The future of eIDAS in Post Brexit Britain

Markets hate uncertainty, and the confusion regarding issues related to Britain’s exit from the European Union has roiled equity and currency markets. But it’s not just the financial markets that are affected- companies that rely upon EU regulations to conduct their day-to-day business are also reeling from this uncertainty. One such important regulation is eIDAS was created to bring about uniformity, security and legally binding assurances in electronic transactions across EU member states. It sought to standardize the regulations on electronic signatures (such as qualified electronic signatures) and trust services across the bloc.

What the UK has already done

For eIDAS to succeed, member states would have to work toward creating a framework that ensures interoperability. Even though the regulation came into force in the EU on the 1^st of July 2016 - post the Brexit referendum - it seems that British regulators are also opting to continue moving forward with eIDAS. The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 were laid before the British parliament on the 1^st of July 2016 and came into force on the 22^nd of the same month. The Electronic Signatures Regulations 2002 have been revoked and replaced with this new set of regulations which are based on the eIDAS regulation.

The UK’s Department has also prepared a guide for Business, Energy, and Industrial Strategy, which explains the changes affecting electronic signatures under the new eIDAS regulation. E-signatures, trust services, and electronic identification are all covered under the new regulations. They should provide the necessary background to understand the new regulations' intent and implications.

What’s in store for the future

Although it is a good sign that the UK has sought to maintain uniformity on regulations regarding electronic identification and signatures, the future course could very well be different. Once the formal process of Brexit is complete, the UK would be well within its rights to review and amend the regulations. The question then is, would it want to make changes, and what would happen then?

It is unlikely that Britain will create systems or regulations which would not be closely linked and compatible with their European counterparts. After all, these regulations aim to provide an easier, safer, and faster way of doing transactions on digital platforms. The UK Government provides electronic verification and offers a whole host of services based on its GOV.UK Verify platform.

The risk of changes in the UK's electronic signature and digital verification regulations diminishes as businesses in the country continue to align themselves with the existing common regulations. Any amendments in the future will only be sought if a significant rift grows between the paths that the EU regulators and the post-Brexit UK regulators take. Even then, the new guidelines will ensure high interoperability between the two independent systems. It might involve a slightly higher cost and some effort to implement these multiple systems, but it would still be better than what existed before eIDAS.

References and Further Reading

• Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget and Dawn M. Turner
  
• Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Peter Landrock, Torben Pedersen, Dawn M. Turner and Tricia Wittig 
  
• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
• Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
• Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
• NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
• Security Controls Related to Internet Banking Services (2016), Hong Kong Monetary Authority

 Image: "IN OUT UK", courtesy of Tyler Merbler, (CC BY-ND 2.0) modified by Paul Abraham, VentureSkies