The eIDAS regulation sets the standard for electronic identification, electronic signatures and trust services. It paves the way for delivering financial, public and other services online in a more secure and reliable way than ever before. The eIDAS document and its accompanying guidelines cover the technical aspects in great detail. But what are the guiding principles behind eIDAS?
Here we cover the four main pillars on which the eIDAS framework is built. Every aspect of the regulation further strengthens one or more of these pillars in some way.
The four guiding principles of eIDAS
Trust – The ability to trust that transactions occurring using the eIDAS framework are not only reliable and secure but also legally enforceable.
This is done using technologies like electronic identification, electronic signatures, electronic services delivery and so on.
The system must provide complete peace of mind to all parties throughout the transaction. The technical standards are defined to ensure this, from a system capability point of view.
In addition to these technical standards, a comprehensive liability framework ensures that the legal, jurisdictional and enforceability concerns are
addressed ahead of time as well.
Cross-border – A primary thrust of eIDAS is towards complying with the legal aspects of cross-border transactions using the eIDAS framework. This addresses the legality of services being provided in one jurisdiction while the transaction covering that service might be originating and concluding in another jurisdiction within the EU. Many of the features provided by eIDAS already existed in several EU countries in their local forms. However, eIDAS ensures that these standards are compatible across borders and work irrespective of the local jurisdiction.
This lays the groundwork for achieving the goal of a Single Digital Market across the EU.
Seamless – The transactions facilitated by the framework need to be absolutely seamless from the perspective of the user. The user should have the same seamless experience every time irrespective of which device or language she uses and what her current location is. This does not only cover personal devices like laptops or mobile phones, but public areas like subways and airports as well. Moving physically from one location to another or moving digitally from one service (like booking a ticket) to another (like paying your electricity bills) should feel seamless in terms of identification and authentication.
Convenience – A key guiding principle of eIDAS design and implementation is convenience. The user should find it easier and more convenient to use than other alternatives. A strong and secure system would be useless if users find it too convoluted or time-consuming to use. A good example of how eIDAS achieves this is the integration of national electronic identification systems. The system provides for a local electronic ID to be used across the EU to avail public services anywhere using that eID. Such convenience features make the system more popular and thus bring more people on-board to a more secure and trustworthy system.
Conclusion
eIDAS was built to provide a trustworthy system for electronic identification that could be used across borders and jurisdictions while still providing seamless service and best-in-class convenience. This was the guiding principle behind eIDAS and all its various components together contribute to achieve this goal.
References and Further Reading
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
-
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
- Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
- Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
- NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
- Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority
Image: Caryatids of the Four Continents, courtesy of Ashley Van Haeften, Flickr (CC BY 2.0)