Eurosmart answers public consultation on eIDAS

The European Commission is in the process of reviewing the eIDAS Regulation. It launched a public consultation to gather stakeholders’ views on the strengths and weaknesses of eIDAS.

Eurosmart provided an answer to this consultation to highlight the need for technical optimisations of the Regulation, rather than a complete revision. Furthermore, Eurosmart strongly believes that eIDAS should be complemented by a new regulation for the private sector.

Please find below the link to the full answer and a summary of this answer.

Full answer to the consultation

Background

The eIDAS Regulation establishes a framework for the cross-border use of notified digital identities (eIDs). It ensures that EU citizens can access online public services with their national eID when they are in other EU countries. The legislation also creates a European internal market for electronic trust services – namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication. eIDAS has been instrumental in promoting online trust.  

 

Main points of Eurosmart’s answer

Digital identity:

-The European Commission should strongly encourage Member States to notify at least one eID scheme of level “Substantial” or “High”.

-Mutual recognition should be effective.

-There is a need for harmonisation as Member States prescribe diverging rules, in particular on the Levels of Assurance (LoA). A legally binding document on LoA is needed to bring convergence.

-A link with the Cybersecurity Act must be established for the certification of eID means. Cybersecurity certification schemes developed pursuant to the Cybersecurity Act should be used for certification of eID means, hence bringing harmonisation.

-There is a market need for private actors to use privately issued eIDs. A dedicated regulation should regulate 1) private eIDs and attribute providers, and 2) private services accepting them (called relying parties).

-Private solutions should build on notified eIDs at level “Substantial” or “High”, in particular on national identity cards.

-An adequate liability framework should be created for the private sector. Accepting entities should not be held liable in case of fraud and subsequent damage. It should be established that eID providers are those liable in case of fraud.

Trust services

-The current scope for trust services in eIDAS is sufficient, there is no need for additional trust services.

-The European Commission should make mandatory the use of EU standards to demonstrate conformity with the provisions of eIDAS.

-The European Commission should harmonise the security assessment of server-based Qualified Signature Creation Ddevices by (1) relying on Common Criteria methodology, and (2) referencing mandatory protection profiles covering all the needed components for server signing.

You can also consult here Eurosmart’s position on the revision of eIDAS.

 

If you have any questions on these issues, do not hesitate to contact Camille Dornier, Policy Manager: camille.dornier@eurosmart.com

Eurosmart
Rue de la Science 14B - 1040 Brussels BELGIUM
Privacy Policy - EU transparency register #21856815315-64
Twitter LinkedIn
Modify your subscription    |    View online