Understanding eIDAS and the new EU eSignature regulation

Come July 1, 2016, the prevailing EU directive on electronic signatures, termed the eSignatures Directive 1999/93/EC, will be replaced by the new by the new Regulation (EU) No 910/2014 on electronic identification and trust services called the eIDAS Regulation. It assures progress in online transactions for individuals, businesses, and public administrations in two areas: electronic identification services and trust services.  

The background—what is eIDAS and why is it required?

The eSignatures Directive adopted in 1999, recognized the legal admissibility of electronic signatures. However, it allowed the member states within the EU to impose their own interpretation of the directive and this led to each member state interpreting the directive in its own way.

Countries like the UK created an environment where a handwritten signature is capable of being satisfied by a simple electronic signature (much like the U.S.) while countries like Austria went for a more stringent approach of using PKI-based smartcards.  Also, the technical standards that each country used to operate their eSignature and electronic ID mechanisms were different and there was limited interoperability between countries.

These differences made transactions across borders difficult. According to a press release by the European Commission, only 15% of consumers buy online from another EU country and 8% of companies sell cross-border. 

That’s why the eIDAS regulation was adopted to facilitate the Digital Single Market initiative of the European Commission and ensure seamless digital transactions across countries within the European Union. The new regulation will go a long way in establishing a climate of trust when it comes to online and digital transactions in the EU.

What’s changing with eIDAS?

Once the eIDAS regulation takes effect, citizens of the EU member states will be able to use their native electronic identification schemes (eIDS) to access public services in other countries within the EU. For example, a Spanish citizen can now apply for an online course in Italy without having to travel to complete paperwork. His Spanish national eID will be a valid means for him to do the paperwork online.

While the prevailing EU directive guarantees the admissibility of electronic signatures, the new regulation will go one step further in ensuring the security of electronic transactions by authorizing various Electronic Trust Services.

Electronic Trust Services include electronic signatures, electronic seals, electronic time stamps, electronic certification, website authentication services, and electronic registered delivery services. Such services will now be admissible in legal proceedings across the EU. The regulation also places greater scrutiny upon organizations that provide such services to assure the user of the reliability of these services and the legal admissibility of eSignatures in the case of disputes.

Does eIDAS impact electronic signatures?

The eIDAS regulation reiterates that electronic signatures are legally binding and admissible in a court of law. Article 25 of the regulation establishes that “An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.”

A qualified electronic signature will be considered the equivalent of a handwritten signature, but the Commission Decision of 16 October, 2009 (2009/767/EC) states that in order to simplify procedures, and facilitate cross-border use, “procedures by electronic means should rely on simple solutions, including as regards the use of electronic signatures.” It goes on to specify in Article 1 that the Commission in no way prevents member states from accepting any type of electronic signatures—normal, advanced, or qualified. The eIDAS regulation backs this and seeks to create a streamlined market for digital transactions and e-commerce using national eID and electronic signatures.

What does eIDAS mean for the individual?

This is great news for the average citizen. He’s going to find his life has become much easier, particularly when it comes to submitting tax declarations, enrolling in a foreign university or remotely opening a bank account. The mutually recognizable eID schemes allow an individual to take part in such cross-border interactions with other countries’ governments using their own national eID schemes. The trust services such as website authentication, time-stamps, and electronic signatures will also ensure that people can securely engage with online businesses.

What does this mean for businesses?

Things will get better for business owners as well. With seamless and valid digital transactions across the EU, setting up a business in another member state, authenticating internet payments, or bidding for a tender online will be both convenient and secure. A unified online marketplace will help SMEs expand their business across the EU.

The eIDAS regulation effectively expands the online marketplace for EU member states and allows residents and enterprises within the EU to utilize electronic services with a greater degree of ease and trust.

See what legal experts have to say about eIDAS and its implications.

For a quick and handy reference on eIDAS and what it enables, take a look at this infographic.  

Still have questions about eIDAS? Read up on the Q&A session by the European Commission.

NOTE: This information reflects our understanding of eIDAS and seeks to clarify some of the common concerns about the regulation. Electronic signature laws in most countries indicate certain types of documents or document categories for which a more secure electronic signature is required, or electronic signatures are not appropriate. We recommend you consult a legal counsel in case you are undertaking a specific transaction you are unsure of.