decentralized-id.github.io/_posts/government/europe/regulation/2020-01-06-eIDAS.md
2020-11-20 04:37:04 -05:00

77 lines
10 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
date: 2020-01-06
title: eIDAS - European Electronic Identification and Trust Services
excerpt: This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
categories: ["Government"]
tags: ["eIDAS","Europe"]
canonical_url: 'https://decentralized-id.com/government/europe/regulation/edias/'
permalink: /government/europe/regulation/eidas/
header:
image: /images/eidas-header.webp
teaser: /images/EIDAS_teaser.webp
redirect_from:
- /regulation/eidas/
- /government/europe/regulation/edias/
- /public-sector/europe/edias/
last_modified_at: 2020-01-06
---
* [EIDAS](https://www.eid.as/) - Regulation with linked TOC
* [Regulation (EU) No 910/2014 of the European Parliament](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG) and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
> (2) This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
>
> (3) Directive 1999/93/EC of the European Parliament and of the Council (3), dealt with electronic signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation enhances and expands the acquis of that Directive.
>
>
> (11) This Regulation should be applied in full compliance with the principles relating to the protection of personal data provided for in Directive 95/46/EC of the European Parliament and of the Council (7). In this respect, having regard to the principle of mutual recognition established by this Regulation, authentication for an online service should concern processing of only those identification data that are adequate, relevant and not excessive to grant access to that service online. Furthermore, requirements under Directive 95/46/EC concerning confidentiality and security of processing should be respected by trust service providers and supervisory bodies.
>
> (12) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to authenticate, for at least public services. This Regulation does not aim to intervene with regard to electronic identity management systems and related infrastructures established in Member States. The aim of this Regulation is to ensure that for access to cross-border online services offered by Member States, secure electronic identification and authentication is possible.
>
> (14) Some conditions need to be set out in this Regulation with regard to which electronic identification means have to be recognised and how the electronic identification schemes should be notified. Those conditions should help Member States to build the necessary trust in each others electronic identification schemes and to mutually recognise electronic identification means falling under their notified schemes. The principle of mutual recognition should apply if the notifying Member States electronic identification scheme meets the conditions of notification and the notification was published in the Official Journal of the European Union. However, the principle of mutual recognition should only relate to authentication for an online service. The access to those online services and their final delivery to the applicant should be closely linked to the right to receive such services under the conditions set out in national legislation.
* [Trust Services and Electronic identification (eID)](https://ec.europa.eu/digital-single-market/en/trust-services-and-eid)
> - ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU eID are available.
> - creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.
* [EU BLOCKCHAIN OBSERVATORY AND FORUM](https://www.eublockchainforum.eu/sites/default/files/reports/workshop_5_report_-_e-identity.pdf) - e-Identity, Brussels, November 7, 2018
> **eIDAS: Key Principles for Identity**
> - Cooperation between Member States
> - Reciprocity relying on defined levels of assurance
> - Mandatory cross-border mutual recognition of identifiers
> - Sovereignty of Member states to use or introduce means for eID at their national level
> - Full autonomy to the private sector
> - Interoperability framework
> - Member States can use different means of identification, but with the same functionality
> - The problem is not the technology, but the legal framework, the distribution of liability, and the question to know whether what is enforceable in country A is also enforceable in country B (for instance in the court).
* [eIDAS as guideline for the development of a pan European eID framework in FutureID](https://core.ac.uk/download/pdf/34614563.pdf)
> Abstract: This paper addresses the Regulation on Electronic transactions in the internal market: electronic identification and trust services (eIDAS) and analyses this regulatory framework in relation to the pan European eID infrastructure being developed in the FutureID project. The aim of this paper is to identify if eIDAS sets forward any legal requirements that need to be implemented in the FutureID infrastructure. Even though the focus of this paper is on the development of the FutureID infrastructure, the description of eIDAS and the analysis of its main requirements for technical developers are in general relevant to the development of online identification and authentication schemes.
* [EU Blockchain Observatory and Forum Report - Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf)
> **Section 19: Decentralised identity and the European regulatory landscape**
> * EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
>
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
## eDIAS and Self Sovereign Identity
[EIDAS SUPPORTED SELF-SOVEREIGN IDENTITY](https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf)
1. The DID / SSI approach to identity and Verifiable claims
2. The eIDAS Regulation
3. The need for verified identities
4. Linking the DID with the identity provided by eIDAS
5. Applying eIDAS to the Verifiable Claims lifecycle
> The purpose of this document is to stimulate the discussion on how identity management solutions based on the Decentralised Identity / Self-Sovereign Identity (SSI) paradigms can benefit from the trust framework created by the eIDAS Regulation.
{% include video id="AHa175AEVVs" provider="youtube" %}
* [FutureTrust Welcomes Kantara Initiative as an Associate Project Partner](https://kantarainitiative.org/futuretrust-welcomes-kantara-initiative-as-an-associate-project-partner/)
> BRUSSELS, 29th APRIL 2019 FutureTrust, a project supporting the practical implementation of eIDAS, today announced the Kantara Initiative as an Associate Project Partner. The Kantara Initiative is the only industry organisation focused on third party assessed digital identity and privacy assurance frameworks. It complements the talent of the existing FutureTrust partners, bringing a wealth of experience in operating trust frameworks.
* [go.eIDAS-Initiative launched across Europe and beyond](https://kantarainitiative.org/eidas-initiative-launched-across-europe-and-beyond/)
> WAKEFIELD, Mass., USA 2018/09/27. Europe is awaiting a major milestone for trustworthy electronic identification: The cross-border recognition of notified electronic identification systems (eID) will start on 29th of September 2018 across Europe. Against this background, leading European associations, projects and expert organisations in the sector of eID and trust joined forces to launch the non-profit go.eIDAS-Initiative today, which aims at supporting the widespread adoption of eID and trust services according to the eIDAS-Regulation (EU) No 910/2014.
{% include video id="ATXCzY-GM_U" provider="youtube" %}
* [Aligning SSI with European Union identity legislation (aka eIDAS Regulation)](https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/Aligning-SSI-with-European-Union-Identity-legislation-eIDAS.md)
> Although electronic identification under eIDAS Regulation is today clearly aligned with SAML-based infraestructures (see Opinion No. 2/2016 of the Cooperation Network on version 1.1 of the eIDAS Technical specifications, available at https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=37750723 and eIDAS eID Profile, available https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Profile), nothing in the eIDAS or its implementing acts should prevent the usage of a SSI system as an electronic identification means.
>
> Thus, the second use case considers a DID as an eIDAS compliant electronic identification means, enabling - at least - transactions with Public Sector authorities and Public Administrations and, if so decided by the DID creator, also with private sector entities.