The EIDAS certificate or today's digital trust
To enable individuals to identify themselves digitally, there are several devices that have been put in place over time. In order to regulate their use and to guarantee a certain level of security for users, the eIDAS regulation has been put in place at European level. This was a good start and provided a framework, which is now set to evolve thanks to the European digital identity project.
So what is the new eIDAS regulation proposal? What are the upcoming changes at European level? How does Archipels intervene with its dedicated digital identity solution?
What is the eIDAS Regulation?
In the same vein as the RGS, the eIDAS (Electronic IDentification And Trust Services) regulation is a regulation governing electronic identification and trust services for electronic transactions. The eIDAS regulation concerns 27 Member States of the European Community, which makes it possible to have a certain uniformity on the legislation applicable in each of the Member States.
The eIDAS Regulation is therefore used by citizens, but also by businesses and public authorities. It enables secure cross-border electronic transactions, contributes to transparency and standardisation in the market, provides traceability, facilitates administrative procedures, improves the confidence and flexibility of many devices and guarantees a good level of security, particularly in terms of digital identity.
The eIDAS certificate
Trust services that comply with the eIDAS regulation thus have the eIDAS certificate, which enables them to prove that the services offered comply with the various European regulations in force. The eIDAS regulation is therefore a real standard on which to rely when offering a trust service to users in terms of electronic identification.
This certificate is used by companies to prove that they are in compliance with the security requirements in France and Europe. This type of certificate is therefore only awarded to a company that complies with these standards and has a qualified authentication system. It is therefore permissible to doubt a company offering a security system without a certificate, as the solutions it offers may not be sufficiently reliable or meet the requirements of the standards in force.
The example of the electronic signature
The electronic signature is an excellent example of what certificates can do for businesses. Today, it is quite possible to use an online signature for a contract or any other kind of document. The documents will therefore be signed electronically and will generally be time-stamped. However, this security feature will require authentication of the signatory of the documents in order to obtain a qualified time-stamped signature. Without this, the company's word on the authenticity of the signature may be questioned.
A company that has a certificate will have a secure signature and document authentication facility, which ensures that the solutions for getting documents signed by its customers are secure. A company that does not know how to offer a secure document signature can also call on an external service provider who has the appropriate certification and who will provide the necessary solutions.
Complementarity with the RGS
If we are interested in qualified solutions for data and exchange security, we can also mention the RGS. The RGS or General Security Reference System was introduced in 2010 and aims to protect exchanges between French administrations and also between them and users. Here too, it is a question of implementing qualified solutions dedicated to ensuring the authentication of individuals, but also the protection of documents and data in the more general sense.
The RGS is therefore another device that complements the eIDAS. As the eIDAS certificate tends to be deployed throughout Europe and to various sectors, it could gradually replace the RGS.
Safety requirements in France, but not only...
In France, it is the interministerial directorate of the digital and information and communication system of the State (DINSIC) which is to be contacted for electronic identification and the National Agency for Information Systems Security (ANSSI) is in charge of establishing the applicable requirements, but also of evaluating the level of guarantee of electronic identification means.
Moreover, the eIDAS regulation will be required to intervene in the framework of the implementation of a digital identity accessible to all citizens and secured in Europe. Taking into account the different points established by the eIDAS regulation will therefore be all the more decisive to offer a compliant digital identity service.
The European Digital Identity Project
In a State of the Union 2020 speech, the President of the European Commission spoke of a proposal for a secure European digital identity that would allow every citizen to identify themselves securely, while being able to see how their data is used.
The question of the destination of the data
Indeed, the question of what happens to the data associated with the multiple digital identities of each individual is being raised more and more frequently, which is why the European Commission intends to remedy this by proposing a single system that is secure and accessible throughout Europe. In this sense, the Commission proposed in June 2021 a new regulation for the establishment of a European digital identity (EUid) which is therefore directly linked to the eIDAS regulation.
Although the project has yet to be voted on by the European Parliament and the Council of Europe, it seems to be very appealing, especially as it will allow a European implementation of the decentralised identity.
What are the consequences of this new system?
This proposal should therefore have an impact on innovation, international trade and influence the EU's competitiveness by contributing to its economic growth. Employment should also benefit, as many new jobs will be created for the implementation of these new systems. Businesses, for their part, will be able to offer an ever more secure identification system, but also to reduce costs, particularly in terms of customer onboarding.
The creation of dedicated services
As part of the implementation of this new European digital identity, certain adjustments will have to be made and services will be offered to users to make the use of this new system as simple as possible. In particular, the proposed EUID regulation requires Member States to make a European digital wallet available free of charge. It can be used throughout the EU to identify oneself for access to public sector services. This European solution will therefore make it even easier for users to use many services.
As far as the private sector is concerned, new services related to the European digital identity may also emerge. These include services related to electronic attestations of attributes and electronic registry. It will be possible to issue electronic certificates which will be able to interact with the European portfolio and which will have the same legal value as the paper version.
How does Archipels respond to this logic of new eIDAS arguments?
Archipels' primary mission is to develop the standard for decentralised, secure and verified identity in compliance with European standards. This means that we closely follow the slightest evolution of the eIDAS regulation and even more so this new European digital identity project. Our solutions allow companies, but also individuals, to control their digital identities.
What are the advantages of using Archipels?
Companies can reduce the risk of fraud and money laundering, reduce identity management costs, guarantee data immutability and facilitate traceability, have a service that complies with European regulations, including the eIDAS certificate of course, and much more. On the user side, the benefits are also numerous, with control and true confidentiality of data, a simplified and accelerated experience, simplified consent management and the implementation of the "tell us once" principle. Archipels therefore respects the European Commission's line of conduct by offering a secure identification service that respects users and future regulations.
Multiple solutions in companies
Document authentication, the implementation of a time-stamped and secure online signature or any other solution to deal with fraud and protect its customers can therefore be implemented with Archipels. Every company can therefore guarantee its customers secure document exchanges, signatures and transactions, even if this is not its area of expertise at first.
As a service provider, Archipels can therefore meet the needs of a company with an advanced solution that complies with the standards in force.
If you have any questions, please do not hesitate to contact us.