, companies, and public administrations to securely access services and conduct transactions online with just ‘one click’.

Consequently, the eIDAS Regulation sped up document exchange and ensured protection against loss, theft, damage, or changes. For example, with eSignatures, customers can then use their eSignature to finalize contracts, boosting trust and cutting costs by making services more efficient.

eIDAS 2.0

In June 2021, a new version of eIDAS, known as eIDAS 2.0, was released. The updated version of eIDAS covers two main aspects: digital identities and trust services. It differs from the original because it addresses vulnerabilities, introduces trust services, and launches the ID wallet. The eIDAS Regulation primarily focused on government ID schemes and the basic identity details of individuals and organizations, such as name, address, date of birth, etc.

With the Digital Identity Wallet (EUDI), all private services in the EU that are obliged to verify users must accept credentials from EUDI. When it comes to identities, it outlines requirements for verifying the identity of individuals and organizations. The goal is to ensure that identity credentials (like passports or driver’s licenses) are accepted throughout the EU. It focuses on electronic ID systems run by governments and ID methods issued by member states. The updated proposal for eIDAS shifts away from fixed IDs and prioritizes users’ needs. 

As part of eIDAS, an e-wallet will allow users to:

  • Store a Qualified Electronic Signature (QES).
  • Store and manage identity credentials issued by a government authority.
  • Store and manage extra credentials like professional, health, or educational certificates.
A sample illustration of the key types of electronic signatures defined by the eIDAS Regulation.

eIDAS 2.0 also introduces self-sovereign identity (SSI), which gives users more power over their identification data. With SSI, users can choose to share only the necessary information for a specific transaction instead of revealing everything. For example, if someone needs to prove their age for a service, they can share only that information without disclosing other personal details like their address or driver’s license number.

For more information about eIDAS compliance and a hands-on experience with iDenfy’s complete KYC/AML hub, including solutions like biometric and document verification, chat with us

FAQ

Where Does eIDAS Apply and Who Needs to Comply?

Any individual, business, or public authority conducting electronic transactions in the EU must comply. The eIDAS Regulation applies to all EU member states, including those doing business with EU entities. The UK has also adopted eIDAS with some modifications.

Who Provides Electronic Trust Services?

Trust Service Providers (TSPs) offer electronic trust services, including creating digital certificates like e-signatures. Qualified Trust Service Providers (QTSPs) are TSPs qualified by the Member State’s supervisory body and listed in the EU Trust List. QTSPs can provide services like Qualified Electronic Signatures.

How Does eIDAS 2.0 Differ from eIDAS 1.0?

eIDAS 2.0 broadens its scope. It includes new trust services like electronic archiving, electronic ledgers, and remote e-signature devices. The updated regulation also simplifies requirements for the private sector by offering clearer technical guidelines. This helps enhance security, privacy, and transparency while combating online fraud.

What is eIDAS?
Why Was the eIDAS Regulation Established?
The History of the eIDAS Regulation
FAQ
Gabija Stankevičiūtė

Gabija’s a consistent writer for the blog and the first ever in-house copywriter at iDenfy, who joined the startup in 2021. With a background in journalism, she was always keen on technology. From employer branding posts to product updates, she covers all things related to the startup and its innovations.

Read more articles

Blog KYB/AML

April 29, 2024

6 Steps to Conduct a Know Your Business (KYB) Verification Check

Discover the specific steps and examples of how to conduct a compliant Know Your Business (KYB) verification process.

Written by Gabija Stankevičiūtė
Blog KYB/AML

April 25, 2024

Get Ready for Your AML Audit [Best Practice Guide]

Understanding how to select the right automation tools, assessing the effectiveness of internal controls like prepared reports, and setting the scope and frequency of an AML audit can be challenging. Learn how to verify the effectiveness of your AML program with a straightforward AML audit guide.

Written by Gabija Stankevičiūtė
Blog

April 22, 2024

What is the Crypto Travel Rule? An Overview

Explore the Crypto Travel Rule and learn what data needs to be collected, who qualifies as a VASP, as well as the necessary steps and tools for crypto platforms to comply with the FATF guidelines.

Written by Gabija Stankevičiūtė

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.

Try for free Talk to sales mr-10 Try for free

All iDenfy’s products are protected with the number one cyber insurance package and the Technology Errors & Omissions insurance.