Insights European Commission publishes report evaluating Regulation on Electronic Identification and Trust Services (910/2014/EU) (eIDAS Regulation)

Contact

In July 2020, the Commission launched a public consultation and evaluation of the eIDAS Regulation. It has now published a report setting out its findings, having analysed the consultation responses received.

On effectiveness, the Commission finds that the eIDAS Regulation has successfully established legal certainty on liability, burden of proof, legal effect and international aspects of trust services, but some issues remain. Availability and take-up of trust services in the EU have increased since the introduction of the eIDAS Regulation, however, there are differences among Member States and among trust services.

Accordingly, the Commission says that, despite some achievements, the Regulation has “not achieved its potential in terms of effectiveness”. Only a limited number of eIDs have been notified and the acceptance of notified eIDs is limited. On the trust services side, the objective of remaining technology-neutral has led to a range of interpretations of the Regulation’s requirements amongst Member States and a level playing field has not been achieved at EU level.

On efficiency, the Commission says that its basic assessment indicates that, so far, the costs have been greater than the benefits due to low uptake.

As for relevance, the Commission finds that the eID ecosystem has profoundly changed since the introduction of the Regulation with an increasing number of private identity providers. Taking into account the increase in digital transactions, all EU citizens should have access to a secure and interoperable digital identity, which is not the case today. The objectives of the eIDAS legal framework, e.g. reducing market fragmentation through the use of common standards, remain relevant to address these issues, but the current scope and focus of the Regulation on eID schemes notified by Member States and on enabling access to online public services is too limited.

On the issue of coherence, the Commission finds that the eID part of the Regulation is supported by a generally coherent system on the mutual recognition of eIDs based on notification and peer review. The trust services framework also provides for a coherent supervisory system for trust services, but issues have been identified impacting the internal coherence of the Regulation.

As for EU added value, the Commission finds that this has been limited due to low coverage, uptake and usage of eID solutions. However, for trust services, the Regulation has provided a common legal framework for their use that has reduced market fragmentation and increased uptake. It has helped public administrations to reduce administrative burdens. Repealing the Regulation would lead to fragmentation and negative consequences on other areas that rely on eIDAS, the Commission says. However, changes to the framework, such as facilitating the use of trusted government eIDs by the private sector, could increase its EU added value.

Overall, the Commission says, the Regulation has contributed to the further development of the Single Market and provided the foundations for an identity and trust services market in the EU, supporting the ever-increasing need for secure digital transactions. However, objectives and user expectations have changed and, looking to the future, the Regulation needs to be improved so that it can deliver on new policy objectives and market demands, particularly due to developments in digitalisation.

Alongside the evaluation report, the Commission also published a Staff Working document, which sets out more evidence in support of its findings. To read the evaluation report in full and for a link to the Staff Working document, click here.