Skip to content
Start your free trial
Autenti / Blog / eIDAS 2.0: Evolution of trust services
Legal & Security

eIDAS 2.0: Evolution of trust services

Reading time:

7 min

Date of publication:

In the ever-evolving landscape of digital identity and authentication, staying abreast of regulatory changes is paramount. The European Union's eIDAS regulation has been a cornerstone in facilitating secure electronic transactions across borders within the EU. With the introduction of eIDAS 2.0, there are significant updates and enhancements that warrant exploration.

eIDAS 2.0 vs eIDAS 1.0

Background: eIDAS 1.0

eIDAS 1.0 adopted in 2014 stands for "Electronic Identification, Authentication, and Trust Services". Its primary objective was to establish a framework for electronic identification and trust services for electronic transactions in the European Single Market.

Key provisions of eIDAS 1.0 includes:

  • Mutual recognition: Ensuring that electronic identification means (eIDs) and certificates issued by one Member State are recognized and accepted in others, fostering cross-border interoperability.
  • Trust services: Setting standards for electronic signatures, seals, time stamps, and electronic delivery services to enhance security and legal certainty in electronic transactions.
  • Legal framework: Providing a legal basis for electronic signatures and other trust services, ensuring their validity and enforceability across EU Member States.

 

What is eIDAS 2.0?

eIDAS 2.0 is an updated version of the European Union’s eIDAS (Electronic Identification, Authentication, and Trust Services) regulation, which aims to enhance the framework for secure electronic transactions across EU Member States. Building on the foundation of the original eIDAS regulation, adopted in 2014, eIDAS 2.0 introduces new provisions to address emerging challenges and opportunities in the digital landscape. Key updates include the introduction of the European Digital Identity Wallet, new trust services like attribute attestation and ledger services, and stricter security requirements. The goal of eIDAS 2.0 is to foster greater trust, security, and interoperability in electronic identification and trust services, facilitating seamless cross-border digital interactions within the EU.

New trust services:

eIDAS 2.0 extends the scope of Trust Services adding new regulated services to the list, such as:

  • European Digital Identity Wallet, is designed to provide secure, trusted and seamless cross-border access to public and private services, while maintaining full control over data. European Union countries are required to implement at least one digital identity wallet.
  • Attribute attestation service, that as described in the Preamble of eIDS 2.0 might be significant to reduce the administrative burden by allowing EU citizens and residents to use these attributes in private and public transactions, especially towards AML processes in financial services sector,
  • Archiving service, which will be crucial for securing integrity of documents for a longer time period, thanks to Trusted Third Party,
    Ledger service, that might be interesting for securing a unique and accurate chronological sequence and data integrity,
  • Managed Remote Qualified Signature Creation Device, as a separate service for handling issued certificates for signature or seal creation. 


Key differences and enhancements in eIDAS 2.0:

  • Non-qualified trust service providers: eiDAS 2.0 introducing requirements not only for qualified, but also for non-qualified Trust Service providers, which is a significant change. Thanks to this, the recognition of non-qualfiied trust services will be even higher.
  • Enhanced security measures: With the proliferation of cyber threats, eIDAS 2.0 introduces stricter security requirements and certification schemes to bolster the resilience of electronic identification and trust services. Trust service providers are  considered as supervised under the Directive NIS2, which means that NIS2 requirements must be met.
  • Interoperability and accessibility: Recognizing the importance of seamless cross-border transactions and accessibility for all citizens, eIDAS 2.0 emphasizes interoperability between different electronic identification systems and ensures compliance with accessibility standards.
  • Digital innovation: eIDAS 2.0 fosters innovation by promoting the use of emerging technologies and interoperable solutions to drive digital transformation across sectors.

Why was the update of eIDAS necessary?

Amendment of the eIDAS Regulation presents both challenges and opportunities for providers, businesses, governments, and citizens alike. It is worth mentioning, that while adapting new technology may require some investments, the benefits of enhanced security, interoperability, and digital innovation of trust services cannot be overstated. The legal safeguards (effects and presumptions) assigned to each trust service are a unique tool to help cover the risks of both consumers and businesses.

As we navigate the digital transformation journey, eIDAS continues to be a cornerstone in building trust and facilitating secure electronic transactions by using services provided by qualified and non-qualified providers. The transition to eIDAS 2.0 marks a significant milestone in this journey, paving the way for a more secure, interoperable, and innovative digital future. Especially when ESG regulations and requirements are expanding across business.

By understanding the differences between eIDAS 1.0 and eIDAS 2.0, businesses and governments can leverage the opportunities presented by the new regulation to drive digital growth and empower citizens in the digital age.

When will eIDAS 2.0 come into effect?

The amendment to the eIDAS Regulation entered into force on 20 May 2024, however, it also includes transitional periods or deadlines for the European Commission to develop implementing acts for specific trust services. For example, Article 5a of the eIDAS Regulation obliges EU Member States to provide at least one European Identity Wallet within 24 months of the entry into force of implementing acts setting out reference standards.

Learn how we can help you speed up your business processes by using Trust Services described in eIDAS and to implement compliant document workflow solutions. Schedule a free expert consultation here:

Book a demo


Sources:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32024R1183 
https://data.consilium.europa.eu/doc/document/PE-68-2023-INIT/en/pdf  

Agata Kolorz

Information Security Compliance Manager, Data Protection Officer (DPO)