Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementation of the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

Published byTyrone Harmon Modified over 9 years ago

Similar presentations

Presentation on theme: "Implementation of the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market."— Presentation transcript:

1 Implementation of the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) and comparison of Directive 99/93/EC and eIDAS Regulation Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –

2 Content: 1. eIDAS Regulation
2. Implementation of eIDAS Regulation in member states and Slovenia 3. Directive 1999/93/EC 4. Comparison between eIDAS Regulation and Directive 1999/93/EC

3 The eIDAS Regulation- Introduction
The Regulation 910/2014/EC (eIDAS Regulation) was adopted on 23. July and was published on 28. August 2014. It entered into force on 17. September 2014, but it is not entirely applicable from this date on: The rules regarding electronic identification will apply from the date of application of the implementing acts (deadline is ), except for mandatory mutual recognition (art. 6) which will apply 3 years after the adoption of implementing acts (i.e. 3Q 2018) The rules for Trust Services will apply from 1. July 2016.

4 The eIDAS Regulation- Introduction
Neelie Kroes, 1. March 2014: “The adoption of this Regulation on e-ID is a fundamental step towards the completion of the Digital Single Market. This agreement boost trust and convenience in cross-border and cross-sector electronic transactions.” President Juncker's Political Guidelines : “By creating a connected Digital Single Market, we can generate up to €250 billion of additional growth. “ eIDAS will: ensure that national electronic identification schemes (eIDs) can be used in other EU countries establish European internal market for Trust Services (TS) by providing rules which will ensure that such services will work across borders and have the same legal status as traditional paper based processes.

5 What is covered by the eIDAS Regulation:
Electronic Identification (eID): Rules for mutual recognition of eID across MS legal framework (notification, assurance levels, security…) Trust Services (TS): Interoperability and application of electronic signature Interoperability and application of electronic seals Uniform regulation of: -time stamping -electronic delivery of electronic documents -recognition of electronic documents -authentication of websites Previous rules on e-signature (Directive 1999/93/EC) are repealed and entirely substituted by the eIDAS Regulation (art. 50) The eID’s built-in chip makes electronic identification and electronic signature possible. The chip contains an authentication and signature certificate, both of which you can use in combination with your PIN code. The authentication certificate is used to confirm your identity if you log on to a website with your eID. The signature certificate ensures that you can sign electronically. Highly secure, centrally managed remote signing (or server-side) solutions eliminate the need to manage and control large numbers of smartcards, while enabling individuals to digitally sign documents using advanced technologies such as cloud-based services and mobile devices. The regulation introduces mutual recognition of eID: it targets public sector, as it requires MS to permit foreign citizens to use their own eIDs to access online services. Private sector is not directly impacted, since the companies are not required to to accept foreign eIDs for the services that they offer.

6 Main goals of the eIDAS Regulation:
mutual recognition of eIDs across MS which are notified to EC (Notified Electronic Identification Schemes) mutual recognition of QTS ensuring effective cross-border interoperability of services, ensuring accessibility to TS for disabled users harmonizing national (and regional!) supervision of QTSPs and their services, light-touch supervision for TSPs (ad hoc measures) the establishment of Trusted lists (for QTPS) and EU trust mark enhanced data protection and minimization of a set of personal data by service providers achieving flexibility and technological neutrality through the implementing acts

7 What eIDAS does not require:
to introduce electronic ID cards or other electronic identification solutions to introduce European ID cards an individual to have electronic ID card or passport to link national databases with national databases of other Member States introduction of a sharing of personal or financial information with other parties

8 Adoption of implementing acts
As EU lawmakers seek flexibility and technological neutrality, many implementing acts are envisaged. 28 implementing acts altogether: 4 implementing the eIDs rules 24 implementing TS rules 1 delegated act for technical specification of the TS 7 +1 acts are obligatory - their adoption is necessary for applying the rules of the regulation Majority of acts is „optional“. Nevertheless, their adoption would contribute to the clarification of the subject-matter and greater harmonization

9 Adoption of implementing acts
Time plan as proposed by the Commission:

10 Adoption of implementing acts
List of obligatory implementing acts:

11 Adoption of implementing acts
List of additional implementing acts:

12 Adoption of implementing acts
List of additional implementing acts:

13 Implementation in MS: According to Art. 288 of the Treaty on the Functioning of the EU, regulations are directly applicable in the Member States: „To exercise the Union's competences, the institutions shall adopt regulations, directives, decisions, recommendations and opinions. A regulation shall have general application. It shall be binding in its entirety and directly applicable in all Member States. The supremacy principle demands that national laws which are in conflict with the laws of the EU shall be ignored/repealed so that the European rules can take effect. This was further elaborated in Costa v ENEL doctrine. The direct effect principle ensures the application and effectiveness of European law in the Member States (Van Gend en Loos doctrine) Theoretically, no further (proactive) legal activities regarding the implementation of the Regulation should be taken by the MS. MS should prevent national rules to be in conflict with the EU rules (therefore derogation/adaptation of national laws might be necessary) The Regulation will repeal the existing eSignatures Directive and will also automatically replace any inconsistent national laws in MS 

14 Situation in Slovenia:
Slovenia transposed Directive 1999/93/EC in its domestic legislation Existing national legal framework regarding e-signature: Electronic Commerce and Electronic Signature Act (Official Gazette no. 57/2000 and 25/2004) Decree on conditions for electronic commerce and electronic signatures (Official Gazette no. 77/2000 and 2/2001) Rules on the application of certifiers and keeping the register of certification authorities in the Republic of Slovenia (Official Gazette no. 99/2001) Private and public providers of some TS:

15 Implementation in Slovenia:
As the eIDAS Regulation has been adopted only recently no concrete steps towards the implemetntation have been taken in Slovenia Preparations have begun on political and on organizational -strategical level. Political level – strong commitment to implement eIDAS Regulation into Slovenian legal system: "Due to the methodological and terminological harmonization on the national level, the Electronic Commerce and Electronic Signature Act will be amended or even new legal framework that will be adopted. The aim is to comprehensively regulate the area of electronic identity management and trust services for electronic transactions” (Press Conference of Minister for Education, Science and Sport, September 2014)

16 Implementation in Slovenia:
Organizational & Strategical level: competence lies within the jurisdiction of Directorate for Information Society (Minisistry for Education, Science and Sport) Other portfolios are also affecetd (Ministry for Public Administration, Ministry of Interior…) Multi-sector Working Group established by the Governmet to coordinate the implementation of the eIDAS Regulation Strategical documents which deal with this topic -> Strategy Si2020 (currently in the process of adoption): „Following the provisions of eIDAS Regulation, adjustments of national legal framework are necessary to establish appropriate organization and infrastructure environment for eIDs, which includes the implementation of supervisory functions, recognition and acceptance of notified electronic identification elements from other MS and reporting functions. Already established electronic public sector services will also need to be adapted in order to be accepted in cross-border use“

17 Implementation in Slovenia:
Tasks of the Multi-sector Working Group for eIDAS: Preparation of the analysis of the existing situation and identification of necessary adjustments comparative analysis of the measures and solutions in other MS preparation of action plan which will address normative, institutional and operational measures for creation of a new legal framework for eID and TS Monitoring the harmonization of national sectoral rules with the Regulation

18 Implementation in Slovenia:
Some technical preparations: Activities to modernize e-identification and other services to increase confidence and security in the public sector have already started. On the field of TSs Ministry of Public Administration is in the process of preparing a central authentication system (SI-CAS) and the central server system for e-signature (SI-CES) For this purpose the Ministry is already participating in the various EU projects, such as STORK 2.0 for cross-border e-identification and e-SENS project for the establishment of common building blocks for TSs in cross-border transactions.

19 Implementation in Slovenia:
Tasks to be addressed: Creation of the list of all relevant national legislation (acts) which need to be changed/adapted or repealed. Impact assessement –what are the costs? How to implement provisions of the Regulation in order to avoid duplication? Questions to be answered: Are there any national acts needed for implemtation of the Regulation? (eg. regarding the definition who is competent authority, surveilance, fines for non-compliance, etc.) Does the list of certification service providers from ECESA complies to Trusted Lists from art. 22 of the Regulation? How many eID means should we introduce? Should we include private sector as well? (Recital 13 of the Regulation) How to organize the supervision? Designation of the competent authority? Shall we also adapt other existing national solutions which are not directly affected by the Regulation- eg. ZVDAGA

20 SLO national legislation – implementation steps
register Certification Authorities = trusted list? organization of proper control? one or more scheme (public/private sector)? do we have an oversight of legislative and executive acts editing this content? Is our national legislation anywhere in conflict with regulation? how to avoid duplication of tasks? maintain the existing national solutions or as much as possible adapt to the requirements of cross-border e-commerce? how to optimally adapt the services of the public sector to meet the requirements for mutual recognition? the costs of regulation(public/private sector)?

21 Directive 1999/93/EC Directive laid down the criteria for legal recognition of electronic signatures by focusing on certification services: common obligations for certification service providers in order to secure cross-border recognition of signatures and certificates throughout the European Community; common rules on liability to help build confidence among users, who rely on the certificates, and among service providers; cooperative mechanisms to facilitate cross-border recognition of signatures and certificates with third countries. Directive didn‘t deliver a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to- use electronic transactions.

22 Directive 1999/93/EC The Directive introduced: Access to the market:
the electronic signature and advanced electronic signature the qualified certificate Access to the market: No license/authorisation required for Certification Services Providers (CSPs) there is an notification requirement for those CSPs issuing qualified certificates to the public that have been subject to voluntary accreditation Member States may not limit the number of accredited CSPs Member States may not restrict the provision of certification services originating in another Member State Legal effects of electronic signatures: advanced electronic signature based on a qualified certificate created by a secure-signature-creation device has the same legal status as a handwritten signature

23 Directive 1999/93/EC Liability of CSPs: International aspects:
CSP which issues a qualified certificate is liable to any person who reasonably relies on the certificate if he was acting intentionally or with negligence CSP is not liable for damage arising from use of a qualified certificate that exceeds the limitations placed on it Limitation of compensation by CSPs is allowed International aspects: MS must ensure that mutual legal recognition of qualified certificates and electronic signatures from third countries is applied if certain reliability conditions are met. Data Protection: CSPs and national bodies responsible for accreditation or supervision comply with Directive 95/46/EC

24 Comparison - general observations
„From e-signature to Trust Services“ The Directive did not provide comprehnesive legal framework, which has has lead to a very different approaches in implementing the rules into national legislation. Outcome: it was de facto impossible to conduct cross border electronic transactions. Comprehensive rules regarding TS legal framework (Chapter III) from which part is also e-signature (supervision, qualified services and building of trust and special rules for e-signiture only) The Regulation is much broader in scope and more conrete in rules as it introduced: legal effects of electronic seals, the legal effects of and requirements for electronic time stamps and electronic registered delivery services, the requirements for website authentication and the legal effects for electronic documents, Comprehensive rules regarding TS legal framework (Chapter III) from which part is also e- signature (supervision, qualified services and building of trust and special rules for e- signiture only)

25 Comparison: supervisory schemes: In this respect rules are now much more concrete; they provide for possibility for regional supervision, different layers of supervision, reporting to the EC (art. 17), mutual assistance (art. 18), obligation to notify (see below), audit of qTSP every 24 months (art. 20) stricter rules on security requirements for TSPs (art. 19): they will need to implement organizational and security measures that are proportional to the level of risk presented by their activities they will have to inform stakeholders about the effects of incidents In case of breach/loss of integrity which has impact on personal data, TSP are obliged to notify it to supervisory body and affected parties in 24 h at latest. Rules regarding the initiation of qTS (art. 21): notification to supervisory body, prior conformity assessement, granting of the qTSP status and its inclusion on the trusted list.

26 Comparison: Comprehensive Requirements for qTSPs (art. 24): some of them have already been introduced by the Annex II to the e- signature Directive (eg. rules on verification, staff requirements, liability, obligation to inform…) but are now elaborated and modified (eg. trustworthy systems, eg. verification). Also some new requirements have been introduced (up-to-date termination plan, obligation to establish and update certificate database) building of trust (qTS): introduction of trusted lists for qTSPs together with qTS in each MS (art. 22) and EU trust mark to identify services which meet certain strict requirements and are therefore reliable (art. 23). Aim is to build the trustworthiness of the e-signatures

27 Comparison: Special rules regarding e-signature are set out in Section 4 (art ): Regulation makes distinction among: e-signature advanced e-signature qualified e-signature In the sense of legal effects, qualified e-signature from eIDAS Regulation (art. 25) corresponds to advanced e-signature from the Directive (art. 5): Qualified e- signature has equivalent legal effect of a handwritten signature In comparison to the E-signature Directive, the eIDAS Regulation has more elaborated rules on requirements for qualified certificates for e-signatures (Annex I): more elaborate data on signatory (bullets a and b), location of services which enable to check validity status of the certificate, …

28 Comparison: In addition, Regulation laid down rules on revocation of qualified certificates for e-signatures (art. 28). MS may adopt national rules regarding the temporary suspension of qualified certificates for e-signatures (art. 28(5)). In comparison to the Directive, the Regulation provides rules on devices for creation of e-signature (=Qualified Electronic Signature Creation Devices- QESCDs): Requirements for QESCDs are laid down in Annex II (art. 29), certification procedures are provided in art implementing acts of the Commission, and creation and publication of the List of QESCDs (art. 31) Rules on validation of qualified e-signatures (art. 32 and 33) which will provide legal certainty and trust: Regulation sets under what conditions the Q e-signature shall be regarded as being validated (a-h).

29 Comparison: Art. 33 provides additional rules on qualified validation services (=Qualified Validation Service for Qualified Electronic Signature). These services may only be provided by QTSPs and will provide users with the result of the validation process in a trustworthy manner (automated message, signed/stamped by the QTSP. Preservation of qualified e-signatures (art. 34): Regulation laid down rules on Qualified Preservation Service for Qualified Electronic Signatures. This concept has not been introduced. Regulation now stipulates that this service may be provided only by QTSPs. Standards for qualified Preservation Service may be prescribed by the Commission.

30 Thank you!

Download ppt "Implementation of the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market."

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM(2012 238 final) {SWD(2012)

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)
WTO, Trade and Environment Division

WTO, Trade and Environment Division
AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.

AFACT eCOO WG interim meeting - Conference Call 1st March of 2011 Mahmood Zargar eCOO Experiences and Standards.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Methods of governance. The « community » method Initiative of the Commission Majority voting in the Council Participation of the Parliament (co-decision)

Methods of governance. The « community » method Initiative of the Commission Majority voting in the Council Participation of the Parliament (co-decision)
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –
Naklo, 22.10.2004 A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.

Naklo, A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.
“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.

“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.
2002 10 21 Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.
Regulation (EC) No. 765/2008 on accreditation and market surveillance

Regulation (EC) No. 765/2008 on accreditation and market surveillance
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.

Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.
EU: Bilateral Agreements of Member States

EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
Workshop 57074 Ankara, 16.3. – 17.3. 2015.  Introduction  Legal background in Slovenia  Usage areas  Accreditations and supervision  REM service.

Workshop Ankara, –  Introduction  Legal background in Slovenia  Usage areas  Accreditations and supervision  REM service.
Integration of Regulatory Impact Assessment into the decision making process in the Czech Republic Aleš Pecka Department of Regulatory Reform and Public.

Integration of Regulatory Impact Assessment into the decision making process in the Czech Republic Aleš Pecka Department of Regulatory Reform and Public.
1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.

1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.
The Law of the European Union Information and Communication.

The Law of the European Union Information and Communication.

Similar presentations

Ads by Google