Development of regulation

The Electronic Signatures Directive (1999/93/EC) created a legal framework for electronic signatures. However, it was mainly focused on their legal status without delving into electronic identification in any great depth.

The most significant step forward in the field of electronic identification and electronic services occurred in 2014 with the eIDAS regulation (EU 910/2014), which entered fully into force in 2016. It replaced the ESD and expanded the regulation to apply both to all electronic identification services and to electronic identification within the EU.

In accordance with the eIDAS regulation (910/2014), electronic identification systems are divided into three Levels of Assurance:

Low:
The registration takes place by registering in person on a website without verifying your identity.

Substantial:
The registration involves, e.g., providing and verifying personal data, authentication by means of a user ID and password as well as a one-time password sent to a mobile phone.

High:
The registration occurs, for example, by personally visiting an office and using a smart card, such as a national ID card, to verity your identity.

Key features of the eIDAS regulation:

  • Mutual legal framework: The regulation provides mutual rules regarding electronic signatures, electronic identification, and trust services within the EU
  • Electronic identification (eID): The regulation enables the cross-border efficiency of the electronic identifiers (eID) provided by EU countries. What this means is that the electronic identifiers approved by the member states are also valid in other EU countries.
  • Trust services: The eIDAS regulation determines “trust services”, including, e.g., electronic signatures, electronic seals, electronic time stamps, and website authentication services. The purpose of these services is to ensure the trustworthiness and security of electronic communications.

In June 2021, the European Commission proposed an update to the eIDAS regulation (EU 910/2014), also known as eIDAS 2.0. The EU Council approved the updated eIDAS regulation on March 26, 2024. Published in the official EU magazine on April 30, 2024, the regulation entered into force 20 days later on May 20, 2024. After the entry into force of the regulation, the Commission had 6 months to issue the enforcement decrees supplementing the eIDAS regulation.

The update of the eIDAS regulation is part of the EU’s wider strategy of integrating digital services and technologies into the member states’ economies and societies. For 2030, the EU has set the following targets in accordance with its digital decade objectives:

  • All citizens’ access to electronic identifiers.
  • The increased transition of public services to digital format.
  • Improved data security and reliable electronic solutions that promote business and governance.

In other words, the EU regulation related to electronic identification has developed in the direction of more standardized and secure services that support digital services and electronic communications between the member states.