In the fast-growing digital world, trust is essential to facilitate exchanges and many regulations are now emerging to secure them.
The eIDAS Regulation is part of this. It aims to enhance trust in electronic transactions within the internal market. This regulation applies to electronic identification, trust services and electronic documents. Its purpose is to establish an interoperability framework for the different systems in place in the Member States. It also promotes the development of a market for digital trust.
The eIDAS Regulation replaces Directive 1999/93/EC, which scope was limited to electronic signatures. Effective from July 2016, the eIDAS aims to establish a common basis for secure electronic interactions between citizens, businesses and public authorities.
The eIDAS Regulation standardised electronic transactions in the Member States by providing three levels of reliability and assurance for electronic signatures :
The eIDAS regulation also introduced a fourth type of signature: a “digital seal”. Reserved for legal entities, it guarantees the origin and integrity of the associated data. For more information on our eIDAS-compliant electronic signature service, please visit Check’nSign.
As far as identification schemes are concerned, eIDAS defines three levels of assurance :
The eIDAS regulation mainly affects public sector organisations and trusted service providers established in the European Union. The regulation enables to control trusted service providers, and ensures secure transactions between users, providers and administrative authorities.
If your company uses an electronic signature or an identity verification solution[1], then the eIDAS Regulation has a direct impact on you. To guarantee the legal value of your KYC or electronic signature processes, you must ensure that the solution you use complies with the requirements of the eIDAS Regulation. In other words, that the trusted service provider you chose has all the relevant authorisations.
The eIDAS Regulation defines obligations for all trusted service providers or Certification Authorities, whether qualified or not. Member States established sanctions in case of non-respect. These service providers must:
Trust service providers are liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with their obligations. The burden of proving intention or negligence of a non-qualified trust service provider shall lie with the natural or legal person claiming the damage.
ARIADNEXT is recognised as a trust service provider in accordance with Article 3 (paragraph 19) of the eiDAS Regulation. The conformity of our services is regularly assessed by the ANSSI (National Cybersecurity Agency of France) and the certifications obtained are publicly available.
Our Check’nSign electronic signature solutions are fully compliant with the eIDAS regulation at LCP level (ETSI EN 319 411-1).
Our automated identity verification solutions IDCheck.io are currently being evaluated by the ANSSI services for a substantial level of assurance.