eidas regulation (reg. no. 910/2014)
Post on 15-Apr-2017
105 Views
Preview:
TRANSCRIPT
The eIDAS Regulation (Reg. No. 910/2014 ).
e-ID and trusted services in Europe
Cosetta MasiIT Lawyer
August 29, 2016
Regulation No. 910/2014 of European Parliament and the Council of the European Union on electronic identification and trusted services for electronic transactions in the internal market repealing Directive 1999/93/EC.
All rights reserved – Cosetta Masi, 2016
Agenda1. Online transactions2. The adoption of the eIDAS Regulation3. Main innovations by the eIDAS Regulation4. Implementation5. Conclusions
All rights reserved – Cosetta Masi, 2016
1. Online transactions
Challenges of online transactions: Distance transaction: no
opportunity to ‘touch’ the goods or try the services
Identity of the counterparty Risk of prior performance Privacy and security risks Security of payment method
Lack of trust by the operators in the online market.
All rights reserved – Cosetta Masi, 2016
1. Online transactions
Participation to
tenders
Execution of
agreements
Filing of tax
declarationsEnrollme
nt with a foreign
university
E-banking
Take part to public and
private auction
sAll rights reserved – Cosetta Masi, 2016
Agenda2. The adoption of the eIDAS Regulation
2.1. Directive 1999/93/EC and its shortcomings2.2. The purpose of the eIDAS Regulation
All rights reserved – Cosetta Masi, 2016
2. The adoption of the eIDAS Regulation2.1. Directive 1999/93/EC and its shortcomings
Developing the online market fosters: the increase of transactions on the European internal market the free circulation of goods and services within the European Union
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a community framework for electronic signatures.
All rights reserved – Cosetta Masi, 2016
2. The adoption of the eIDAS Regulation2.1. Directive 1999/93/EC and its shortcomings
Fragmentation
Need of transposition into national legislationLack of interoperability
Narrow
scopeScope of the Directive: limited to e-
signatures
Technologically outdated
Neutral approach toward technologiesMajor technological changes since 1999
Report from the Commission on the operation of the Directive (2006)
Commission communication ‘A Digital Agenda for Europe’ (2010)
Commission communication ‘Single Market Act’ (2011)
The online market and the use of e-signatures did not increase significantly in the framework of the Directive.
All rights reserved – Cosetta Masi, 2016
2. The adoption of the eIDAS Regulation2.2. The purpose of the eIDAS Regulation
Report from the Commission on the operation of the Directive – COM(2006) 120 final
“[…] the Commission will organize a series of meetings with Member States and the relevant stakeholders to address the following issues in the view of considering complementary measures, where appropriate: the differences in the transposition of the Directive; the clarifications of specific articles of the Directive; the technical and standardization aspects; interoperability problems” (para 5.1.).
Proposal by the Commission for the adoption of the eIDAS Regulation - COM(2012) 238 final
“the consultations made clear that a large majority of stakeholders agreed on the need to review the current framework to fill the gaps left by the electronic signature Directive. It was felt that this would better respond to challenges posed by the rapid development of new technologies (particularly online and mobile access) and by increased globalisation, while maintaining the technological neutrality of the legal framework” (para 2).
All rights reserved – Cosetta Masi, 2016
Agenda3. Main innovations by the eIDAS Regulation
3.1. The adoption of a Regulation3.2. Wider range of certification services3.3. Functional equivalence3.4. New framework for mutual recognition3.5. New framework for trust services
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.1. The adoption of a Regulation Directly applicable in all Member States No need of transposition in the national legislation of
Member States Direct application of the Commission implementing
acts
Reduces legal fragmentation and increases certainty by introducing a harmonized set of core rules.
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.2. Wider range of certification services
The eIDAS Regulation covers other certification services, beyond e-signatures. Electronic seals Electronic time stamps Electronic registered delivery
services Website authentication Electronic documents
Each aspect of an online transaction may be certified.
Website authentication
to ensure trustworthiness
E-signaturesand e-seals
to ensure the ID of the parties
Electronic documents
to ensure means of proof
Electronic registered transmissionto secure the
delivery
SECURE ONLINE
TRANSACTION
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.3. Functional equivalence
The eIDAS Regulation is a further step in the acknowledgment of the equivalence between ‘paper based’ ID means and electronic means.
E-signaturesA qualified electronic signature shall have the equivalent legal effect of a handwritten signature – art. 25(2). E-sealsA qualified electronic seal shall enjoy the presumption of integrity of the data and of the correctness of the origin of that data to which the qualified electronic seal is linked – art. 35(2). E-time stampsA qualified time stamp shall enjoy the presumption of accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound – art. 41(2). All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.4. New framework for mutual recognition
Publication of the list of notified e-identification schemes in the Official Journal
Mutual recognition of e-ID issued under an e-ID scheme included in the list – art. 6
Notification of e-identification scheme by a Member State to the CommissionEligibility for notification - art. 7 Contents of the notification - art.
9
e-ID scheme is communicated to the other Member States – PEER REVIEWInteroperability Security
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.4. New framework for mutual recognition
Mutual recognition
Liability
Inter-operabili
ty
Assurance levelsThe eIDAS Regulation
introduces new elements for the success of the mutual recognition of e-ID schemes between Member States.
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.4. New framework for mutual recognition
Low, substantial and high. Minimum requirements for each assurance level are set by the Commission (Implementing Regulation No. 2015/1502).
Notified e-ID schemes should be interoperable (Implementing Regulation No. 2015/1501 on interoperability and Implementing Decision No. 2015/296 on procedures for cooperation between Member States).
Liability of the party issuing the e-ID means, the party operating the authentication procedure, and the Member States – art. 11.
Assurance levels
Inter-operabilit
y
Liability
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.5. New framework for trust servicesDefinition in art. 1(16)An electronic service normally provided for remuneration which consists of (a) the creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services; or (b) the creation, verification and validation of certificates for website authentication; or (c) the preservation of electronic signatures, seals or certificates related to those services.
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.5. New framework for trust services Supervisory body – art. 17Member States shall designate a supervisory body, responsible for the supervision of trust service providers. Liability – art. 13Trust service providers shall be liable for damage caused intentionally or negligently to any natural or legal person due to the failure to comply with the eIDAS Regulation. Security requirements and breach notification – art. 19Service providers shall assure a level of security commensurate to the degree or risk, and notify to the supervisory body any breach of security or loss of integrity.
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.5. New framework for trust services
Service providers Qualified
service providers
ex post supervision by the supervisory body
requirements in art. 24 ‘qualified’ status granted by the
supervisory body ex ante supervision by the
supervisory body auditing included in trusted lists drafted by
Member States entitled to use the EU trust markAll rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.5. New framework for trust services
Requirements for qualified trust service providers – art. 24General: employ staff and subcontractors which possess the necessary expertise, reliability,
experience and qualifications and who have received appropriate training with regard to risk of liability for damages, maintain sufficient financial resources
and/or obtain appropriate liability insurance
Technical: ensure lawful processing of data in accordance
with Dir. 95/46/EC use trustworthy systems to store data provided to
the TSP – take appropriate measures against forgery and theft of data
The Commission MAY adopt an implementing act to establish reference standards for trustworthy systems and products.
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.5. New framework for trust services
The eIDAS Regulation introduces new elements to enhance the (cross border) provision of trust services.
Transparency
- Trusted lists
- EU trust mark
Liability
Increase of trust in service
providers
All rights reserved – Cosetta Masi, 2016
3. Main innovations by the eIDAS Regulation 3.5. New framework for trust services
EU trust mark
Source: Annex I, Commission Implementing Regulation No. 2015/806
All rights reserved – Cosetta Masi, 2016
Agenda4. Implementation
4.1. Timeline for implementation4.2. Implementing acts by the Commission
All rights reserved – Cosetta Masi, 2016
4. Implementation4.1. Timeline for implementation
17 September 2014Entry into force
29 September 2018Mandatory recognition of notified e-ID schemes
Increase trust in the online transactions
Adoption of implementing acts by the Commission
1 July 2016Repeal of the Directive.Mainly affects the provision of trust services
All rights reserved – Cosetta Masi, 2016
29 September 2015Voluntary recognition of e-ID means
4. Implementation4.2. Implementing acts by the Commission
Electronic identification: Implementing Decision No. 2015/296Procedures for the cooperation between Member States. Implementing Regulation No. 2015/1501Interoperability framework. Implementing Regulation No. 2015/1502Minimum technical requirements and procedures for assurance levels. Implementing Decision No. 2015/1984 Circumstances, formats and procedures of notification.
Electronic trust services: Implementing Regulation No. 2015/806Specifications relating to the EU trust mark. Implementing Decision No. 2015/1505Specifications and formats relating to trusted lists. Implementing Decision No. 2015/1506Formats of advanced e-signatures and e-seals to be recognized in the public sector. Implementing Decision No. 2016/650Standards for the security assessment of qualified signature and seal creation devices.
All rights reserved – Cosetta Masi, 2016
5. ConclusionsThe eIDAS Regulation introduces new tools or enhances the provisions of the Directive, for the purpose of:
Ensuring mutual recognition and acceptance of electronic identification means
Granting the free movement of trust services
Ensuring minimal security levels of trust for electronic identification means and for trust service providers
Liability
Cooperation
Technical standards
Transparency
SupervisionAll rights reserved – Cosetta Masi, 2016
5. Conclusions The eIDAS Regulation does not create an unified
system for eID Member States are under no obligation to notify eID
schemes: they are obliged to recognize eID issued under eID schemes notified by other Member States
Human factor?
All rights reserved – Cosetta Masi, 2016
For further comments and questions:
Avv. Cosetta Masi@ info@avvocatomasi.com
skype cosetta.ms
All rights reserved – Cosetta Masi, 2016
top related