e-IDs to work across EU borders
Electronic signatures are to be harmonised and electronic identities mutually recognised across the EU, under proposals unveiled by the European Commission on Monday.
The e-ID plan is intended to make sure that citizens can use their electronic identities, which they may have been issued through national schemes, for online services in other EU member states. It would also give e-signatures the same legal status as handwritten signatures across the union.
The Commission has stressed that, contrary to the feared creation of a pan-EU identity system, there will be no overarching database and countries will not be forced to institute ID cards if they do not want to. The €9.4m (£7.6m) cost would be spread over seven years and is entirely related to human resources, according to the proposal.
"This proposal will mean you can make the most of your e-ID, if you have one," digital agenda commissioner Neelie Kroes said in a statement. "With mutual recognition of national e-IDs and common standards for trust services and e-signatures, we can prevent a national carve-up of the Internet and online public services and make life easier for millions of businesses and even more citizens."
The Commission gave several examples of how the new e-ID framework (PDF) might be beneficial: "A company will be able to participate electronically to a public call for tenders launched by the administration of a different member state without its electronic signature being blocked due to specific national requirements and interoperability problems."
"Similarly, a company will have the opportunity to sign contracts electronically with a counterpart based in a different member state without fearing different legal requirements for trust services such as electronic seals, electronic documents or time-stamping," the Commission said, adding that students could also use their national e-IDs to enrol at universities in other countries.
There is already an EU directive on electronic signatures, but it dates from 1999 and only deals with e-signatures, not with trust certificates, e-IDs, seals or electronic time stamps. "All countries in the EU have legal frameworks for e-signatures, however these diverge and make it de facto impossible to conduct cross border electronic transactions," the Commission noted.
In the new regulation, the rules about e-signatures, time stamps and trust providers will be harmonised across the union. However, e-IDs will only see mutual recognition, not harmonisation, as that would involve taking fundamental powers away from the member states' governments.
Governments will not be compelled to introduce e-ID schemes, and they will not even be forced to make their national schemes interoperable with others if they do not want to. At the moment, citizens in Belgium, Estonia, Finland, Germany, Italy, Portugal and Spain all have e-ID cards, and Austria, the Czech Republic, Denmark, Lithuania, Luxembourg, the Netherlands, Slovakia, Slovenia and Sweden have similar systems.
Although the published proposals plainly address the e-ID issue, they are less clear about other aspects of the framework that were hinted at in recent weeks, namely its utility as an online age-verification scheme and the idea of forcing website owners to register their identities.
The age-verification aspect is not mentioned in the proposals themselves, although an accompanying FAQ document states: "If a teenager wanted secure access to a chat room for 14-18 year olds, or a gambler needed to prove they were of legal age, the website should only check information about their age from the e-ID card. Other details such as nationality and address would not need to be revealed."
The registration of site-owner identities would make online commerce "more trustworthy", the Commission said. The proposals appear to mainly cover having the correct information on trust certificates, but it is still not clear whether non-trading site-owners, or those who simply do not want to have a trust certificate, would be compelled to register their identity in a verifiable way.
ZDNet UK has asked the Commission to clear this point up, but had not received a reply at the time of writing.
Note: This post originally, and incorrectly, stated that the cost would be £7.6bn. Apologies for the confusion.