In July, the Council of the European Union adopted a Regulation on electronic identification and trust services for electronic transactions (‘Regulation’). The Regulation is part of the Commission’s Digital Agenda for Europe, which promotes the benefits of a digital single market and cross-border digital services.
The Regulation will replace Directive (1999/93/EC) on electronic signatures and address its shortcomings. In particular, trust in electronic transactions is increased by creating a common foundation for secure electronic interaction between citizens, businesses and authorities. Essential to this development is that Member States should build the necessary trust in each other’s electronic identification schemes and the level of data security provided by them.
One shortcoming of the current system is that citizens are unable to use their electronic identification to authenticate themselves in another Member State because the national electronic identification scheme in their countries is not recognized in other Member States.
The Regulation will implement several measures, including:
- Mutual recognition of electronic identification and authentication systems, where they comply with the conditions of notification and have been notified to the Commission.
- Rules concerning trust services, including the creation and verification of electronic time stamps and electronic registered delivery services. This is a substantial enhancement of the previous position, under which EU provisions only existed for electronic signatures.
Under the Regulation, trust service providers will be under a duty to apply security practices that are appropriate for the level of risk presented by their activities. In addition, these services will be subject to a regulatory regime and liability in the event that damage is caused to any company or person through a failure to comply with this regime.
The Regulation will come into full force in July 2016.