Are you a trust service provider or do you provide electronic identification services? If so, you will be required to satisfy the new requirements for trust service providers arising from the eIDAS Regulation as of 1 July 2016.

Trust services are generally understood to include electronic signatures, electronic seals, services for registered electronic deliveries and electronic certificates for the authentication of websites.

For providers of such services, the most impactful change will probably be the new duties of reporting and of care. From 1 July, both qualified trust service providers and unqualified trust service providers will be required to report incidents with a significant impact to the supervisory authority (the Authority for Consumers and Markets or the Radiocommunications Agency), and, where appropriate, also to the Dutch Data Protection Authority and the National Cybersecurity Centre (NCSC). In addition, the Regulation contains more stringent requirements with regard to the security measures which must be implemented by trust service providers. The eIDAS Regulation has superseded EU Directive 1999/93/EC on a Community Framework for Electronic Signatures.

Qualified trust service providers

Are you a trust service provider seeking to get qualified? If so, you will have to notify the supervisory authority of your intention to seek qualification and submit to the supervisory authority the outcomes of a security audit (i.e., a critical investigation of your security programmes) carried out by a formally recognised body. The supervisory authority will then judge on the basis of the security audit results whether you can be added to the list of reliable service providers. Qualified trust service providers must undergo a security audit once a year and submit the outcomes to the supervisory authority. The supervisory authority is authorised to proactively monitor compliance with duty-of-care regulations and to impose enforcement measures where necessary.

The objective of the Regulation

The European Commission hopes that the eIDAS Regulation will result in a reliable, secure and legally regulated environment for electronic identification and electronic trust services, so as to enable the business community, the citizens of Europe and government agencies to engage in cross-border electronic transactions. The eIDAS Regulation will make it easier to do business online and across borders, e.g. in terms of opening a bank account or establishing a company in another EU member state, or of filing one’s tax return and making online payments.

We can help you identify the legal requirements applicable to your particular service. In addition, we will gladly advise you on the specific steps to be undertaken by your organisation in order to achieve full compliance with the eIDAS Regulation.

Want to know more?

Nathalie Falot

Senior Legal Consultant