Skip to main content
NormaGrid

eIDAS Regulation (European Digital Identity Framework) (eIDAS)

In force Trust & Safety Regulation Adopted: 23 July 2014 · Applies from: 1 July 2016

AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.

Summary

Regulation (EU) No 910/2014 establishes an EU-wide framework for electronic identification (eID) and trust services for electronic transactions in the internal market. It sets rules for the mutual recognition of notified national eID schemes and for the provision and legal effect of trust services such as electronic signatures, seals, time stamps, electronic registered delivery services and website authentication. It also sets requirements for qualified trust service providers and qualified trust services.

Who is affected?

Member States (notifying and operating eID schemes), public sector bodies that must accept notified eIDs for online public services, qualified and non-qualified trust service providers, and businesses/citizens relying on eID and trust services for cross-border electronic transactions in the EU.

Scope

Applies to electronic identification used for access to online public services and to the provision and use of trust services for electronic transactions in the EU internal market.

Key Points

  • Provides for mutual recognition of Member States’ notified electronic identification schemes for access to online public services.
  • Defines trust services and sets legal effects for electronic signatures and seals, including the concept of qualified electronic signatures/seals.
  • Establishes requirements and supervision for qualified trust service providers (QTSPs) and qualified trust services, including conformity assessment and trusted lists.
  • Covers additional trust services such as electronic time stamps, electronic registered delivery services, and website authentication certificates.
  • Sets security and liability-related obligations for trust service providers (e.g., incident/security requirements) and rules on interoperability/standards via implementing acts.
  • Is being amended and complemented by the European Digital Identity framework (commonly referred to as “eIDAS 2”).

Related Regulations

Frequently Asked Questions

Who must comply with the eIDAS Regulation?

Member States operating and notifying eID schemes, public sector bodies providing online services, trust service providers (both qualified and non-qualified), and any businesses or individuals using electronic identification or trust services for cross-border transactions within the EU must comply with eIDAS.

What is the main scope of the eIDAS Regulation?

eIDAS applies to electronic identification used for accessing online public services and to the provision and use of trust services for electronic transactions within the EU internal market.

What are the key obligations for trust service providers under eIDAS?

Trust service providers must meet strict security, liability, and operational requirements, especially if they wish to be recognized as qualified trust service providers. They must undergo conformity assessments, be listed on trusted lists, and comply with incident reporting and security standards.

What is a notified eID scheme under eIDAS?

A notified eID scheme is a national electronic identification system that has been officially notified by a Member State to the European Commission for mutual recognition across the EU, allowing its use for accessing online public services in other Member States.

What legal effect do electronic signatures have under eIDAS?

eIDAS grants electronic signatures legal recognition across the EU. Qualified electronic signatures have the equivalent legal effect of a handwritten signature and must be accepted by all Member States in cross-border electronic transactions.

What are the penalties for non-compliance with eIDAS?

Penalties for non-compliance are determined by individual Member States and can include administrative fines, suspension or withdrawal of qualified status, and other sanctions depending on the severity and nature of the breach.

How does eIDAS interact with other EU regulations?

eIDAS complements other EU digital and data protection regulations, such as the GDPR, by providing a harmonized legal framework for electronic identification and trust services, ensuring interoperability and legal certainty for cross-border digital transactions.

What practical steps should organizations take to comply with eIDAS?

Organizations should assess whether they provide or rely on electronic identification or trust services, ensure their systems meet eIDAS requirements, work with qualified trust service providers where necessary, and keep up to date with national and EU-level guidance and trusted lists.

What is the timeline for compliance with eIDAS?

eIDAS has been in force since July 2014, with key provisions on trust services applying from July 2016. Ongoing amendments (eIDAS 2) may introduce new requirements and deadlines, so organizations should monitor legislative updates.

What is the relationship between eIDAS and the European Digital Identity framework (eIDAS 2)?

The European Digital Identity framework, often referred to as eIDAS 2, is an update and extension of the original eIDAS Regulation, aiming to further enhance digital identity and trust services across the EU. It introduces new concepts such as the European Digital Identity Wallet.

Key Terms

Electronic Identification (eID)
A process for electronically verifying the identity of a natural or legal person, enabling secure access to online services.
Notified eID Scheme
A national electronic identification system officially notified to the European Commission for mutual recognition across the EU.
Trust Service
An electronic service that enhances the security and legal certainty of electronic transactions, such as electronic signatures, seals, and time stamps.
Qualified Trust Service Provider (QTSP)
A trust service provider that meets the strict requirements of eIDAS and is supervised by a national authority, enabling it to provide qualified trust services.
Qualified Electronic Signature
An advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certificate, legally equivalent to a handwritten signature.
Electronic Seal
Data in electronic form attached to or logically associated with other electronic data to ensure the origin and integrity of the sealed data, typically used by legal persons.
Electronic Time Stamp
A trust service that certifies the existence of specific data at a certain time, providing evidence for the timing of electronic transactions.
Electronic Registered Delivery Service (ERDS)
A service that enables the transmission of data between third parties by electronic means, providing proof of sending and receiving, and protecting transmitted data against loss, theft, or alteration.
Trusted List
An official list maintained by each Member State, identifying qualified trust service providers and the qualified trust services they provide.
Conformity Assessment Body
An independent organization authorized to assess whether trust service providers and their services meet the requirements set out in eIDAS.