eIDAS Regulation exerts pressure to act

EU Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the European Single Market (eIDAS) came into force on 18 September 2014 and repealed Directive 1999/93/EC. As of 1 July 2016, the Regulation must be directly used in all 28 EU Member States and therefore does not require transposing into national law. Nevertheless, it is important to consider which national measures must be taken.


The aim of the Regulation is to strengthen trust in electronic legal transactions within the EU. The regulatory content refers to binding Europe-wide regulations in the areas of “electronic identification” and “electronic trust services”. The Regulation creates harmonised conditions for the use of these services (also across borders). The new Regulation aims to increase security on the Internet and facilitate cross-border digital transactions such as signing contracts and making purchases. In the future, electronic signatures, seals and time stamps from German trust services will be accepted in all EU Member States provided they are compliant with eIDAS. 


In principle, the Regulation has priority over national law. As such, there are direct implications for previously applied national standards such as the German Digital Signature Act (SigG) and the German Digital Signature Ordinance (SigV). In the event that the SigC or the SigV are at odds legally with the eIDAS Regulation, then they are no longer applicable as of 1 July 2016. Thus, the SigG and the SigV will be repealed and the provisions stipulated by the eIDAS Regulation will be defined in a new Trust Services Act at national level. A draft of the Trust Services Act will be voted on by the Federal Cabinet at the start of July. 


The supervisory body for qualified trust services will basically be the Federal Network Agency (BNetzA). As of 1 July 2016, it will supervise all qualified trust services, work together with the European supervisory authorities (e.g. security incidents, requests for assistance) and undertake the reporting obligations required by the EU Commission. The extent to which the trust services used by the German Social Insurance meet the eIDAS Regulation needs to be examined.