EC to Propose More Uniform E-Identity and Signature Rules to Spur the Digital Single Market
The European Commission Monday will propose measures to boost online trust and convenience by making electronic identification (eID) and e-signature rules more uniform across Europe, EC sources said Wednesday. The two-part plan would extend existing national eID systems for public services that require formal electronic identification across Europe, and will standardize e-signature and e-authentication rules, they told reporters at a briefing where they spoke on the condition they not be named. Competitiveness ministers Wednesday urged the EC to submit the proposal by June. Despite that, the sources said, they expect some concerns from governments worried about the potential burden of accepting eID services from other countries, and from some EU lawmakers who might be troubled by perceived privacy issues.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The proposed regulation on electronic identification and trust for electronic transactions in the internal market would harmonize e-signature and e-authentication, the EC sources said. The existing e-signature directive is 12 years old and its application “has not been flawless” because of the many differing national approaches, they said. The variety of national eID systems is carving up the internal market, preventing e-government services from living up to their potential, they said. But the EC chose not to standardize the way EU members issue and design eID systems, proposing instead to permit their mutual recognition and acceptance, they said.
Governments wouldn’t have to give official notice of any eID system, but if they do, those mechanisms must give access to services across Europe that require such identification, the sources said. For example, a Belgian agency that issues work permits would, once its identification scheme is notified to the EC, have to allow people in other countries to access the system via their own national eIDs, they said.
In addition to formally advising the EC of their national eID cards, and recognizing and accepting those of other European countries, governments would also have to provide free online electronic ID authentication facilities and would be held liable for errors such as wrongful authentication of an eID, the sources said. Identity theft is a challenge for any identification system, but the EC believes governments have defined their eID systems as secure and trustworthy and have an interest in delivering high security levels, they said. Administrations must also let the private sector use the official eID, they said. The only regulatory change needed would be to switch the e-signature law from a directive, which gives governments discretion in how it’s put into place, to a regulation, which must be applied uniformly across the EU, the EC sources said. The regulation would also require trust services such as time-stamping and electronic seals, they said.
The proposal doesn’t raise any direct data protection or privacy issue, the sources said. Each national eID system has its own rules on how to treat information linked to it, and would also have to comply with its own and EU data protection and other laws, they said. But there has reportedly been some preliminary anxiety about the privacy aspects of the plan, likely because of the use of the word “identity,” they said. That could associate the proposal with personal data, but eID simply shows that someone is who she says she is so services can be provided, they said.
There’s been little negative reaction from governments or European Parliament members, the EC sources said. In conclusions on the digital single market and governance of the single market published Wednesday, the EU Council stressed the need to create trust in the digital environment and urged the EC “to submit the new proposal on e-signature, identification and e-authentication by June 2012.” Nevertheless, the proposal could spark some unease because it will impose burdens on national administrations that decide to notify national eIDs and will then have to accept them from other countries, the sources said. But it’s a tradeoff, they said, because they would also be giving citizens wider access to services.
Parliament has already discussed documents that mention the proposal, in the context of the digital agenda and single market act, and hasn’t raised any important issues, the EC sources said. The draft regulation’s content shouldn’t merit much concern, except that anything that mentions “identity” could trigger adverse reactions, they said. Given the technicalities of the proposal, that could lead to irrelevant discussions, they said.
Trust services providers would benefit from the new measure, but ISPs and telecom companies wouldn’t because increased data transmission isn’t involved, an EC source said. The EC hopes that once a pan-European eID regime is in place, it will spur the private sector to build businesses atop it, the EC sources said. Industry and governments have already engaged in pilots and consultations on the issues and e-signatures have been around for a long time, they said. Once the system is established, the public and private sectors will be able to use it for things such as customs activities, they said. Despite the fact that EU countries want the proposal, and that several are already working on technological aspects of eID implementation, rollout of the system could take time, the EC sources said. They said the approval process isn’t expected to be a problem, but if some governments opt not to have formal eID regimes, that will delay the benefits of the regulation to citizens across Europe.