June 30, 2016

Try not to spend the next few minutes kicking the wall as you recall Brexit, because we are about to remind you that 1 July is eIDAS Day, a significant plank in the move to the Digital Single Market.

Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) adopted by the co-legislators on 23 July 2014 aims to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.

The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (SI 2016 No. 696) have been made to implement the EU Regulation and have effect from 22 July. The UK Regulations appoint the Information Commissioner as the supervisory body – the tasks of the supervisory body include enforcement. Note that qualified certificates issued before 1 July 2016, under the 2002 Regulations, are considered to be qualified certificates for electronic signatures under the new Regulation until their expiry. Schedules 1 and 2 to the UK Regulations set out the penalty and enforcement regime. Schedule 1 provides that where the supervisory body is satisfied that a trust service provider is in contravention of the eIDAS Regulation, it may issue a monetary penalty. Schedule 2 provides that where the supervisory body is satisfied that a trust service provider is in contravention of the eIDAS Regulation, the supervisory body may withdraw the provider’s qualified status or serve an enforcement notice, assessment notice or an information notice. A trust service provider served with a monetary penalty or notice may appeal to the Upper or First-tier Tribunal.

The European Commission claims that the eIDAS Regulation:

·        ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available.

·        creates an European internal market for eTS – namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication – by ensuring that they will work across borders and have the same legal status as traditional paper based processes.

It is the Commission view that it is only by providing certainty on the legal validity of all these services that businesses and citizens will use digital interactions as their ‘natural way of interaction’.

The eIDAS Regulation seeks to make it possible for EU citizens people, companies (in particular SMEs) and public administrations to complete transactions online and across borders in just “one click”. eIDAS should lead to higher security and more convenience for any online activity such submitting tax declarations, enrolling in a foreign university, remotely opening a bank account, setting up a business in another Member State, authenticating for internet payments, bidding to on line call for tender, etc.

Commissioner Andrus Ansip writes in his blog:

Raising confidence in the online world is an essential part of building a Digital Single Market. Today, Europe is taking a major step towards this goal, with rules now applying directly in all 28 EU countries for electronic ‘trust services’: online services where users require a degree of security and trust, such as electronic signatures.

From July 1, everyone in the EU – individuals, businesses, public administrations – will be able to access services safely, carry out online transactions and even set up a business in other EU countries. An electronic signature will be recognised in the same way as a handwritten one, across the EU.

The same principles also apply to electronic seals, documents and delivery services, as well as time stamps and website authentication. Life will become easier in a wide range of areas, from filing tax returns, enrolling in a foreign university or remotely opening a bank account to authenticating internet payments for online shopping or bidding in online tenders.

In an associated development, Adobe announced the Cloud Signature Consortium, a group comprised of leading industry and academic organisations committed to building a new open standard for cloud-based digital signatures across mobile and web – so anyone can digitally sign documents from anywhere. Here is an extract from their press release on this:

The new standard created by the consortium will be critical to furthering digital transformation of business on a global scale by giving everyone access to secure digital signature solutions across a full range of cloud applications and mobile devices. Once implemented, the standard will benefit processes where signer identification is critical, such as applying for a marriage or business license, state benefits, or signing for a large loan. The Cloud Signature Consortium aims to build a global network of industry contributors and intends to release new standard specifications by the end of 2016—with the first cloud-based implementations to follow shortly thereafter. The consortium was inspired by the need to meet the highest level requirements of the European Union’s Regulation on Identification and Trust Services (eIDAS), but its impact is expected to be global as demand for highly secure digital solutions continues to rise.

“Adobe has a long history of successfully helping to establish and drive the adoption of open standards,” said Melissa Webster, vice president of content and digital media technologies, IDC.  “An open standard focused on cloud-based digital signatures will not only help companies save time and resources, but ultimately move an entire industry forward with best practices that benefit all.”

In addition to Adobe, initial Cloud Signature Consortium members, which span European cloud-based digital signature providers, trust services providers, academics, and standards and security focused organisations, include:


Asseco Data Systems – Poland

Bundesdruckerei / D-Trust – Germany

Cryptolog / Universign – France

Docapost / Certinomis – France

InfoCert – Italy

Intarsys Consulting – Germany

Intesi Group – Italy

Izenpe – Spain

Safelayer – Spain

SwissSign – Switzerland

Graz University of Technology – Austria

Unibridge – Norway

You will note that none of the listed participants is a UK organisations. Time to go and kick the wall.