The success of the EU’s Digital Single Market requires secure cross-border electronic transactions. Reliable electronic identification (eID) and trust services such as the creation and verification of electronic signatures are essential. eIDAS Regulation ensures seamless eID and trust across the EU.
The eIDAS Regulation (EU) No 910/2014 applies to electronic identification and trust services for electronic transactions in the European internal market. Its purpose is to provide a predictable regulatory environment for secure and seamless electronic transactions between businesses, citizens and public authorities.
The European law applies to all EU member countries, which must be in compliance with eIDAS ordinance as well as ETSI TS 319.403 regulations. One of the key functions of the regulation is to define and recognize electronic signatures as legally binding. It identifies three different levels of electronic signature:
- Electronic Signatures (ES) are basic signatures in electronic form. With eIDAS, eSignatures are recognized legally and can’t be denied legal acceptance because they are digital.
- Advanced Electronic Signatures (AdES) require a higher level of security typically met with certificate-based digital IDs. AdES must be uniquely linked to the signatory, can authenticate the signer and the document, and enable the verification of the integrity of the signed agreement.
- Qualified Electronic Signatures (QES) must also be uniquely linked to the signatory, but are further required to be based on qualified certificates. Qualified certificates can only be issued by a certificate authority (CA) which is certified by an accredited Conformity Assessment Body (CAB) such as KPMG and supervised by authorities designated by EU member states.
How Swiss companies benefit from eIDAS
Under the eIDAS Regulation, a citizen’s electronic ID must be recognized equally well in any EU member state for all government services from casting votes, filing tax returns to access to bank accounts. To ensure trust in these services, the regulation requires that systems and service providers are qualified against specific requirements audited periodically to keep their status current.
Swiss companies benefit from eIDAS Regulation because it:
- ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available.
- creates a European internal market for electronic Trust Services (eTS) such as electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication. It ensures that eTS work across borders and hold the same legal status as traditional paper-based processes. By providing certainty on the legal validity of all these services, eIDAS paves the way for digital interaction to become the “new normal” for both business and citizens.
- requires that government and public commercial services recognize standard signature formats and pan-European identities. This applies to services associated with tax statements, insurance contracts, banking agreements, business-to-business electronic invoicing and pharmaceutical records. It also applies to commercial services that require an EU identity, for example, so-called “know your customer” services in banking. In addition, any trust services associated with these activities will be regulated by eIDAS.
Are you certified under eIDAS as a ‘trusted company’?
The success of the EU’s Digital Single Market requires secure cross-border electronic transactions. To gain access to these markets, we recommend Swiss companies undergo eIDAS certification. This is essential, not only due to the legal liability requirements on e-ID profiles, but also to certify the standards within the secure architecture such as: signature profiles; stringent e-ID validation; and strict compliance requirements regarding the algorithms used to support international communication.
The main benefits of gaining eIDAS certification as a trusted company include:
- Certified trusted companies provide trust to their clients (e.g. banking transactions, government- and purchasing transactions).
- Swiss companies facilitate the provision of cross-border services and allow companies to operate outside their borders. EU legal requirements must be implemented to exchange secure data via the Internet.
- Certified trusted companies ensure that their environment (e.g. legal framework, procedures, operations and architecture) complies with the European law and is, therefore, a secure way to communicate between European member states and international countries. Clarifying how to effectively and correctly implement the eIDAS legal and process control framework reduces risks arising from communication breakdowns across legal jurisdictions.
As a recognized Conformity Assessment Body (CAB), KPMG provides certification services for all relevant e-services towards e-ID applications. KPMG’s CAB certification is accredited by the German Accreditation Body DAkkS and BundesNetzAgentur (BNetzA) according to ISO / IEC 17065 and EU-standard ETSI EN 319 403.
Our services & further information:
- Factsheet: eIDAS Certification
- Factsheet: KPMG’s Certification Compliance and Methodology
- Information Protection and Business Resilience