The Four Pillars of eIDAS: A Comprehensive Overview

The eIDAS regulation sets the standard for electronic identification, electronic signatures, and trust services. It paves the way for delivering financial, public, and other services online in a more secure and reliable way than ever before. The eIDAS document and its accompanying guidelines provide extensive coverage of the technical aspects. But what are the eIDAS guiding principles?

Here, we will discuss the four primary eIDAS framework pillars. In some way, every component of the regulation reinforces one or more of these pillars.

The four guiding principles of eIDAS

Trust – The ability to trust that transactions occurring using the eIDAS framework are reliable, secure, and legally enforceable.

This is done using technologies like electronic identification, electronic signatures, electronic service delivery, etc.

The system must provide complete peace of mind to all parties throughout the transaction. The technical standards are defined to achieve this from the perspective of system capabilities.

In addition to these technical standards, a comprehensive liability framework ensures that the legal, jurisdictional, and enforceability concerns are
addressed ahead of time as well.

Cross-border – A primary thrust of eIDAS is towards complying with the legal aspects of cross-border transactions using the eIDAS framework. This addresses the legality of services being provided in one jurisdiction while the transaction covering that service might be originating and concluding in another jurisdiction within the EU. Many of the features provided by eIDAS already existed in several EU countries in their local forms. However, eIDAS ensures that these standards are compatible across borders and work irrespective of the local jurisdiction.

This lays the groundwork for achieving the goal of a Single Digital Market across the EU.

Seamless – The transactions facilitated by the framework need to be seamless from the user's perspective. The user should have the same seamless experience every time, irrespective of which device or language she uses and her current location. This does not only cover personal devices such as laptops or mobile phones but public areas like subways and airports as well. Moving physically from one location to another or moving digitally from one service (like booking a ticket) to another (like paying your electricity bills) should feel seamless in terms of identification and authentication.

Convenience – A key guiding principle of eIDAS design and implementation is convenience. The user should find it easier and more convenient to use than other alternatives. A strong and secure system would be useless if users find it too convoluted or time-consuming to use. A good example of how eIDAS achieves this is the integration of national electronic identification systems. The system enables the use of a local electronic ID to access public services anywhere in the European Union. Such convenience features increase the system's popularity and attract more users to a more secure and reliable system.

Conclusion

eIDAS was designed to provide a reliable system for electronic identification that could be used across borders and jurisdictions while still offering seamless service and best-in-class convenience. This was the guiding principle behind eIDAS, and all of its various components together contribute to achieving this objective.

References and Further Reading

• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
• Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
• Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
• Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
• NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
• Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority

 Image: Caryatids of the Four Continents, courtesy of Ashley Van Haeften, Flickr (CC BY 2.0)