Regulation (EU) 910/2014, known as eIDAS Regulation (“electronic Identification, Authentication, and trust Services”), is a European regulatory framework that establishes a set of rules and standards for electronic identification and trust services in the member countries of the European Union.
This regulation is under revision, and a new version known as eIDAS 2 will be released in the coming months. This update aims to renew and improve the original eIDAS regulation to adapt it to technological advances and the new needs of the EU digital market.
eIDAS, laying the foundations for electronic identification
The eIDAS regulation came into force on July 1, 2016. Until then, Directive 1999/93/EC had regulated electronic identification services. This regulation recognized the validity of electronic signatures, which were considered equivalent to handwritten signatures and were given validity in court.
However, as with directives at the European level, these are interpretable for each Member State, so the recognition and validity of electronic signatures between different countries and their courts was a complication.
With the creation of the eIDAS Regulation, a direct application of the regulations has been achieved, and a common framework for all member states.
It should be noted that although the eIDAS regulation came into force in 2016, some of its requirements have been implemented progressively following the deadlines set out.
Since entering force, eIDAS has significantly impacted the EU digital single market by establishing a framework for electronic identification, electronic signatures, and trust services that enable secure and frictionless cross-border electronic transactions.
What is eIDAS 2? Towards a digital identity
There is no specific regulation called “eIDAS 2”. However, in September 2020, the European Commission presented a proposal to update the eIDAS Regulation, commonly known as “eIDAS 2”. This proposal is currently under negotiation in European bodies and has yet to be adopted.
The eIDAS 2 proposal aims to update and improve the existing eIDAS regulation to drive digital transformation in the EU further and adapt to the ever-evolving technological and societal changes.
When will eIDAS 2 come into force?
It has yet to be known when eIDAS 2.0 will enter into force, as the proposal is still under negotiation and has yet to be formally adopted by the European Union.
However, the European Commission has published a roadmap to implement eIDAS 2. The roadmap sets out a timeline for the review and adoption of the proposed Regulation and its implementation by Member States and providers of electronic identification services and trust services.
The proposal is currently in negotiation, expected to last until 2024. After that date, Member States will begin implementation.
It is important to note that the roadmap is a preliminary plan, and the timeline may change as the review and adoption process progresses.
Once the eIDAS 2 Regulation is adopted, it must be published in the Official Journal of the European Union and will enter into force 20 days after publication.
What are the differences between eIDAS and eIDAS 2?
The main new features that eIDAS 2 will introduce over the current framework of the eIDAS Regulation are:
- Expand the scope of the regulation to include additional cross-border digital services, such as authentication and device identification.
- Strengthen the security and privacy of electronic identities and trusted services.
- Establish a framework for the creation and use of digital identities. These so-called identity wallets allow individuals and businesses to create and use digital identities without government verification.
- Simplify digital identities and trust services in public procurement processes and improve interoperability between national systems.