EU 910/2014 : The new regulation for electronic identification

The new regulation EU 910/2014 on electronic identification and trust services , replacing the current directive EC  1999/93  is creating a lot of expectation, especially because it is a big step in the conversion of Europe a single market.

Thus, one of its strongest points is the validity of certificates transnationally. Even though, there are some months left before it entries into force, which will be next July 2016, we want to come forward key aspects of the EU 910/2014 for all of you.

Technology has advanced by leaps and bounds in recent years, therefore the revision of Directive 1999/93 was somewhat inevitable because of all all , is obsolete , it does not meet the current needs of society , as to electronic signature.

A clear example are the certificates for individuals, the percentage of the population that uses them is very small. Specifically in the case of the DNI -e , the numbers are overwhelming , certificates are issued with a different validity to the document itself , in addition , a card reader is needed to make use of it . Too many complications that make the ordinary citizen chooses other ways. We told you something, in this post . Well, the new EU 910/2014 , wants to end this rule .

On the side of the companies, there are many difficulties too: outdated certificates, lack of control over who has access to what , etc. This applies especially to SMEs.

The new regulation commits with centralised key firm,  therefore, the use of cryptographic cards is not necessary, and the issues previously mentioned are solved.

Broadly speaking, new EU standard 910/2014 has two main objectives:

  • Consolidate and increase confidence in the intra-Community transactions
  • Framed in the context of Europe 2020, ensuring the existence of appropriate legislation for electronic signatures, time stamps and transactions over the Internet .

Based on the above , one of the things that sets is that member states have to accept as valid certificates issued by any other member state, both natural and legal persons . This also applies to electronic seals company.

At this point, you may wonder what  electronic company seals is? Since it is a new legal concept that includes the EU 910/2014 standard. These act as rubber stamp, but electronically. Provided it meets the requirements to be a qualified electronic seal, you have full and absolute validity for legal purposes.

Other major new features included in the EU regulation 910/2014, is on what is known as trusted service providers. This term, which replaces the previous guideline was known as certification service providers.

The concept of trust service providers include all companies involved in the sector of digital certificates, timestamps and validation of signatures among others. To all of them and in order to ensure a higher level of confidence, the new norm has established a number of specific regulations must meet if they want to continue working as such.

So, to ensure trust, if a security breach occurs, they have to report publicly about it  maximum 24 hours after the accident. Likewise, they must be audited at least every 24 months. With all of this it is to increase transparency and confidence in the security they provide.

EINSA– European Union Agency for Network and Security Information- 4 guides established any trust service provider must follow when exercising:

Security Framework
Risk assesment
Impact mitigation for security flaws
Legal framework for the audit of the trust service providers.

Even if there is almost a year for the entry into force, experts seem to be very happy with the arrival of the new regulations. Another advantage is that they see it opens the doors to the DNI-e in the cloud, with all possible advantages for both end users and the company.

In the coming months you will see more and more articles on the EU rule 910/2014 and only time will tell if it fits the needs of  estates members and the level of acceptance and adaptation of the governments of each members of the same states. But the goal today was to give an overview of some of the main points that the standard established.

We go back next week!

📢 WEBINAR · Seguridad y legalidad en los procesos de transformación digital = Firma Electrónica 📢

26 Mayo 2022 · 11:00h (hora Madrid GMT+2)