eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU.
On a European level in order to break down the barriers to a single digital marketplace, in December 1999 Europe created a Directive (1999/93/EC) aiming to facilitate the use of digital signatures and their legal recognition.
But this provided only half of the equation and did not foresee in a single, cross-border European framework to make this happen.
So a Regulation was followed in July 2014 (910/2014: Regulation (EU) N°910/2014, commonly known as “the eIDAS Regulation”).
This one fills the gaps in 1999/93/EC and came into effect on July 1st, 2016 – without having to be translated to national legislation.
This Regulation dictates that national identification schemes (our Belgian eID for example) remain valid in the rest of Europe.
This is good news if you are often required to log onto European/Member State public administrations, be it for requesting official documents, entering tax declarations, or participating in public calls for tenders.
The eIDAS Regulation also defines “trust services”. Indeed, if you have a service that says that the invoice you received is the original and that its integrity has been certified, you’d want that service to meet certain standards and make sure that these are audited and verified regularly.
The eIDAS Regulation sets out the playing field for these but naturally refers to the Member States to enforce and regulate.
Next to the aspect of digital identification and the conditions for third-party trusted services, the eIDAS Regulation creates one unified market in Europe for electronic signatures, electronic seals, and time stamps.
This is done through certification levels: advanced and qualified, with increasingly strong requirements to run and operate, where the “qualified” version really is the valid one.
It gets a bit technical but the good news is that these services do not need to be on-premise. In a SAAS world, who would have expected less?
As qualified certified trust services, certificates, timestamps, seals, etc. are recognized over Europe equally, we’ll see new services emerge and the open market play on quality and pricing no doubt.
As not all elements were defined in the eIDAS Regulation, such as controlling bodies, etc, the implementation is in full swing on several fronts:
–Electronic identification: where European Decision 2015/296 and Regulations 2015/1501-1502 aim for interoperability, mutual recognition, and security of the electronic identification schemes throughout Europe.
–Electronic trust services: The European Regulation 2015/806, 2015/1984, and Decisions 2015/1505-1506 work towards transparency and interoperability throughout Europe on qualified trusted services through technical specifications, trusted lists formats, etc.
These form the groundwork for wide acceptance and confidence in the identification throughout Europe as well as the trusted services, as these are essential in creating fully digital, trusted, exchanges.
Here’s what eIDAS states about the digital sealing of documents and their legal value.
–In Article 25 “Legal effects of electronic signatures”, the eIDAS Regulation states that
- Qualified electronic signatures have the equivalent legal effect to handwritten signatures
- A qualified electronic signature based on a qualified certificate issued in one Member State will be recognized as valid in all other Member States as well.
–In Article 35 “Legal effect of electronic seals”, the eIDAS Regulation states that
- Qualified electronic seals will have the presumption of data integrity and origin validity.
- A qualified electronic seal based on a qualified certificate issued in one Member State will be recognized as valid in all other Member States as well.
–In Article 41 “Legal effect of electronic time stamps”, the eIDAS Regulation states that:
–In Article 46 “Legal effects of electronic documents”, the eIDAS Regulation states that electronic documents cannot be denied legal effect and admissibility as evidence on the grounds of the electronic form.
Furthermore, the details and requirements of the different aspects are closer defined, such as electronic identification, trust services, and trust service providers, advanced/qualified digital signatures, signature/seal creation devices, website authentication…
eiDAS In Belgium:
Let’s have a look at the current status in Belgium.
The most advanced description is for the digitalization of supplier invoices. The VAT-circulaire of 2008 details how invoices need to be scanned and stored, where the technical aspects and the procedures need to be defined very carefully.
The Legislator reserves the right to inspect such installations prior to delivering the validation.
This is however a very local implementation not taking into account international angles. Therefore, the limited requirements may not comply with the eIDAS requirements guaranteeing non-repudiation of the documents.
We, therefore, see that mostly only local players have implemented this paperless solution.
The Federal government provides trusted services, not only for the eID digital identity card each Belgian has but also for other public institutions. These trusted services are used by:
–The eHealth platform, for example for digital medical prescriptions;
–The Social Security, also specifically set the scene for the digitalization of victim cases in the context of work-related accidents;
–Insurance Law of 2014 defines the requirements for the digitalization of documents. Here is explicitly mentioned that the digital version has the same value in court and that the burden of evidence is inversed, so the adversary needs to prove that the digital version is not equal. The Royal Decree further enforcing this is however still not out, but is likely to be in line with the eIDAS regulations and the Federal trust services.
eiDAS Outside Europe
After the EU with its first attempt at digital equality in 1999, President Clinton signed the ESIGN Act in 2000, which aims to make digitally signed documents and contracts just as legally binding as their paper-based wet-ink signed counterparts.
The ESIGN Act provides the liberty for parties to use wet ink signatures even if the base documents are digital. Each organization or sector should/has created its own policies. This has been done for example in HIPAA (healthcare), Sarbane-Oxley, FDA…
The UN’s version of digital equality went live in 2013. This Convention aims to simplify international contractual exchanges through digital equality and increased paper-free commerce.
Finally, the eIDAS regulation opens up a lot of opportunities for organizations like the elimination of paper archives and the fully digital exchange with customers and partners whereby the legal framework is respected.
These initiatives contribute to the digital transformation of organizations, whereby costs can be cut, processes are deployed more efficiently and the handling of cases and claims is realized considerably faster.
Docbyte offers years of in-house expertise with DocShifter and presents flexible solutions that are easy to integrate and will take your organization to the next step in working paperless.
- Qualified electronic time stamps will have the presumption of accuracy of the date and time it indicates
- A qualified electronic time stamp based on a qualified certificate issued in one Member State will be recognized as valid in all other Member States as well.