On 20 May 2024, eIDAS2 Regulation, which establishes the European Digital Identity Framework, came into force. This act, adopted by the European Parliament and the Council of the European Union, extends the scope of the original act that has been in force for nearly 10 years, i.e. eIDAS Regulation, and adapts it to the current reality.
The original eIDAS Regulation1 aimed to create a single market for electronic identification and trust services in the EU. It was (and still is) a key legal act from the point of view of regulating aspects such as electronic signatures or authentication. However, in the meantime, new challenges have emerged due to digitalization of the private and official sectors, which in turn have necessitated an update of the legislation.
The new regulation, i.e. eIDAS22, was mainly based on the growing need for ensuring a secure and interoperable digital identity in the European Union. In the age of digitalization, EU citizens are increasingly using online services (in addition, the recent SARS-COV2 pandemic has contributed to the increase in digital activity), which requires robust and trusted authentication and identification mechanisms.
In response to those needs, and in order to facilitate cross-border transactions and enhance e-security, the European legislator has adopted new rules. The amendment aims to harmonize national regulations on electronic signatures, thanks to which a single and cross-border digital market is to be created. eIDAS2, together with other eIDAS provisions, is intended to eliminate the fragmentation of the digital market and lead to its full integration so that the same rules apply throughout the European Union.
The main novelty introduced by eIDAS2 Regulation is the European Digital Identity Wallet (EDIW), which will enable EU citizens and residents to securely store and share personal data and digital documents. EDIW will be available and interoperable throughout the European Union, which means that it will be recognized and accepted by each of the EU Member States.
The Regulation has strengthened the security requirements for trust services (i.e. services including, among other things, the creation, verification and validation of electronic signatures and seals and website authentication certificates). Providers of those services will have to comply with stricter standards to ensure that users’ personal data is better protected against cyber threats. This includes things such as internal security audits as well as external certification by accredited bodies. The rules for issuing qualified certificates are changing. eIDAS2 Regulation also introduces new trust services such as the issuance of attribute confirmations, electronic archiving and entry in a distributed register.
eIDAS2 Regulation has a potentially significant impact on business in the EU. Mutual recognition of electronic IDs issued by individual Member States will make it easier for businesses to establish cooperation with business partners from other EU countries, as well as easier access to new markets and better conditions for international expansion.
Increased security requirements and certification of trust services should contribute to increasing customer trust in digital services by increasing security assurance and proper protection of personal data.
The introduction of EPTC and uniform certification procedures will reduce the administrative costs associated with the management of digital data and trust services. Businesses will no longer have to adapt to different national requirements in different Member States, simplifying internal processes and significantly speeding up procedures.
From a business perspective, eIDAS Regulation presents both challenges and opportunities.
On the one hand, businesses will have to adapt to new safety requirements and certification procedures, which may entail the need to invest in new technologies and training. On the other hand, the new regulations will give business an access to wider business opportunities and broader international cooperation.
Rapid adoption of new solutions and adaptation to new requirements can benefit from increased customer trust and simpler administrative procedures. The long-term objectives and impacts of eIDAS2 are to create a more integrated and secure digital market in the EU.
New technologies – see how we can help.
[1] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
[2] Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards the establishment of a European framework for digital identity
No entries found
ul. Hrubieszowska 2
01-209 Warszawa
Polska
+48 22 295 33 00
contact@tgc.eu
NIP: 525-22-71-480, KRS: 0000167447,
REGON: 01551820200000. Sąd Rejonowy dla
m.st. Warszawy, XII Wydział Gospodarczy