Without trust in the online world, there is no economic growth and no social development. Nevertheless, due to the lack of trust and the resulting uncertainty, public authorities, citizens and businesses are reluctant to use electronic services. Until now, "analogue" identification can be carried out by comparing a person with an identity card including a certified photograph. This scenario is already known from identity checks by the police.
An online version of the "analogue" identification has already been launched in the form of a money laundering-compliant video identification, in which people can be identified by a reliable third party with a certified identity document. Of course, this one-sided process does not create a digital identity, but is only a form of a digital identification procedure. However, this video identity can be stored encrypted, transported by security tokens and authorized, and thus a digital identity can be created.
A new "ID-free" identification was created by the EU directive eIDAS. But what is meant by "eIDAS"? The translation of the English abbreviation is “electronic Identification, Authentication and trust Services”, which corresponds to the electronic variant of a handwritten signature. The signatory can use this as proof of his acceptance or consent to a document. The implementation is illustrated by a scanned manual signature or by clicking on a button from a website such as "I accept" or similar.
This digital identity ensures security in electronic transactions, that also support close cooperation with authorities. It will also strengthen trust in e-services in the EU's Single Market. Currently, the regulation on electronic signatures is being replaced by the eIDAS signature regulation, which also gets rid of the existing legal differences regarding digital signatures. In July 2014, eIDAS was adopted by the General Affairs Council and on 1 July 2016 the regulations for trust services came into force.
The eIDAS consists of two main points. Firstly, a "very simple" and secure electronic communication is ensured while also maintaining a uniform level of safety for electronic identification. Examples of means of identification according to eIDAS are bank, health or social security cards as well as the German identity card with the online ID function. Secondly, the eIDAS Regulation includes qualified electronic trust services that are characterized by their digital signatures, digital seals, time stamps, certificates and preservation services. These trust services are used to create secure website authentications.
E-Signatures of eIDAS
The eIDAS regulation also lays regulative foundation for the Advanced electronic signatures (AdES) and Qualified electronic signatures (QES). This ensures consistency in e-signatures in all EU member states. The two terms differ in where they are accepted in the EU as well as their binding force, for example AdES is legally binding. Both AdES and QES confirm the identity of the signatory, which then can be seen as written signature. Electronic signature enables companies and their departments to sign documents without needing an authorized person to sign. The electronic signature has the same standing as written ones, but can only be applied to corporations and other legal entities.
The security level
Article 8 of the new regulation defines three levels of security for identification systems: low, substantial and high. With the low security, there is a limited trust in the identity of the person who signs their identity is only proven through the ownership of an email address. Substantive security is reached when both the ownership of an e-mail address and proof of identity is required. For the security level to reach the highest trier, the signatory needs proof of identification, but also required a company to stand behind that person and represents them.
What are the advantages of eIDAS?
The eIDAS Regulation is beneficial for companies in all sectors as until now, there have been many barriers and restraints in the use of digital transactions in the EU. Different technical and professional standards meant that electronic identification was not able to be used across boarders within the EU. These problems have now been overcome with the unifying eIDAS regulation.
Implementation in practice
For example, a user with a German identification card that enables digital identification, is now able to identify him- or herself in other countries across the EU. In addition, the user is now able to sign contracts via their mobile phones. The electronic seal acts as an online stamp for administrative areas and organizations.
Sources: Bundesdruckerei (Ed.)
(15.07.2019): eIDAS – Secure electronic transactions in the EU DocuSign(Hrsg.)(k.A): Die eIDAS-Verordung: Grundlagen, www.docusign.de DocuSign(Hrsg.)(k.A.): Electronic Signatures, www.docusign.de Global Sign Blog (Ed.)(01.09.2017): The eIDAS Signature Regulation and what it means for companies www.globalsign.com