AD ALTA
JOURNAL OF INTERDISCIPLINARY RESEARCH
MUTUAL RECOGNITION OF ELECTRONIC IDENTIFICATION MEANS UNDER THE EIDAS
REGULATION AND ITS APPLICATION ISSUES
a
JOZEF ANDRAŠKO
Comenius University in Bratislava, Faculty of Law,
Šafárikovo nám. č. 6, 810 00 Bratislava, Slovak Republic
email:
a
jozef.andrasko@flaw.uniba.sk
Abstract: The author deals with the issue of mutual recognition of electronic
identification means under the eIDAS Regulation which is intended to ensure cross-
border identification and authentication to online services offered by Member States.
The author also reveals whether the legal order of the Slovak Republic reflects the
changes that have occurred in the field of electronic identification and authentication
and whether it creates a sufficient legal environment for potential foreign users of
Slovak public administration electronic services.
Keywords: eIDAS Regulation, electronic identification means, identification,
authentication, assurance levels, public online services.
1 Introduction
The adoption of Regulation (EU) No 910/2014 of the European
Parliament and of the Council of 23 July 2014 on electronic
identification and trust services for electronic transactions in the
internal market and repealing Directive 1999/93/EC (hereinafter
referred to as the “eIDAS Regulation”) represents new
legislation concerning identification and authentication of
persons in cyberspace of the European Union.
1
The eIDAS
Regulation is directly binding and enforceable in the territory of
the Slovak Republic as well as in other Member States of the
European Union (hereinafter referred to as the “Member State”).
Therefore, the implementation in the Slovak legal system is not
necessary. However, it should be noted that from 1 July 2016,
the eIDAS Regulation will only apply to the extent of trust
services (electronic signature, electronic seal, electronic time
stamp, etc.). With respect to the provisions governing the mutual
recognition of electronic identification means, it should be noted
that the obligation in question will only come into effect
on 29 September 2018.
2
The aim of the eIDAS Regulation is to
ensure that for access to cross-border online services offered by
Member States, secure electronic identification and
authentication is possible.
3
2 Mutual recognition of electronic identification means –
fundamental terms
In order to understand the concept and the process of the mutual
recognition of electronic identification means, it is necessary to
clarify fundamental terms relating to such a concept.
Pursuant to Article 3 (4) of the eIDAS Regulation, electronic
identification scheme means a “system for electronic
identification under which electronic identification means are
issued to natural or legal persons, or natural persons
representing legal persons.” Conditions to be met by the
electronic identification scheme are stated in Article 6 (1) of the
eIDAS Regulation. The electronic identification scheme is
closely connected with the electronic identification means but
this concept needs to be seen in a wider context. The electronic
identification scheme provides two services, which are:
a)
issuance of electronic identification means,
b)
securing the authentication process.
1
Identification (declaration of identity) and authentication (confirmation of the
declared identity). More on the issue of identification and authentication in:
ANDRAŠKO J.: Electronic identification and authentication in the context of
electronic public administration services. In CER Comparative European research,
2016, Iss. 2, p. 75-78.
2
Article 52 (1) (c) of the eIDAS Regulation.
3
The eIDAS Regulation created a cross-border authentication system based on nodes.
Pursuant to Article 2 (1) of Commission implementing regulation (EU) 2015/1501 of 8
September 2015 on the interoperability framework pursuant to Article 12(8) of the
eIDAS Regulation is node defined as “a connection point which is part of the
electronic identification interoperability architecture and is involved in cross-border
authentication of persons and which has the capability to recognise and process or
forward transmissions to other nodes by enabling the national electronic identification
infrastructure of one Member State to interface with national electronic identification
infrastructures of other Member States. ”
Pursuant to Article 3 (2) of the eIDAS Regulation, electronic
identification means is defined as “material and/or immaterial
unit containing person identification data and which is used for
authentication for an online service.” The purpose of the
electronic identification means is the authentication of person to
use the online service in another Member State. It is, for
example, electronic data from personal and travel documents,
certificates, lists of cancelled certificates, etc. On the most
general level, it is an electronic identity card. However, the
purpose of the eIDAS Regulation is not to recognize electronic
identity card as such but to recognize the electronic identity
contained therein.
The eIDAS Regulation also defines electronic identification.
Pursuant to Article 3 (1) of the eIDAS Regulation, electronic
identification means “the process of using person identification
data in electronic form uniquely representing either a natural or
legal person, or a natural person representing a legal person.”
In the light of aforementioned, it is possible to identify following
entities under the eIDAS Regulation:
a)
natural persons,
b)
legal persons,
c)
natural persons representing a legal person.
Person identification data are defined as a “set of data enabling
the identity of a natural or legal person, or a natural person
representing a legal person to be established.”
4
The minimum
data set for a natural person shall contain under the Commission
implementing regulation (EU) 2015/1501 of 8 September 2015
on the interoperability framework pursuant to Article 12(8) of
the eIDAS Regulation all of the following mandatory attributes:
a)
current family name(s),
b)
current first name(s),
c)
date of birth,
d)
a unique identifier constructed by the sending Member State
in accordance with the technical specifications for the
purposes of cross-border identification and which is as
persistent as possible in time.
In addition to the above attributes, the minimum data set must
contain one or more of the following additional attributes:
a)
first name(s) and family name(s) at birth,
b)
place of birth,
c)
current address,
d)
gender.
The eIDAS Regulation also defines authentication. Pursuant to
Article 3 (5) of the eIDAS Regulation, authentication means “an
electronic process that enables the electronic identification of a
natural or legal person, or the origin and integrity of data in
electronic form to be confirmed.” In that regard, it is ensured that
within identity proving of person and his authentication to online
services are used unmodified data with confirmed integrity.
Furthermore, it is ensured that such a data is the same as the data
set stored on the electronic identification means. In other words,
no one has changed information in the process of transmission
through information systems.
Assurance levels characterize the degree of confidence in
electronic identification means in establishing the identity of a
person, thus providing assurance that the person claiming a
particular identity is in fact the person to which that identity was
assigned. The assurance level depends on the degree of
confidence that electronic identification means provides in
claimed or asserted identity of a person taking into account
processes (e.g. identity proofing and verification, and
authentication), management activities (e.g. the entity issuing
electronic identification means and the procedure to issue such
means) and technical controls implemented. Pursuant to the
4
Article 3 (3) of the eIDAS Regulation.
- 9 -