Markets hate uncertainty and the confusion regarding issues related to Britain’s exit from the European Union have roiled equity and currency markets. But it’s not just the financial markets which are affected- companies which rely upon EU regulations in order to conduct their day to day business are also reeling from this uncertainty.One such important regulation is eIDAS was created in order to bring about uniformity and security in electronic transactions across EU member states. It sought to standardize the regulations on electronic signatures and trust services across the entire bloc.
What the UK has already done
In order for eIDAS to succeed, member states would have to work towards creating a framework which ensures interoperability. Even though the regulation came into force in the EU on the 1st of July 2016 - post the Brexit referendum - it seems that British regulators are opting to continue moving forward with eIDAS as well. The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 were laid before the British parliament on the 1st of July 2016, and came into force on the 22nd of the same month. The Electronic Signatures Regulations 2002 have been revoked and replaced with these new set of regulations which are based on the eIDAS regulation.
A guide has also been prepared by the UK’s Department for Business, Energy and Industrial strategy which explains the changes affecting electronic signatures under the new eIDAS regulation. E-signatures, trust services and electronic identification are all covered under the new regulations and this should provide the necessary background needed to understand the intent and implications of the new regulations.
What’s in store for the future
Although it is a good sign that the UK has sought to maintain uniformity on regulations regarding electronic identification and signatures, the future course could very well be different. Once the formal process of Brexit is complete, the UK would be well within its rights to review and amend the regulations. The question then is that would it want to make changes and what would happen then?
It is unlikely that Britain will create systems or regulations which would not be closely linked and compatible with their European counterparts. After all, these regulations aim to provide an easier, safer and faster way of doing transactions on digital platforms. The UK Government provides electronic verification and offers a whole host of services based on its GOV.UK Verify platform.
The risk of any changes in the electronic signature and digital verification regulations in the UK diminishes as business in the country continue to align themselves with the existing common regulations. Any amendments in the future would only be sought if a significant rift grows between the paths that the EU regulators and the post Brexit UK regulators take. Even then, the new guidelines will most likely ensure a high degree of interoperability between the two independent systems. It might involve a slightly higher cost and some effort in order to implement these multiple systems, but it would still be better than what existed before eIDAS.
References and Further Reading
- Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget and Dawn M. Turner
- Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Peter Landrock, Torben Pedersen, Dawn M. Turner and Tricia Wittig
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
- Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
- Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
- NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
- Security Controls Related to Internet Banking Services (2016), Hong Kong Monetary Authority