The eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market is a milestone as it provides a predictable regulatory environment for electronic identification and trust services. It was established in EU Regulation № 910/2014 of 23 July 2014, which repeals Directive 1999/93/EC.
eIDAS has created standards for which electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof for authentication mechanisms enable electronic transactions with the same legal standing as transactions performed on paper.
The eIDAS Regulation came into effect in July 2014 and provisions to trusts services are applicable directly in the 28 Member States since 1th of July 2016.
The main changes introduced by eIDAS are the following:
The conformity assessment - in order to ensure the compliance of qualified trust service providers and the services they provide with the requirements set out in eIDAS - should be carried out by a conformity assessment body and the resulting conformity assessment reports should be submitted by the qualified trust service providers to the supervisory body.
The Commission Implementing Decision 2016/650, laid down standards for the security assessment of qualified signature and seal creation devices (QSCD) pursuant to Articles 30(3) and 39(2) of the Regulation. The Commission Implementing Decision 2016/650 specified the mandatory standards for the certification of QSCDs where the creation data is held in an entirely but not necessarily exclusively user-managed environment (e.g. smart cards, USB tokens) and - because the protection profiles/standards have not yet been defined for remote qualified electronic signatures (e.g HSM, signatory server) - laid down the framework for an alternative certification process.