Recommendations for an improved application of eIDAS

Recommendations for an improved application of eIDAS

The eIDAS Regulation is currently being reviewed by the European Commission. A report on the application of the legislation is expected by 1 July 2020. This report will assess to what extent the eIDAS framework remains fit for purpose delivering the intended outcomes, results and impacts and may identify possible actions to improve regulatory performance.

In this context, Eurosmart would like to share recommendations for an improved application of the eIDAS Regulation. The recommendations supported by Eurosmart do not require a recast of the eIDAS Regulation. First, it is necessary to effectively implement the legislation. On the other hand, eIDAS would benefit from technical optimisations which could be translated into delegated acts and European standards.

Eurosmart recommends to:

  • Foster the deployment of eID schemes by (1) ensuring a common interpretation of the requirements for notification and (2) guaranteeing an effective mutual recognition;
  • Refine the technical specifications and procedures relating to eID assurance levels to avoid market fragmentation (in relation to Implementing Regulation 2015/1502);
  • Strengthen security by performing penetration testing for biometrics technologies;
  • Harmonise the technical criteria for qualified trust services;
  • Harmonise the accreditation process for Conformity Assessment Bodies;
  • Propose an EU qualified website authentication certificate;
  • Adopt a delegated act for a Protection Profile for Qualified Signature Creation Devices (QSCD) in the cloud.

Eurosmart’s full position paper:

Eurosmart_eIDAS_position_final