What is eIDAS?

eIDAS stands for “electronic Identification, Authentication, and Trust Services” and is the name of a regulation that was introduced in the European Union in 2016 in order to increase security for business transactions (for both business-to-business and business-to-customer) in an online environment.

Establishing digital trust as a business operating in the EU is enhanced by two main regulations: the GDPR (General Data Protection Regulation) and eIDAS. Where the GDPR deals with the protection of personal data for customers, eIDAS helps establish a legal framework for secure and efficient transactions and verification between businesses and customers.

eIDAS was implemented in an effort to increase efficiency, security, and legitimacy for both businesses and customers operating in the digital single market within the EU.

What does eIDAS entail?

eIDAS focuses primarily on identity verification and electronic signatures. With this, the regulation allows use of a variety of methods to check and authenticate the identity of an individual signing a document online. The eIDAS regulation makes it possible for formerly in-person identification verification requirements to become digital and officially acceptable across businesses and organizations. 

It also standardizes the procedures necessary for ID verification across borders in the EU and the context in which they are applied and the data gathered. It also gives every business offering online services a unique identifier, as part of an effort to streamline the exchange of information.

Documents signed with eIDAS are typically delivered, signed, and managed in a fully digital environment but have the same legal status as if they were handled in the traditional paper and “wet signature” (pen to paper) format.

What measures does eIDAS use?

eIDAS makes it possible for customers to sign documents electronically through Advanced and Qualified Electronic Signatures (QES). Both types of signatures are considered legally binding, and are uniquely linked to the signatory. QES are an enhanced version of Advanced Electronic Signatures in that they are certified through the use of a qualified trust service provider (QSTP).

eIDAS also employs time and date stamping for document signing, meaning that once a digital document has been electronically signed, it is electronically “stamped” with the date and time the signing was completed.

An electronic seal is then applied to the document. These seals ensure that any electronically signed and time stamped document is sealed so that it cannot be altered after signing. If any changes are to be made, it must be approved and resigned by the original signatory.

How does eIDAS affect businesses?

Ultimately, eIDAS provides a higher level of security and efficiency by allowing for electronic identification measures. It aims to help to protect both businesses and consumers from potential fraudulent activity caused by identity theft.

Beyond increased security and authentication, from the business side, eIDAS offers a number of additional benefits for businesses operating in the digital EU market.

Reduced operating costs: by taking paperwork processes online, companies save on administrative expenses, as well as physical resources such as paper.

Improved efficiency: accepting electronic signatures and verifying customer identity online increases the speed of processes typically requiring in-person interaction.

Enhanced security: offering customers the added safety measures provided by eIDAS measures helps to protect the identity of those involved in an online transaction.

Better customer experience: by helping customers to feel secure in working with a business, chances of future transactions are drastically increased.

While the initial implementation of eIDAS measures might seem slightly complex for businesses, once in place, the benefits are clear. Customers feel their privacy is protected, while companies can feel more assured of the identities and legitimacy of online transactions.

Although online transactions are far from new, measures to help ensure safe and private experiences must continue to adapt to help protect the data of both customers and companies. eIDAS is the latest European measure aimed at doing so, and replaces the Directive 1999/93/EC.