Share on :
The recent adoption of the eIDAS V2 regulationregulation, also known as the eIDAS 2.0 regulation, brings significant changes to the legal framework for transactions within the European Union (EU).. This regulation aims to fill the gaps left by the previous regulation, eIDAS V1, by improving security, interoperability and access to digital services within member states.
So what are the changes changes ahead for ? How to choose an eIDAS V2-compliant tool ? The aim of this article is to provide you with a comprehensive overview of the subject.
eIDAS V2 Regulation: definition and reasons for adoption
The origins of the European eIDAS V2 regulation
The eIDAS V1 regulation (electronic IDentification, Authentication and trust Services)officially adopted in 2014, established a uniform framework for the recognition of digital identities and trust services across the European Union. The regulation aims to facilitate secure electronic transactions between citizens, businesses and public authorities, by ensuring the legality and reliability of electronic signatures and other trust services such as electronic stamps and time stamps. Complementing French regulations (notablyarticle 1367 of the Civil Code), eIDAS V1 has helped harmonize practices in France.
The limits of the European eIDAS V1 regulation
The eIDAS V2 regulation introduces new measures to address the main shortcomings of the first version of the regulation:
- Although eIDAS V1 has standardized certain services, it has not exhaustively covered all aspects all aspects of digital transactionsleaving certain services, such as electronic archiving and digital identification, without a clear framework.
- L'non-uniform application of eIDAS V1 within Member States, hampering the interoperability and fluidity of cross-border digital services.
- A lack of clarity in some of the regulation's of the regulation has led to varying interpretations, complicating its uniform implementation across the EU.
- eIDAS V1 did not adaptations needed to integrate to incorporate technological advances such as blockchain and artificial intelligence (AI), thus limiting its ability to support digital innovation.
eIDAS V2 was therefore designed to overcome the shortcomings of eIDAS V1. This regulation is to :
- Cover a wider range of digital servicesto ensure complete coverage of secure electronic transaction needs.
- Clarify ambiguous provisions to harmonize practices across the EU.
- Strengthening digital trust by setting higher standards and integrating new technologies.
The main improvements introduced by the eIDAS V2 regulation
eIDAS V2 brings a number of improvements over its predecessor, designed to enhance security, improve interoperability and extend the functionality of trust services within the European Union.
-
-
European digital identity portfolios (PEIN)
The PEIN will be offered to citizens and residents of each member state. If they so wish, they will be able to centrally manage their digital identificationsand other electronic documents and certificates. These electronic means of identification will have to be accepted by the majority of public administrations, private players and platforms.
These portfolios ensure high level of security leading to certification. They should be free of charge for individuals, and offer them complete control over their data, enabling them to choose when and how this information is shared and used.
Expanding trusted services
New services, overlooked by the first version of the regulation, are included in the trust services by eIDAS V2. These include
- The electronic signature generated remotely from a qualified;
- Website authentication certificates ;
- Issuance of electronic attribute certificates ;
- Electronic archiving services ;
- Electronic registers.
More supervised online e-services for greater security!
Enhanced security requirements for advanced electronic signatures
Until now advanced electronic signature suffered from a a lack of clear definition and uniformity in its application within the EU:
- Historically, ETSI standard EN 319 411-1 has served as the main reference for the production of electronic certificates used by many service providers.
- However, this standard was not universally adopted, creating a scattering of practices and a certain opacity in the market.
These issues have been highlighted by European legislators and judges, who are increasingly aware of the legal implications of electronic signatures.
To address these challenges, eIDAS V2 provides that, within 24 months of its entry into forcethe European Commission must assess the need to develop and implement more precise more precise reference standards for advanced electronic signatures. The aim is to clarify and standardize what qualifies a signature as "advanced", building on the foundations established by the ETSI standard and potentially other new criteria. This will facilitate uniform recognition of the validity and security of advanced electronic signatures across the EU.
New penalties for non-compliance with the eIDAS V2 regulation
eIDAS V2 introduces reinforced sanction measures to ensure strict compliance with standards by all trust service providers operating in the European Union.
In the event of non-compliance, service providers are liable to fines of up to 5 million euros or 1% of the total worldwide annual sales of the group to which they belong. This approach aims to proportion penalties to the size and economic impact of the company, ensuring that penalties are both dissuasive and fair.
When does eIDAS V2 come into force?
Here is a summary of the adoption and date of entry into force of the eIDAS V2 regulation:
- It was formally adopted by the European Parliament on February 29, 2024.
- Then, by the Council of the European Union on March 26, 2024.
- The regulation will come into force on May 20.
This means that the provisions of the eIDAS V2 regulation are now applicable. However, certain aspects of the regulation cannot be applied as they stand. This is particularly the case for those requiring technical clarification or the implementation of new infrastructures. A adaptation period of 24 months is provided for this purpose.
Good to know: It's important for companies and organizations operating in the EU to note these deadlines and prepare accordingly to ensure they are fully compliant with the new requirements in good time.
What challenges doeseIDAS 2.0 pose for companies?
The eIDAS V2 regulation poses a number of challenges for companies. Here are the main challenges identified:
- Regulatory compliance eIDAS V2: Companies need to adapt their business practices and IT systems to meet the new legal requirements of eIDAS V2. This often means updating existing systems.
- Updating IT systems eIDAS V2: To integrate the new eIDAS V2-compliant solutions for electronic signature, digital identification and other trust services, companies need to review or rebuild their IT infrastructures, which can be a complex and costly process.
- Training and awareness Training and awareness: It's essential to ensure that staff understand the new standards and practices introduced by eIDAS V2. Security and compliance training and awareness are crucial to a successful transition.
-
-
Good to know: Don't panic: most concrete changes are subject to publication within 6 to 24 months, depending on the corresponding implementing acts. So you still have time to adapt!
How do I choose an eIDAS V2-compliant electronic signature provider?
Here are some key criteria and steps to consider when choosing a trusted service provider to secure your company's digital transactions:
- Check that the service provider delivers eIDAS eIDAS V2-qualified for the levels of electronic signature you plan to use (advanced and qualified, i.e. nothing has changed compared to eIDAS V1 for the simple signature).
- Ensure that the service provider complies with technical standards, such as those defined by ETSI (European Telecommunications Standards Institute), which is responsible for creating specifications and standards for electronic signatures. In particular, the EN 319 401 standard enables the practices of trust service providers to be assessed by certification bodies approved by the highest French and European security authorities, such asANSSI and COFRAC.
- Examine security measures implemented by the service provider to protect data and electronic signature processes.
- Choose a service provider with experience and a good reputation in the field of digital trust services.
- Visit customer testimonialscase studies and online reviews can provide valuable insights into the reliability and quality of our services.
- Consider additional services that could benefit your business, such as electronic time-stamping, qualified electronic archiving or digital identity management.
- Make sure that solution remains compliant with applicable regulations, relieving you of the need to keep a close watch on these issues and ensure compliance.
- Choose a service provider capable of delivering customizable solutionsthat can be adapted to your company's specific needs and easily integrated into your existing systems.
Lex Enterprise: a complete, eIDAS V2-compliant electronic signature solution
Lex Persona is a leading provider of electronic signature solutions. We are committed to ensuring the legality and security of digital transactions for European companies, thanks to a comprehensive comprehensive signature tooloffering you :
- A complete range of services Lex Persona offers simple, advanced and qualified signatures, enabling companies to choose the right level of security for each transaction, using a single tool.
- Customization and integration With highly customizable solutions (white label available) and a free API, Lex Persona guarantees seamless integration with existing business systems and applications. This facilitates adoption without disrupting current operations.
- Compliance and security Lex Persona's solutions are regularly updated to comply with the latest regulations, such as eIDAS V2, thanks to robust security measures to protect data and signature processes.
- Customer support : We support you every step of the way, from choosing the rightelectronic signature toolto deployment. You also benefit from ongoing technical support, ensuring an optimal user experience.
Choose Lex Persona for your electronic signatures is to benefit from a complete, secure solution that always complies with applicable standards. Would you like to discover our complete range of tools for your digital transactions?
Register for our next webinar. ⬇️