We are proud to have recently supplied a draft legal action plan for the Slovenian Ministry of Public Administration in relation to the legal aspects of EU eIDAS Regulation. But what is there for European businesses in the new Regulation?
Anyone reading the eIDAS Regulation would initially be confused: the document deals with two very related topics, so related that one could easily say they are two sides of the same coin: e-identification and e-trust services, the latter including e-signatures. If I electronically sign an online document, my private and public keys would be linked to a certificate that identifies me, so my e-identity in the certificate would be closely linked to the trust service.
Yet the topics are regulated separately: e-trust services are provided in a regulated yet open market. E-identification schemes are only what Member States want them to be. Like birth certificates and passports, they belong to the good old-fashioned state monopoly even if they happen to be provided by private concessionaires. A certificate issued for e-signatures can therefore be part of a trust service – but it can at the same time be used as means of e-identification if recognised as such by an EU Member State government.
The real potential of the eIDAS Regulation is to make it much easier for individuals and businesses to operate across Member State borders. European businesses should find it less complicated asking for administrative permits online or filing in court proceedings in another Member State. E-identities should become as portable across European borders as are Member State identity cards.
However, the real ambit of the eIDAS Regulation will depend on Member States’ own ambitions: the more services they put online for their own citizens, the more benefits will be reaped by other Member States’ businesses and individuals. And this goes vice versa for setting up national e-identification schemes for Member States’ own citizens: if Member States want their businesses’ or individuals’ e-identity to be EU-portable, they need to grant them one in the first place.
Latest posts by Bostjan Makarovic (see all)
- ‘GDPR practitioner’ ? I prefer ‘privacy professional’ instead - July 18, 2017
- Why appointing Data Protection Officer is not the first step in GDPR compliance - July 6, 2017
- GDPR adaptation – what does it comprise? - June 15, 2017