New e-Signature rules: Shouldn't WE be using it? – Steelie Neelie

eID rules rolled out in Europe, except in EU institutions

After 15 years, the EU is finally updating its e-Signature rules — designed to establish a legal framework for the use of data signatures — although they won't apply to EU institutions themselves, much to the chagrin of outgoing Digital Agenda Commissioner Steelie Neelie Kroes.

Most of the European Commission’s own processes and procedures are still carried out on paper, and Kroes is having none of it, calling on the new President-elect Jean-Claude Juncker to "practise what we preach".

"I believe the European Union should modernise and turn all public administrations digital...and the commission should lead by example and become paperless, both in-house and when interacting with the public," said Kroes.

"So my question to [Mr Juncker] is: will you accept this challenge to make the European Commission truly digital by using e-invoices, e-procurement and e-signatures under your presidency – and call for the other EU institutions to do the same?" she added.

The old eID law, set up in 1999, has gaps galore: weak obligations for supervision of service providers, legal and technical cross-border interoperability issues, and it doesn’t even cover mobile or cloud signing at all.

The new eIDAS (Electronic Identification and Trust Services) regulation sets out new rules for trust services that will apply from 1 July 2016, with a mandatory mutual recognition of eIDs between EU countries from mid-2018.

The regulation defines the rules for interoperability, risk management, transparency and technology neutrality on all types of electronic identification services, from electronic signatures to website authentication.

“Cut the [public procurement] bill by just one per cent and you would save €20bn a year,” said Kroes, adding that "for businesses and citizens it means less hassle and cost. In Estonia, for example, you can set up a limited liability company in just 18 minutes using an eID!”

The GSMA welcomed the new regulation, and said it was already on the case: In February, the organisation launched a service called Mobile Connect that creates a single, mobile phone number-based authentication stamp that can manage multiple user names and passwords using a SIM card. ®

Biting the hand that feeds IT © 1998–2020