Why eIDAS and digital identity should be on your list of priorities

Due to COVID-19 and the resulting lockdown, many organisations needed to find a solution to ensure the continuity of their services to customers and business partners. As in-person contact was not allowed, this resulted in a large uptake of process dematerialisation and trusted identities. For many of these critical business process, eIDAS provided the tools and the legal framework to ensure that businesses can continue and contracts can be signed, loans can be granted and employment contracts can be finalised, without having any doubt on legal complications in case of a dispute. The global pandemic underlined the importance of well-regulated (remote) identification processes and trusted digital identities that public and private sector organisations can rely on.

Background and history of the Regulation

The Regulation on electronic identification and trust services, the so-called eIDAS Regulation, became effective on July 1st, 2016. It defines the legal framework to harmonise digital identity and trust services in the European Economic Area (EEA) to enable businesses, consumers and governments to seamlessly communicate in a national and international context.

The eIDAS Regulation further develops the scope and requirements for these building blocks whereas the eIDAS digital identity, has become a cornerstone to establish trust in digital identities for natural and legal persons in the public and private sector.

The legal framework for electronic signatures was subsequently amended in the eIDAS Regulation with 4 additional services including electronic seals (electronic signatures for legal persons), website authentication, timestamping and registered delivery services.

In Belgium, the eIDAS Regulation was implemented by the Digital Act law, which added the electronic archiving service as an additional trust services, for which the implementation and certification requirements have recently been finalised. The electronic archive service is the digital equivalent of a paper archive and can be used, internally or commercially, whenever archiving is legally required. For example for social security information, financial statements, employment contracts, ea.

COVID-19 and the lockdown opportunity

For many organisations, the COVID-19 lockdown meant the introduction or further development of dematerialised processes and triggered an explosion of online collaboration and electronic business transactions such as eCommerce, signing contracts electronically or online collaboration. The initial investment in digital identities and online business resulted in an increased efficiency of doing business and ultimately resulted in doing more in less time. However sufficient levels of trust and legal guarantees need to be covered as well.

This is were the eIDAS Regulation provides a solution:

  • Part 1 defines a framework for trusted identities and electronic identification means with three trust levels
  • Part 2 covers the framework for electronic signatures for persons and organisations, trusted websites and time indication and registered delivery services.

These frameworks are used to provide security and trust for example in open banking implementations which benefits from the mutual trust and (legal) recognition across all EU member states provided by the eIDAS Regulation. These frameworks and their benefits can be used and leveraged in virtually all organisations that use digital identities or electronic transactions.

The eIDAS Regulation is currently undergoing a revision which aims to release an updated version later in 2021. The revision covers many lessons learned from the COVID-19 pandemic and the lockdown and incorporates the paradigm shift of remote identity, remote working and remote business.

The eIDAS 2.0 and market potential

In July 2020, the European Commission started the revision process for the eIDAS Regulation and opened a public consultation to request feedback from the market and stakeholders how eIDAS can be improved. The revision aims to align and harmonise the implementation of the Regulation across all member states, for public and private sector, and introduces the concept of a European Digital Identity wallet. The European Digital Identity wallet will allow individuals to electronically store virtual identity cards (including, but not limited to national identity cards) where they can choose which identity information will be shared. The main goal is to give the user more control over which information will be shared depending on the context and requirements of the organisation that is requesting the identity. For example you don’t need to provide your national registry number to use a common eCommerce website. This introduces a common identity concept known as self-sovereign identity, which will be implemented using (qualified) electronic ledgers.

Additionally, electronic archiving will be added as a eIDAS trust service in addition to the five existing trust services. The electronic archive will provide the legal foundation and mutual recognition of archiving services across member states

The revision proposal also includes an impact assessment report which contains a macro-economic study on the direct and indirect cost and benefits the eIDAS Regulation can facilitate. The impact assessment demonstrates the potential for the eIDAS Regulation and qualifies how it can be a cornerstone not only in digital identity and trust services, but in a broader cybersecurity and risk mitigation strategy.

The following table gives an overview of the estimated yearly reduced cost linked to identification procedures when leveraging eIDAS for some industry sectors:

Reduced operational costs linked to identification procedures (onboarding procedures, KYC procedures etc.)
Financial services (overall): €0.68 billion – €1.36 billion
eHealth: €1.26 billion – €2.51 billion
Aviation: € 30 million – €60 million
eCommerce: €0.24 billion – €0.47 billion
Reduced expenditures or damages related to cybercrimes (data theft, online fraud and procedures for online fraud prevention)
Financial services (overall): €0.85 billion – €1.4 billion
eHealth: €0.3 billion – € 0.6 billion
Aviation: €3.5 million – €7 million
eCommerce: €0.13 billion – €0.26 billion

How can your organisation benefit from eIDAS?

The eIDAS Regulation was initially conceived as a toolbox to provide trust identities and services, as well as provide mutual recognition and legal acceptance across the European Union. Five years after the introduction of the Regulation, it became apparent that the potential of eIDAS goes far beyond the initial intended purpose. It not only defined a legal framework, but provides the tools to ensure your business can rely on trusted customer or employee digital identities, that eCommerce transactions can be secured and documents can be processed, signed and archived electronically within your entire organisation as well as with your customers and business partners.

Equally important, your operational costs related to employee or customer onboarding can substantially be reduced when using eIDAS as a framework. At the same time, you can benefit from an increased cybersecurity maturity and reduced risk to cyber crime exposure or online fraud.