23 Sep 2015 Comments on eIDAS Secondary Legislation
eIDAS: national eID schemes will need to provide sufficient requirements against high level attacks
Brussels, 23rd of September 2015 – On September 8th, four implementing acts fleshing out Regulation 910/2014 on electronic identification and trust services for electronic transactions (eIDAS) were officially referenced in the official Journal of the European Union: two for eID (on interoperability framework and on levels of assurance) and two for trust services (on the formats of advanced electronic signatures and seals and on the technical specifications of the national Trusted Lists).
In a context where an increasing number of transactions are operated online, Eurosmart welcomes this milestone that paves the way towards an interoperable electronic identification for European citizens. Timothée Mangenot, Chairman of Eurosmart: “We have continuously called for the establishment of a regulatory framework that would support the development of cross-border electronic transactions, and we particularly appreciate the Member States’ commitment and the European Commission’s leadership to ensuring a swift implementation of the eIDAS regulation”.
Very sensitive applications (starting with e-Voting and Qualified Electronic Signature) will require a high level of security, and the industry represented by Eurosmart will be at the forefront for providing certified solutions that allow a maximal resistance to high level attacks and security breaches. Timothée Mangenot continued: “despite the lack of clear distinction between levels of assurance “substantial” and “high” in the related implementing act, only a certification process guarantees that every effort has been made to protect the two parties of the transaction against fraud. Digital security, including protection of personal data and privacy, is a fundamental right for all European Citizens. Security certified level “high” solutions, with privacy protecting features, are a reality and have been successfully deployed in EU countries”.
Eurosmart will keep paying close attention to the notification and interoperability of eID schemes – notably under the Cooperation Network – and remains committed to a sustained dialogue with the relevant authorities.