The eIDAS Regulation and its implementing acts for the area of eID
Article
Authorities can find the legal basis for implementing the eIDAS regulation here
Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1990/93/EC (eIDAS Regulation)
The eIDAS Regulation includes provisions on electronic identification and electronic trust services which are binding for all EU member states. The regulation creates a standard framework for the cross-border use of electronic means of identification and trust services.
Commission Implementing Decision (EU) 2015/296 of 24 February 2015 establishing procedural arrangements for cooperation between Member States on electronic identification pursuant to Article 12(7) of Regulation (EU) No 910/2014
The EU member states are required to cooperate in order to ensure the interoperability and security of their electronic identification systems. This decision covers methods for information-sharing and establishes a cooperation network chaired by the European Commission and made up of representatives of the member states and the countries of the European Economic Area.
Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014
This regulation lays the groundwork for a technical platform creating an interface between the various eID systems to achieve interoperability.
Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014
The eIDAS Regulation sets minimum technical specifications and procedures for assurance levels for electronic identification. It distinguishes between low, substantial and high assurance levels. Criteria for/examples of eID systems for the various assurance levels:
- low: at least one authentication factor (such as user name and password);
- substantial: at least two authentication factors from different categories (such as software certificate, mTAN);
high: must also ensure protection against duplication and forgery (e.g. the eID function of the national ID card and electronic residence permit, hardware certificate). - For its own administrative service, each member state must recognize other member states’ electronic means of identification whose assurance “corresponds to an assurance level equal to or higher than the assurance level required by the relevant public sector body to access that service online” in the first member state (Article 6 of the eIDAS Regulation).
Commission Implementing Decision (EU) 2015/1984 of 3 November 2015 defining the circumstances, formats and procedures of notification pursuant to Article 9(5) of Regulation (EU) No 910/2014
This implementing decision defines the procedural arrangements for notifying the European Commission of an electronic identification system. These include describing the technical specifications of the system, defining and justifying the assurance levels and answering questions concerning monitoring, liability, etc. Following notification, the other member states conduct a peer review of the system. This peer review is required by Article 12 of the eIDAS Regulation and described in greater detail in Commission Implementing Decision (EU) 2015/296. It is the responsibility of the cooperation network.