Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Isabelle Renard, Licensed by the Paris Bar, PhD in Engineering : Selective amnesia: the case of eIDAS in France

July 2015 by Isabelle Renard, Licensed by the Paris Bar, PhD in Engineering

Regulation 910/2014 of the European Parliament and of the Council of July 23rd, 2014 “on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC” (“eIDAS”) is a major building block in the construction of a digital Europe. Published almost a year ago, it will be directly applicable in France as of July 1st, 2016, which is virtually tomorrow.

It has two separate parts: the first relates to electronic identification, and the second to “trust” services for electronic transactions.

The part relating to electronic identification will only be of mandatory application in the public sector. Private sector bodies are nonetheless strongly incited to adopt these rules, which are sadly lacking in France, where the issue of digital identity is discussed ad nauseam without any practical solution being found, in contrast to the case in several other European countries which have already integrated electronic identification measures in secure identity documents such as ID cards. The Regulation provides for three levels of assurance of the reliability of the identification, which can be chosen on the basis of the stakes involved: the “low” level permits decreasing the risk of identity fraud, the “substantial” level permits to decrease it substantially, while the “high” level has for its purpose to prevent this risk. The Regulation provides for a multi-tier system in which national schemes in application within a Member State can co-exist with schemes notified by a Member State to the Commission for inclusion in a list that will be published in the Official Journal of the European Union and that will enjoy mutual recognition in all EU countries.

Regarding trust services, the Regulation is not restricted to electronic signatures, contrary to the case of the 1999 directive. It also identifies electronic seals, electronic time stamps, electronic registered delivery and website authentication services as being trust services.

Two key points should be kept in mind.

The first is the intent of the European lawmakers to have qualified service providers, who are qualified to provide services mutually recognized in all Member States, serve as the foundation of the entire system of trust. These qualified services also benefit from a presumption of reliability and, as regards electronic signatures, the Regulation provides that a qualified electronic signature must be given the equivalent legal effect of a handwritten signature. Qualified service providers will be the subject of periodic audits aimed at ensuring that they maintain a high level of quality. Every Member State will be responsible for holding a “trusted list”, which can be accessed online, enabling third parties to check the status of a service at any time. Non-qualified services will not, however, be deprived of legal effect but the burden of proof will lie with the person asserting this type of service.

The second key point is that this Regulation is not “yet another document” that simply enounces a series of principles. It refers, for technical aspects, to “delegated acts” and to “implementing acts” that will progressively be published between 2015 and 2017 and relies on an extensive and already well-defined normative corpus (some hundred documents).

It does not start from scratch since in some fields the standards already exist and will be applied as is after being renamed (such as, for example, standards ETSI TS 102 042 and ETSI TS 101 456 for electronic signature certificates). A homogenous European framework has been created that will lead to improved transparency in the presentation of their services by services providers who will present every service on an objective and quantifiable basis on a scale of trust where the highest grade represents qualified services. To put it differently, a service (for example, an electronic signature) that does not refer to any of the standards in the European corpus would lie in a “grey area” that would not provide any certainty as to its actual features.

Yet astonishingly, the eIDAS Regulation is virtually unknown in France. It has generated no commentary and is only cited once in the “Digital Ambitions” report submitted on June 18th last to the government by the head of CNNum (the government’s advisory body on digital matters), and nothing indicates that it was taken into account in the reform of contract and evidentiary law that will shortly be codified in and amend the French Civil Code, in particular as regards electronic contract issues.

This is frankly regrettable as if France misses this boat, other countries in Europe may not, and tomorrow what will be on offer in the country are qualified trust services from other European providers in the absence of any offering by French providers…

www.irenard-avocat.com


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts