eIDAS in the Czech Republic

This summer, the Czech Republic introduced several IDAS services. eIDAS (electronic IDentification, Authentication and trust Services) is a relatively new EU regulation and a set of standards on electronic identification and trust services for electronic transactions in the European Single Market. Introduced in 2014, eIDAS will not be implemented in all member states for several years.

eIDAS and its purpose

Any person or business operating in the EU who uses electronic signatures for identity verification and electronic transactions should ensure that they comply with eIDAS.

eIDAS gives both the signatory and the recipient access to a higher level of convenience and security than is possible with traditional methods of signature. Instead of relying on postal services, faxes, or appearing in person to submit paper-based documents, they may now perform transactions across borders, for example with the convenience of “1-click” technology.

Under eIDAS, citizens and businesses are able to use their native electronic identification schemes (eIDSs) when accessing public services within other EU member states that use eIDSs. eIDAS defines the conditions under which member states must recognise electronic identification from users.

Additionally, eIDAS has created standards for electronic signatures, electronic time stamps, electronic seals, and other proofs of authentication, including electronic certification and registered delivery services that give those electronic transactions the same legal status as if they were conducted on paper.

Policy context

The eIDAS Regulation came into effect in July 2014 as a means to facilitate secure and seamless electronic transactions within the European Union. EU member states are required to recognise electronic signatures that meet the standards of eIDAS. The following services have been in operation in the Czech Republic since 1 July 2017:

  • An electronic document signed by a qualified signature after 1 July 2016 has the same status as a handwritten signature and must be accepted in all proceedings, including administrative, judicial, and the like.

  • An electronic signature can be used by any certification authority within the EU, and local Czech signatures cannot be required.

  • Electronic signatures, electronic seals, and time stamps are designed and intended for offline use, and become part of the electronic documents in which they are used.

  • Electronic delivery service.

  • Online verification services for the validity of an electronic signature or an electronic seal.

  • eIDAS defines the notion of liability for damage, where member states or commercial service providers are responsible for damages arising from the operation of e-confidence services.

A fully electronic filing service as envisaged by eIDAS for eGovernment should be launched in the Czech Republic by 1 January 2020. This will require the creation of self-service support services for complete electronic filing, digitalisation of public administration forms, and eIDAS-compliant identification and authentication services. The latter will be linked to the reference data in the Czech base registers using the eGON Service Bus functionality.

eiDASinfographics

Description of target users and groups

Once it is introduced, eIDAS will offer services that fall into three categories. The first group of services covers eIDs (electronic personal ID or organization ID), which ensure proper authentication. In general, these services are used to identify and authenticate individuals or organizations within electronic online services. A typical service is the mutual recognition of identification tools for online identification and authentication within the EU.

In the Czech Republic, the Ministry of the Interior has created the CertIQ web application to verify certificates against trusted lists under eIDAS. The certificates checked by CertIQ are of two basic types: qualified certificates, and certificates used for qualified electronic timestamp generation by a qualified trust service provider established in a EU member state or an EEA state.

The second group includes services for the provision of electronic signatures and electronic seals. These services are used to “signify the will” of the signing or sealing person by providing and validating:

  • an electronic signature;

  • an electronic seal;

  • electronic time stamps; or

  • site authentication.

The third category of services are electronic delivery services. Typical services in this category cover:

  • Recommended electronic delivery services, used in the Czech Republic for several years and referred to as classical data messages.

  • The function of electronic documents; this means ensuring the legal verifiability and and long-term readability of stored electronic documents.

Main results, benefits and impacts

Benefits of eIDAS

  • Electronic trust services ensure significant savings of time and costs in high-volume and cross-border transactions. They enable concurrent execution of documents, regardless of where in the world the signatories are.

  • Companies and organisations that process large numbers of electronic documents, such as leasing companies, banks and public institutions, can use QES (qualified electronic stamps) to seal these documents through automated processes.

  • Electronic seals and electronic time stamps, as well as electronic signatures, are admissible as evidence in the courts of any EU member state.

  • QETS (qualified electronic time stamps) provide a presumption of accuracy for the date and time of the electronic documents with which they are used. Organisations can rely on the fact that the “date certain” of their electronic documents cannot be challenged before any EU member state court, other than on the basis of specific evidence contradicting the QETS.

  • QETS and QES also create a presumption of the integrity/authenticity of the contents of the related electronic documents, because they ensure that the content of a document has not been changed after the execution of the QETS or QES.

  • Make cross-border electronic transactions more secure and trustworthy.

  • Allow for transparency and standardization in the market.

  • Allow citizens moving to new member states to reduce paperwork through online administration.

  • Decrease red tape for businesses, meaning overheads can be reduced and profits increased.

  • Increase flexibility and convenience of government services.

Risks with eIDAS

  • The use of non-qualified electronic time stamps may expose companies and organisations to the risk that the date of their electronic documents will be challenged.

  • Use of electronic trust services may increase exposure to cyber-risk, and therefore to fraud and data loss.

  • The use of electronic trust services involves the transfer and storage of large volumes of data, which may expose companies and organisations to significant confidentiality and data protection risks.

  • “E-illiteracy” means that many people and organisations will not become aware of the impact of electronic trust services without further education.

  • Even people who are aware of the technology may reject electronic solutions.

Specific encryption solutions and the support of qualified trust service providers might help to mitigate some of the concerns related to personal data.

Return on investment description

In the Czech Republic, the costs associated with complying with the eIDAS regulation – the estimated costs to modify the information systems of other sectors – do not exceed about CZK 100 million.

Each information system will cost approximately CZK 0.5 million to modify if its portal already accepts personalised logins, for instance via a username and password. This covers about one third of Czech government departments.

Every system that is not yet ready for personalised logins – around two-thirds of the total – will cost around CZK 7.5 million to modify. This cost does not depend on whether the authentication method chosen will be a password field, an ID card, or something else. On top of that, there may be extra costs associated with further adjustments of the interfaces and databases for specific information systems.

The Czech Republic has set 28 September 2018 as the date by which state administration systems must be able to identify citizens based on their eIDs. To meet that deadline, a lot will need to happen in less than two years – and eIDAS covers many areas outside government administration.

 

Acronym:

eIDAS

Start date:

2017

Operational date:

20 September 2017

Categorisation

Type of document
General case study
The content of this field is kept private and will not be shown publicly.