The proposed EU Regulation on electronic identification and trust services for electronic transactions in the internal market has now been adopted, with most of its provisions taking effect from 1 July 2016. The Regulation will not only repeal the existing eSignatures Directive, it will also automatically replace any inconsistent national laws in Europe.
The proposed Regulation on electronic identification and trust services for electronic transactions in the internal market (also sometimes referred to as the e-IDAS - electronic IDentification and Authentication Services - Regulation) was published as Regulation (EU) No 910/2014 on 28 August 2014. Its publication follows a lengthy finalisation process.
Most of its provisions will apply from 1 July 2016. At that point, the Regulation will not only repeal the existing eSignatures Directive 1999/93/EC, but it will also and automatically replace any inconsistent national laws in Europe.
The Regulation brings several important changes for the future, introducing new rules for electronic identification and for certain trust services.
At the European level, the eSignatures Directive had already established a legal framework that mainly affected the use of electronic signatures. The Directive led to the harmonisation of national laws on electronic signatures in the EU.
The scope of the eIDAS Regulation is however much broader.
The first major change is that the Regulation establishes a legal framework to support the EU-wide recognition of eIDs used by Member States, such as the Belgian eID card. The Regulation mainly targets the public sector, as it requires Member States to permit citizens from other Member States to use their own eIDs to access online services. Thus, the Belgian eID might become a lot more useful in the future, as it would allow Belgians to access foreign e-government services. Private sector companies are not directly impacted, since they are not required to change anything in the eIDs that they issue or use, nor are they required to accept foreign eIDs for the services that they offer. However, it is of course possible that they would see a benefit in voluntarily aligning with European rules, as a way to increase the EU-wide appeal of their services.
The second major change is the introduction of rules for new services: while the eSignatures Directive principally affected electronic signatures, the eIDAS Regulation not only clarifies the old rules, it also introduces a legal framework for other types of trust services, namely electronic seals, time-stamping, electronic registered delivery services, and website authentication. Running as a theme throughout the Regulation – much as in the previous eSignatures Directive – is the idea that trust service providers are not obliged to change their way of working in a significant manner. However, the Regulation does offer incentives to follow European rules, by granting stronger legal certainty to trust services that follow specific rules that aim to improve the trustworthiness of the services. In this way, the Regulation hopes to balance legal predictability against openness to innovation.
It is important to note that the legislative work is not entirely complete yet. Secondary legislation will still be required to settle important technical details, such as the processes to be followed for notifying eIDs to the European Commission, or setting the technical standards that meet the legislation’s requirements. This part of the legal implementation is still ongoing and may still take some time.
The Regulation will apply from 1 July 2016. At that time, the Regulation will not only apply directly to the targeted services, but it will also automatically replace any inconsistent national rules, including national laws on electronic signatures and time-stamping. For example, in Belgium the main impact will be the automatic replacement of most parts of the eSignatures Act of 9 July 2001.
Hans Graux comments:
The publication of the Regulation shows the road that will be followed at the EU level for electronic trust services and electronic identification, and opens the way for new business opportunities. time.lex looks forward to continuing to assist the European Commission and its other clients in the completion of this crucial modernisation project.
For further information on this legal development please contact Hans Graux, lawyer at time.lex.
This publication does not necessarily deal with every important topic or cover every aspect of the topics with which it deals and is not designed to provide legal or other advice.