eidas Regulation (EU) 910/2014 Gábor Bartha DG CONNECT, European Commission Unit "e-government and Trust"

Size: px

Start display at page:

Download "eidas Regulation (EU) 910/2014 Gábor Bartha DG CONNECT, European Commission Unit "e-government and Trust""

Tamsin Glenn
5 years ago
Views:

1 eidas Regulation (EU) 910/2014 Gábor Bartha DG CONNECT, European Commission Unit "e-government and Trust"

2 eidas: boosting trust & supporting businesses!

eidas: Key legal aspects In 2012 and 2013, the European

of the eidas proposal Art 114 TFEU on internal market as

Regulation for eid and trust services directly applicable

further specify the technical aspects of the Regulation:

3 eidas: Key legal aspects In 2012 and 2013, the European Council repeatedly 6 times - called for a quick adoption of the eidas proposal Art 114 TFEU on internal market as the legal basis Free movement of products and services One Regulation for eid and trust services directly applicable in the 28 MS 28 implementing acts and 1 delegated act to further specify the technical aspects of the Regulation: eid: 4 implementing acts ets: 24 implementing acts and 1 delegated act

4 Trust Services: key principles Non-discrimination principle and legal effect Qualified vs non-qualified services associated legal effects Transparency and liability Trust services Risk management approach Technological neutrality Voluntary technical standards providing presumption of compliance 4 * The Regulation does not impose the use of trust services

5 The role of standards: to prove compliance The Commission may, by means of implementing acts, establish reference numbers of standards for [ ]. Compliance with the requirements laid down in [ ] Article shall be presumed where [ ] meet those standards. Articles 24, 27, 28, 29, 32, 33, 34, 37, 38, 42, 44, 45 trustworthy systems and products advanced electronic signatures qualified certificates for electronic signature for qualified electronic signature creation devices validation of qualified electronic signatures qualified preservation service for qualified electronic signatures for advanced electronic seals qualified certificates for electronic seals binding of date and time to data and for accurate time sources sending and receiving data qualified certificates for website authentication 5

6 Trust services: where we stand 6

7 eidas: Key principles for eid Cooperation between Member States Principle of reciprocity relying on defined levels of assurance Mandatory cross-border recognition only to access public services eid Sovereignty of MS to use or introduce means for eid Full autonomy for private sector Interoperability framework 7 *The Regulation does not impose the use of eid

8 Timeline eid Entry into force of the eidas Regulation Voluntary cross-border recognition eid DSI v.1 eidas compliant Mandatory crossborder recognition Trust Services esignature Directive rules Date of application of eidas rules for trust services

9 eid schemes notified Germany National ID card registered users February 2017: first prenotification A milestone towards establishing eid and trust services in Europe achieved!. and 5 more countries are intending to pre-notify their schemes by the end of 2017!

10 Interoperability Framework - (EU)2015/1501, Corrigendum C(2015)8550 Technological neutrality High level requirements further specifications being defined with MSs Open source technical specifications and Reference implementation available from Commission Principles Option for MSs to directly implement the technical specifications provided interoperability is guaranteed Disproportionate requirements on other MSs flowing from an implementation are not permitted The architecture is de-centralised. The nodes or middleware components provide the interface translation between the different national solutions and does not impact them 10 Continuous development of technical specifications in cooperation with MS. Cooperation Network ensures policy governance on specs (via formal "opinions")

11 Levels of Assurance - (EU) 2015/1502 Inspiration from ISO and STORK QAA: - Practical experience gained during STORK pilot - Outcome-based approach in ISO Need for a new set of criteria/procedures: - STORK too normative - ISO does not take into account existing practice in MSs Setting out criteria instead of specifications Principles eids within MSs are mapped against outcome based criteria to determine which of the 3 LoA is applicable for both natural and legal persons The mapping is subject to peer review by other MSs to ensure understanding and consistency Only applicable to schemes notified to the Commission for cross border use The criteria cover IPV, the electronic means, issuance, authentication and information security management

12 For further information and feedback Web page on eidas eidas Observatory s-observatory Text of eidas Regulation in all languages Connecting Europe Facility Catalogue of Building Blocks eidas twitter Gábor Bartha DG CONNECT, European Commission Unit "e-government and Trust"

eidas Regulation (EU) 910/2014 "Boosting trust in the digital market"

eidas Regulation (EU) 910/2014 "Boosting trust in the digital market" "eid: the business case for banking and finance community" London, 5 June 2015 Andrea SERVIDA DG CONNECT, European Commission Head