Banking Fintech Security

The eIDAS regulation is coming. How can banks benefit?

The eIDAS regulation is coming. How can banks benefit? Image: mikser45,
Written by Guillaume Forget

In July, the first phase of the EU’s new regulation on electronic identification, eIDAS, will become enforceable. Guillaume Forget explores why banks have a lot to be excited about.

The intent behind the Electronic Identification and Trust Services (eIDAS) regulation is straightforward enough: offer a common legal framework, make it easier for citizens and businesses within member states of the European Union to embark on the digital journey, and give e-transactions and other e-signed documents the same legal status as those that are paper-based. Electronic signatures lie at the heart of this initiative and common technical standards are the key to making it all happen. The desired result? A more connected and more commercially efficient single European market.

Yet, why are so many bankers and IT experts having a hard time understanding which e-signature standards to follow? The confusion we’re seeing today among senior decision makers is largely due to the transitional journey that the regulation has taken to reach this point. Until now, the main compliance reference has been the EU Directive from 1999, which focused primarily on certificate provisioning and chip-based secure signature creation devices (SSCDs), leaving large parts of the trust model in the hands of national agencies. This resulted in discordant legal and compliance requirements and numerous loopholes across EU member states.

eIDAS, however, is quite different. It delivers an EU regulation that has a much wider application scope,1 covering almost the entire trust chain, including sealing, validation, time stamping and central signing, making it far more suited to the delivery of a browser- and mobile-device-friendly user experience. As a regulation, eIDAS is much more powerful and unambiguous than its predecessor. Member states must observe and transpose the regulation directly into national law. The regulation’s Trust Service also delivers the EU Trust List with constitutive effect, meaning that a provider or service will only be qualified if it appears in the Trusted List.

From 1 July 2016, the eIDAS deliverables supersede all previous work in all EU member states and replace it with this new framework.

eIDAS – a strong business enabler for banks

With this new milestone and transparent, straightforward approach in place, banks, together with a variety of other industries, will have a great set of compliance tools that are valid across Europe and fully interoperable. This will allow them, finally, to offer a fully end-to-end digital experience to their users, and foster more innovation as a result.

eIDAS will transform the entire operations of many banks. Once the customer has passed AML verifications and can be granted a trusted identity, they will be able to conduct all of their banking activities digitally. This means that banks will benefit from a binding commitment that is the legal equivalent of a handwritten signature when a customer e-signs a document. This will enable the bank to complete its transition to a fully digital services environment. They will also benefit from non-repudiation in electronic transactions, cross-border interoperability, considerable savings in document management and a more modern client relationship, one that’s in line with today’s expectations for digital services.

So, what should banks do now to position themselves appropriately for eIDAS? Many banks have sidelined e-signature management to innovation teams of two or three people. These banks now need to generate far greater awareness of eIDAS’ tremendous potential. The regulation impacts numerous departments across the bank, including business, compliance and risk management, security, IT, electronic and mobile banking solutions, and more.

Preparing fully for eIDAS means:

  1. Getting to grips with the new legislation.
  2. Reviewing and identifying which business processes can subsequently be transformed.
  3. Evaluating which technologies can facilitate the transition by engaging with the specialist vendor community, which can provide expert counsel on compliant solutions. Doing so will enable banks to test their in-house expertise and verify that their current and planned technologies will continue to operate within the boundaries of the law.
  4. Engage tech-savvy legal advisers to define an appropriate path to regulatory compliance.

As banks start to fully appreciate eIDAS’ potential, adoption is expected to begin among high-end segments such as wealth management and corporate banking. As it gains momentum, the retail banking and insurance sectors will surely follow. One thing’s for sure: for Europe’s banks, eIDAS is set to make life easier for everyone.

1. To provide further clarity, the European Commission has published a useful Q&A on the implications of eIDAS, together with an infographic that provides an overview of what eIDAS is about, what kind of transactions it enables and the sectors most likely to benefit from it.

Image: mikser45,

About the author

Guillaume Forget

Guillaume Forget joined Cryptomathic in 2005 and serves as product management director based in Munich, Germany. He also leads subsidiary operations. He is an evangelist in the eSignature and 'What You See Is You Sign' space, where he has co-authored a number of papers and patents. Prior to joining Cryptomathic, Guillaume worked as international business developer in the payment systems division of Groupe Bull - Atos.

Leave a Comment