Levels of Assurance (LoA) of the eIDAS system
In accordance with the eIDAS regulation (910/2014) of the EU, electronic identification systems are divided into three Levels of Assurance.
The term “Level of Assurance” indicates how trustworthy a person’s claimed identity is—i.e., how assured the service provider can feel that, when you use the electronic identification token to identify yourself in a service, you are who you claim to be and not someone pretending to be you. In other words, it gives an indication of how hard it is to use another person’s electronic identifier to use an online service.
To determine the Level of Assurance of the electronic identification (eID) system, there are several factors to take into account:
- The process related to obtaining the eID system, also known as “registration”. For example, do you have to present a biometric passport in order to obtain an eID identifier? Or does a simple paper ID suffice?
- How is the eID method managed and designed? For example, how many authentication factors are required for the identification (does a password suffice or do you also need a physical device owned by the person?)?
- The authentication method. For example, which security control measures are available for authenticating the electronic identification token?
The three Levels of Assurance:
Low:
The registration takes place by registering in person on a website without verifying your identity.
Substantial:
The registration involves, e.g., providing and verifying personal data, authentication by means of a user ID and password as well as a one-time password sent to a mobile phone.
High:
The registration occurs, for example, by personally visiting an office and using a smart card, such as a national ID card, to verity your identity.
https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/eIDAS+Levels+of+Assurance