Decoding KYC and the eIDAS Regulation: Everything You Need to Know
When it comes to the eIDAS regulation, understanding the intricacies of this comprehensive legislation is crucial, especially as it relates to Know Your Customer (KYC) levels and signature levels. It’s important to note that these two components are inextricably linked and are essential to understanding and applying the eIDAS regulation.
The eIDAS regulation primarily focuses on the identification of physical persons. Thus, it distinguishes three levels of KYC: low, substantial, and high. Each level varies in terms of assurance and risk.
Low Level of KYC
At the low level of KYC, users are asked to upload an identity document, and automated controls such as OCR algorithms are applied. The low level is regarded as such due to the lack of a face-to-face component, and it carries associated risks.
Substantial Level of KYC
Substantial KYC is the base of comparison for all KYC levels. It involves a physical face-to-face meeting between a prospect and a trained agent who verifies the identity document. However, this can also be an equivalent system that is deemed as face-to-face at a national level. A concrete example of this is France’s “PVID,” or Distant Video Identity Verification, a part of the qualification process.
High Level of KYC
The high level of KYC is generally applicable for the police and at the state level. At this level, dedicated machines control the real authenticity of documents. Some new identity cards like the German EiD Card or Belgian EiD Card, which carry cryptographic information, fall under this level. However, accessing this information requires specific authorization and in some countries is not allowed.
Just as important as KYC levels are the signature levels, which are directly linked to each level of KYC. The eIDAS regulation describes three signature levels: simple, advanced, and qualified. Moreover, the simple signature provides a basic association between identity and technical elements with no strong requirements.
The advanced signature, on the other hand, requires proving a strong link between the identity and the document being signed. The KYC level can be low, substantial, or high. The qualified signature, the highest level, involves an advanced signature, a level of KYC that is substantial or high, and audits every two years. This level offers the strongest legal footing.
In essence, the eIDAS regulation is a critical tool for ensuring secure, verified, and trusted digital interactions. By understanding the various KYC and signature levels it defines, businesses can better navigate their obligations and ensure compliance in their digital operations.
Written by Ahmed B.
More posts on this topic