The EIDAS Regulation Is Coming. How Can Banks Benefit?

by Guillaume Forget 0

As of 1st July 2016, the first phase of the EU’s new regulation on electronic identification, eIDAS, will become enforceable. But amid all the confusion about its implications among both EU banking executives and their security experts, Guillaume Forget, Director of Product Management at Cryptomathic explores why banks still have a lot to be excited about.

The intent behind the Electronic Identification and Trust Services (eIDAS) regulation is straight forward enough: offer a common legal framework, make it easier for citizens and businesses within member states of the European Union to embark on the digital journey, and give e-transactions and other e-signed documents the same legal status as those that are paper-based. Electronic signatures lie at the heart of this initiative and common technical standards are the key to making it all happen. The desired result? A more connected and more commercially efficient single European market.

Why are so many bankers and IT experts having a hard time understanding which e-signature standards to follow?
The confusion we’re seeing today amongst senior decision makers is largely due to the transitional journey that the regulation has taken to reach this point. Until now, the main compliance reference has been the EU Directive from 1999[1], which focused primarily on certificate provisioning and chip based secure signature creation devices (SSCDs), leaving large parts of the trust model in the hands of national agencies. This resulted in discordant legal and compliance requirements and numerous loopholes across the EU member states.

eIDAS, however, is quite different. It delivers an EU regulation which has a much wider application scope[2], covering almost the entire trust chain including sealing, validation, time stamping and central signing, making it far more suited to the delivery of a browser and mobile device friendly user experience. As a regulation, eIDAS is much more powerful and unambiguous than its predecessor. Member states must observe and transpose the regulation directly into national law. The regulation’s Trust Service also delivers the EU Trust List with constitutive effect, meaning that a provider or service will only be qualified if it appears in the Trusted List.

From 1st July 2016, the eIDAS deliverables supersede all previous work in all EU member states and replace it with this new framework.

eIDAS: A strong business enabler for banks
With this new milestone and transparent, straightforward approach in place, banks, together with a variety of other industries, will have a great set of compliance tools which are both valid across Europe and fully interoperable. This will allow them, finally, to offer a fully end-to-end digital experience to their users, and foster more innovation as a result.

eIDAS will transform the entire operations of many banks. Once the customer has passed AML verifications and can be granted a trusted identity, they will be able to conduct all of their banking activities digitally. This means that banks will benefit from a binding commitment which is the legal equivalent of a hand written signature when a customer e-signs a document. This will enable the bank to complete its transition to a fully digital services environment. They will also benefit from non-repudiation in electronic transactions, cross border interoperability, considerable savings in document management and a more modern client relationship, one that is in line with today’s expectations for digital services.

So, what should banks do now to position themselves appropriately for eIDAS?
Many banks have sidelined e-signature management to innovation teams of two or three people. These banks now need to generate far greater awareness of eIDAS’ tremendous potential. The regulation impacts numerous departments across the bank, including business, compliance and risk management, security, IT, electronic and mobile banking solutions and more.

Preparing fully for eIDAS means:
1)