Partager :

Decoding eID and the eIDAS Regulation: Everything You Need to Know
When it comes to the eIDAS regulation, understanding the intricacies of this comprehensive legislation is crucial, especially as it relates to electronic identity (eID) levels and signature levels. It’s important to note that these two components are inextricably linked and are essential to understanding and applying the eIDAS regulation.
The eIDAS regulation primarily focuses on the identification of physical persons. Thus, it distinguishes three levels of eID: low, substantial, and high. Each level varies in terms of assurance and risk.
Low Level of eID
At the low level of eID, users are asked to upload an identity document, and automated controls such as OCR algorithms are applied. The low level is regarded as such due to the lack of a face-to-face component, and it carries associated risks.Substantial Level of eID
Substantial eID is the base of comparison for all eID levels. It involves a physical face-to-face meeting between a prospect and a trained agent who verifies the identity document. However, this can also be an equivalent system that is deemed as face-to-face at a national level. A concrete example of this is France’s “PVID,” or Distant Video Identity Verification, a part of the qualification process.
High Level of eID
The high level of eID is generally applicable for the police and at the state level. At this level, dedicated machines control the real authenticity of documents. Some new identity cards like the German EiD Card or Belgian EiD Card, which carry cryptographic information, fall under this level. However, accessing this information requires specific authorization and in some countries is not allowed.
Just as important as eID levels are the signature levels, which are directly linked to each level of eID. The eIDAS regulation describes three signature levels: simple, advanced, and qualified. Moreover, the simple signature provides a basic association between identity and technical elements with no strong requirements.
The advanced signature, on the other hand, requires proving a strong link between the identity and the document being signed. The eID level can be low, substantial, or high. The qualified signature, the highest level, involves an advanced signature, a level of eID that is substantial or high, and audits every two years. This level offers the strongest legal footing.
In essence, the eIDAS regulation is a critical tool for ensuring secure, verified, and trusted digital interactions. By understanding the various eID and signature levels it defines, businesses can better navigate their obligations and ensure compliance in their digital operations.
Do not hesitate to ask if you have questions regarding the eIDAS regulation or eID requirements.
For more insights into eID and eIDAS regulations, contact us today!
Written by Ahmed B.
More posts on this topic