The Electronic Identification Authentication and Trust Services Regulation (eIDAS for short) is an EU Directive which covers transactions within the internal market. eIDAS is a framework for secure electronic verification and identification across Europe, making one common standard.
To give a little more detail, as stated on the European Commission’s website, the eIDAS Regulation:
ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services available online in other EU countries.
creates an European internal market for Trust Services – namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication – by ensuring that they will work across borders and have the same legal status as their traditional paper based equivalents . Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.
On the 24th June 2020, the EU launched a public consultation to revise the rules on eIDAS to begin on the 2nd October 2020.
Executive Vice-President Margrethe Vestager said:
These rules make it easier for citizens to access public services using electronic identification, such as e-signatures. The revision aims to improve its effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeans and create a secure and interoperable European Digital Identity which gives citizens control.
Commissioner for Internal Market, Thierry Breton, added:
Activity of citizens and businesses increased during the pandemic, the revision of these rules will answer their growing need for simple, trusted and secure way to identify themselves online. Improving these rules will also provide the framework for offering competitive, convenient, and trustworthy digital identity services.
As you can probably guess from the fact that I am writing this blog, I see a perfect opportunity for the European Union to address some of the issues with eIDAS using Legal Entity Identifiers.
The Global Legal Entity Identifier Foundation (GLEIF) has also seen this opportunity as they have published their response to the EU’s call for updating eIDAS.
How would LEI and eIDAS work together? As GLEIF rightly points out, trust is an important factor in eIDAS and the EU economy as a whole. The LEI is already accepted as an optional attribute for legal entities’ interfaces between national eID infrastructures. For example, it can be used within eIDAS compliant digital certificates to support identity verification and management.
The eIDAS regulation can go further by promoting being a bridge between EU member state’s national ID schemes and facilitating cross-border identification processes within the EU. Making the LEI mandatory would undoubtedly increase interoperability, making transactions safer, more efficient and more secure. Attributing an LEI to digital certificates is something I have written about in the past. Used in an eIDAS context, in electronic documents, would allow consumers and businesses to benefit from enhanced trust on the EU single market.
The LEI has already become the first official business identification standard to be embedded into iXBRL reporting, automatically linking the filing entity to its verified LEI reference data held within the Global LEI Index.
In the words of GLEIF:
Furthermore, within GLEIF’s 2018 annual report, GLEIF’s LEI is also embedded within the digital certificates of GLEIF’s signing executive officers. These certificates, for the first time, connect the role of the signatory to an organization through the LEI and can therefore be used to verify – automatically, through the shared LEI – that the filed document and the signatories represent the same organization. Incorporating a company’s LEI within digital certificates of its executive officers used to sign financial statements provides reassurance on the data’s reliability and that the information has not been tampered with, despite permitted access to the filed document via any public server globally. Deploying digital signatures, including that of the auditor, also enables efficient report production and distribution processes, the elimination of paper and increased certainty and trust.
PSD2 requires Account Service Payment Providers (ASPSPs) to design channels so that third-party payment providers (TPPs) can identify themselves when accessing these channels. Identification is mandatory for TPPs to get access to the ASPSPs sandbox, live API and channel. Identification is done with an eIDAS compliant digital certificate for website authentication, a digital certificate which can now include an LEI.
In the future, the LEI code could replace the current reference data in the subject name of digital certificates as we know them, replacing them entirely with the LEI code which is updated live via the global LEI system and obtained on-demand using the API. Certificate handling and payload is made easier by transferring the verification procedure to the GLEIF Registration Authorities where it is often already automated, more standardised and of very high quality in comparison to the company name reference that currently exists within the digital certificate ecosystem issued by Certificate Authorities.
While eIDAS has not made LEIs mandatory just yet, I believe it won’t be long before we see them make the move so for any businesses that are trading with the EU, getting ahead of the regulations could mean operational and efficiencies savings later down the line.
Some related topics I’ve discussed are: Legal Entity Identifiers as one tool in the belt of digital transformation initiatives, how LEIs can be used to increase financial inclusion or save the banking industry millions in onboarding and KYC. It’s clear that increase trust and transparency are key to safer online transactions and LEIs are simply one answer in a suite of solutions that the digital services sector should be looking at.
For organisations, the future is clear, conduct business using an LEI.
Register a new LEI or transfer an existing LEI to ManagedLEI today for low cost LEI renewals.Buy or Transfer an LEI
Trusted Identity Ltd. LEI: 98450054NFCE7A67C172Managed LEI © 2021. All Rights Reserved.