• About Us

    About Us

    Small Business Standards (SBS) is the voice of European SMEs in the standardisation process.

    Our Structure

    Meet our Members, Experts and the Team who contribute to the work and mission of Small Business Standards.

    Contact Us

    Find out how to reach us

  • Standards & SMEs

    About Standards

    Standards are everywhere and cover many topics, products and services. From quality management systems and tattooing services to screw head sizes or safety of childcare articles or machinery.

    CE Marking

    The CE marking is an indicator that a product complies with EU legislation and enables the free movement of products within the European Market

    How are Standards Drafted

    Standards are the result of a consensus-building process involving different interests and stakeholders. Understand the process for the development of standards and how to get involved.

    Standardisation Bodies....

    Explore the network of European, International and National standardisation bodies developing standards on diverse topics across different sectors.

    How to Find a Standard

    Discover where and how to get a specific standard on a topic of interest to your specific sector and information on ongoing standardisation work.

    FAQ

    Everything you always wanted to know about standards, their impact on European SMEs and their role in the economy (but were afraid to ask).

  • Focus Areas

    Horizontal Topics

    Discover main horizontal topics of importance for small businesses in which SBS   is actively working to ensure SME views and interests are considered in standardisation and related legislation.

    Sectors

    Discover our impact across standardisation in a wide range of industries, and how we disseminate crucial information, and shape European policies to support SMEs’ competitiveness and facilitate their digital and green transition.

    Projects

    Discover the projects SBS is actively engaged in. Our initiatives span from advancing standardisation across diverse technology sectors to enhancing partnerships that integrate research, innovation, and standardisation. Each project emphasizes our dedication to amplifying SME participation and impact in standardisation.

  • Tools

    Learning Materials

    Enhance your knowledge of standardisation with our suite of learning tools. Tailored to the needs of SMEs, these educational resources provide the knowledge and skills needed to navigate the complexities of the standardisation process and learn about standards in a specific area.

    Standardisation requests

    SBS constantly monitors new and existing standardisation requests to ensure SME concerns and key aspects are included during the consultation process.

    SME Compatibility Test for Standards

    SBS has developed a test for the assessment of the compatibility of standards with SME needs. Test a standard to see if it can be easily applied by smaller companies!

    Useful External Resources

    Discover the information and services that standards bodies offer SMEs to facilitate their access to standards and  standardisation.In 2010, CEN and CENELEC adopted the so-called Guide 17, a list of recommendations that standards makers should consider when writing standards to ensure they meet SME needs. The guide was also adopted by ISO and IEC in 2016. Guide 17 is available in several European languages.

    Monitoring Standards

    The monitoring of standards is an essential tool for SMEs and their associations providing them with a centralised hub for information on relevant new standardisation developments.

  • Publications

    Position Papers

    SBS aims at influencing EU policies to ensure the needs of SMEs are taken into consideration. SBS position papers offer insights and recommendations on key issues impacting SMEs and standardisation.

    Studies

    Discover insightful studies that present in-depth analysis and research findings on standards, their impact on SMEs and SME priorities.

    Newsletters

    The SBS newsletter provides an overview of the latest and most important European SME-related standardisation news and announcements. To reach out to the largest possible audience, the content is provided in several languages.

    Brochures

    Browse our brochures to find out more about Small Business Standards, its work and for concise overviews on other relevant topics.

    SME Guides

    The SME Guides and learning materials provide practical and easy-to-understand information on standards, standardisation and related topics.

    Annual Reports

    SBS’ annual reports provide a comprehensive summary of the association’s activities, achievements and impact over the past years, demonstrating its continuous commitment to SMEs.

  • Latest

    News

    Keep up to date with the latest news from SBS!
    In this section, we provide you with the latest SME standardisation-related developments.

    Events

    SBS provides opportunities for learning and networking in the area of standardisations. Check out our upcoming seminars, workshops and events.

    Press Releases

    SBS regularly issues press releases featuring important announcements, news, and updates on standardisation and its impact on SMEs.

     
  • Member Area

    Latest

    Stay informed with the Latest News from Small Business Standards (SBS), where we bring you the most recent updates, developments, and insights in the world of SME standardisation and advocacy.

    SBS Structure

    Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor …
Members' Area
Home
eIDAS Regulation: Strengthening SMEs through standardisation

eIDAS Regulation: Strengthening SMEs through standardisation

  • Digitalisation, Digital Society

Key points

• The “Twin Transition” – the green and digital transformation of the EU – and the COVID-19 pandemic have highlighted the crucial importance of electronic transactions to businesses and citizens.

• An efficient eIDAS (electronic identification and trust services) regulation is needed to scale up electronic identification technologies that can effectively support electronic transactions,
including remote working. A new trust service for online identification could expand benefits brought by eIDAS trust services to SMEs enabling them to develop new added value services

• Standards should play a key role in providing certainty for SMEs to invest in eIDAS value added services. Identification of standards and the publication of their reference in the Official Journal can guarantee at least a baseline for security and technical interoperability for all the trust services in the public sector. It is advisable to:

– make the publication of implementing acts referencing standard mandatory for most, if not all, the different trust services.

-minimize the risk of the Regulation becoming obsolete by delegating power to the Commission for minor changes that do not relate the fundamental principles to respond
quickly to changing technology paradigms, after consultation with relevant stakeholders.

– support and increase SMEs´ participation to standard setting to improve and adapt standards and have better market recognition

Background

The European Commission recently launched a public consultation on Regulation (EU) 910/2014 (the eIDAS Regulation) to collect stakeholders’ feedback on the needed changes to ensure optimal delivery of an EU digital identity1.

The eIDAS Regulation provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens, and public authorities by:

•ensuring that people and businesses can use their own national electronic identification means (eIDs) to access public services in other EU countries, where eIDs are available;

• creating a European internal market for electronic trust services – namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication – by ensuring that they will work across borders and have the same legal status as traditional paper-based processes

Digital technologies are key to reduce the effect of the COVID-19 pandemic on the economy and keep the activities alive even with the most severe restrictions in place. This was vital, especially in the case of SMEs. Now that the EU is investing to recover from the immense damage caused by the pandemic, it is fundamental to promote sustainable growth. In fact, the “Twin Transition” – the green and digital transformation of the EU – is at the centre of the European Commission 20202 and 20213 Work Programme.

According to the Centre for European Policy Studies (CEPS)4, Member States’ experience with digital identification varies5. Other countries are currently experiencing a surge in demand for digital identification means6. In Italy, the identification scheme system “SPID” has been able to satisfy high demand for digital identification thanks to its unique characteristics:

• numerous identity providers, both public and private, audited by accredited Conformity Assessment Bodies and under supervision by the national supervision body;

• the possibility to implement remote recognition procedures;

• no need to distribute physical identification means as most of the identity providers use mobile phone applications for this purpose

An efficient eIDAS regulation is needed to scale up electronic identification technologies

The eIDAS Regulation contributed to reducing the need for face-to-face interactions enabling eGovernment and business interactions supporting cross-border reliable and trustworthy electronic
identities and trust services, such as eSignatures, eDelivery, and eID, which are key enablers for the digital transformation. The eIDAS Regulation already introduced a first cross-border framework for mutual recognition of notified digital identities aiming to ensure that individuals and businesses can use their own national electronic identification means (eIDs) to authenticate when accessing public online services in other EU Member States. This was achieved by establishing an interoperability framework and by enforcing mutual legal recognition of notified schemes.

However, the current eIDAS interoperability framework setting based on eIDAS nodes has some flaws:

• it is inefficient and often hard to use, especially by inexperienced users, and can hardly scale up to support real business needs, where users are familiar with simple and immediate identification means when using online services,

• it is not possible to use paper-based identification documents, and

• many eIDs require card readers. Only the most recent eIDsthat support Near Field Communication (NFC) 7 have a seamless integration with smartphones (that support NFC).

Experience shows that the adoption of secure but difficult-to-use devices and technologies is a huge hindrance to widespread use of eID enabled services. Thus, a new type of qualified trust service for identification of natural and legal persons – conceptually like the Italian SPID discussed above – would be a better approach. Electronic Identification means issued by SPID fully relies on official identification documents issued by the Italian government, either paper based or electronic. In practice, SPID identity is not a stand-alone identification document but relies on the official IDs issued by the Italian Ministry of Interiors and enable to reuse the identity online, thanks to electronic assertion electronically sealed by the SPID providers.

Under the eIDAS framework, SPID is considered as an identification scheme but it is very similar to a qualified trust service both in terms of governance and at the technical level, providing electronic identification of a natural or legal person to an electronic service in a very effective and scalable way. This approach would allow to decouple the issuance of legal IDs, reserved to Member States authorities, from electronic identification means “anchored” to those IDs, issued by the States. This is a key element to deploy an identification service that can scale seamlessly to EU wide dimension without changing the rules for legal IDs that must remain under the Member State sovereignty.

This new trust service can (and should) benefit from the same sound approach of other trust services, i.e.:

• supervision;

• conformity assessment under accreditation and based on standards;

• electronic signatures and seals format (for identity assertions to be consumed by services);

• trusted lists for mutual recognition

This proven trust framework can effectively support remote working that now is the prevalent behaviour for many European employees and will likely continue to play a key role also when the pandemic is over. This can also help to face the huge challenge to assess and manage the security threats coming from a radically changed scenario that is very alarming, especially for SMEs. The pandemic has also brought in fact an alarming increase in cyber-attacks.

SMEs are expected to benefit from a widespread EU eID infrastructure, especially if those flaws are removed. It is of paramount importance to consider trustworthiness, performance, resilience and, most important, user-friendliness as top priorities for widespread business use. Benefits brought by eIDAS to SMEs are twofold. On the one hand, SMEs can benefit as users of trust services and supporting their digital transformation; on the other hand, SMEs can act as providers of trust services and related solutions.

Standards can help SMEs reap the full potential benefits of the new eIDAS framework and invest in eIDAS services across the EU.

A new trust service for online identification could expand benefits brought by eIDAS trust services to SMEs enabling them to develop new added value services. This should be an evolution of the current eIDAS framework, not a revolution: the stability and neutrality of the legal framework should remain the guiding principles. The eIDAS regulation sets only the basic legal principles but it is not enough to be used directly at technical level. This is not a limitation, on the contrary, it is a fundamental property of legislation to allow a state-of-the-art interpretation, and this is exactly the role of standards. Their role in fact is to have a common and consistent technical baseline, possibly usable also in different legal frameworks, that avoid the risk of having completely different approaches between Member States or also outside the European Union.

The consistent use of standards is a key principle introduced with eIDAS and demonstrated to be an effective tool to avoid putting at risk and challenge the investments made by many SMEs in creating innovative services based on eIDAS trust services. The identification attributes should be specified only semantically in the Regulation implementing acts, leaving to standards their concrete technical implementation.

In addition to electronic identification, trust services are another fundamental and cornerstone innovation introduced by eIDAS that greatly improved the previous legislation removing their limitations and creating a real single market for electronic signatures, electronic seals, time stamps, electronic registered delivery services and website authentication with a sound governance and interoperability framework.

However, common legal rules alone do not lead to technically interoperable services: eIDAS’ approach was innovative because it guaranteed a legal layer common to all EU with a good level of technical neutrality while relying on standards for the technical layer, leaving therefore freedom to the market to regulate these aspects.

This innovative approach introduced by eIDAS for trust servicesis similar to the New Legislative Framework one that relies on harmonised standards to fully specify the essential requirements of products. Time is now mature to further develop this approach to fully achieve the expected results of eIDAS: the identification of standards and the publication of their reference in the Official Journal can guarantee at least a baseline for security and technical interoperability for all the trust services in the public sector.

Currently, only few of the possible implementing acts referencing standards were published by the Commission. They are limited to electronic signature and seal formats, qualified signature and seal devices and trust lists. This has prevented from reaping the full benefits of the new eIDAS framework. New standards should be referenced for other qualified trust services, especially for eDelivery that has applications both in the public sector (ranging from eProcurement and eInvoicing to e-Justice and eHealth) and in the private sector. SBS recommends making the publication of implementing acts referencing standard mandatory for most – if not all – the different trust services, along the lines of what is already foreseen for electronic signatures and seals.

Moreover, while the general principles of the eIDAS Regulation are and will almost certainly remain substantially unchanged thanks to its technologically neutral approach, a complete exclusion of all the technical aspects from legislation is not possible nor desirable, as it could become too abstract and leave unwanted room for interpretation. It is therefore suggested to add to the eIDAS Regulation a delegation of power to the Commission for minor changes that do not relate the fundamental principles but allow to adapt those parts that are more likely to require changes to adapt the Regulation when new technology paradigms emerge8. Examples of parts that should be possible to be adapted are the specification of signature, seal and their validation, the content of signature, seal and web certificates, qualified signature, and seal creation devices, etc. The Commission should be required, before adopting those delegated acts, to consult the relevant stakeholders. This would minimize the risk that the Regulation becomes obsolete and requires frequent time-consuming changes continuously chasing technological progress.

It is also important that security is addressed by a wider adoption of standards. Standardisation processes in European Standardisation Organisations are open to all interested parties and security standards like ETSI 319 401 are developed and updated by a consensus-based approach open to all interested parties from the market. Participation in standard setting allows any actor – including SMEs – to improve standards and have better market recognition.

Conclusion

The eIDAS Regulation has helped citizens and companies, including SMEs, to process a wide range of services electronically, which helped the fight against COVID-19 and supported digital transformation, one of the two pillars of the “Twin Transitions”. eSignatures, eDelivery, and eID and other eServices are key enablers that contribute to strengthening the EU Single Market through cross-border reliable electronic identities and trust services.

The eIDAS regulation can be more effective for better cross-border services by (1) decoupling production of legal IDs and electronic identification for legal IDs, (2) speeding up adoption of eID in eServices, (3) supporting new verification methods, and (4) remaining technology neutral. The way to achieve this level of effectiveness is through adopting a similar approach to the NFL, where more eIDAS-related standards are published as an effective tool to provide certainty and avoid risk.

1 https://ec.europa.eu/digital-single-market/en/news/eidas-open-public-consultation
2 https://ec.europa.eu/info/publications/2020-commission-work-programme-key-documents_en
3 https://ec.europa.eu/info/publications/2021-commission-work-programme-key-documents_en
4 https://www.ceps.eu/wp-content/uploads/2020/06/TFR_Europe-Digital-Identification-Opportunity.pdf
5 While Belgium and Estonia electronic ID cards allow access to about 100 applications, other countries offer access
to less services. Not only Member States’ experience vary with adoption rate, but they also implement different
approaches to electronic services. While Belgium adopted a central approach with a national registry, nordic
countries adopted a de-centralised system that enables the private sector, led by banks, to introduce an eID
system.
6 For example, in Italy, the rate of requests of digital identities doubled during the lockdown in March with more
than 100.000 requests per week.
7 https://nfc-forum.org/
8 A concrete example is related to technologies such as blockchain and DLT (and, more specifically, Self-Sovereign
Identity solutions): a careful assessment about what changes are needed to adapt the eIDAS Regulation principles
to enable the use of blockchain and DLT is not likely to be possible in the short timeframe and the foreseen Review
should introduce the necessary flexibility to allow the needed adaptations to be introduced when possible and
necessary. A new trust service for identification could easily be the basis and a first step in the direction of a fully
decentralized identification solution based on blockchain/DLT solutions when this will be made possible by
development of well-established solutions and standards.

EN - 16022021_SBS Position Paper_eIDAS Regulation Strengthening SMEs through standardisation_0

SHARE

Latest Publications

Useful Links

About Standards

Legal framework

Standardisation bodies

How are standards drafted?

How to find a standard?

CE Marking

FAQ
Views and opinions expressed are those of Small Business Standards (SBS) only and do not necessarily reflect those of the European Union or EFTA. Neither the European Union nor EFTA can be held responsible for them.