hide You are viewing an archived web page, collected at the request of Publications Office of the European Union using Archive-It. This page was captured on 07:55:10 Mar 25, 2017, and is part of the European Union collection. The information on this web page may be out of date. See All versions of this archived page. Loading media information
Digital Single Market
Digital Economy & Society

eIDAS and the EBA discussion paper on strong authentication

On 8 December 2015, the European Banking Authority published a Discussion Paper on strong customer authentication and secure communication. How is this relevant for eIDAS?

The Discussion Paper will allow EBA to obtain input from stakeholders in relation to the Regulatory Technical Standards it has to deliver, by January 2017, in the context of the revised Payment Services Directive (PSD2).

How is this relevant for eIDAS?

The discussion paper considers whether the eIDAS Regulation could provide a possible solution for facilitating the strong customer authentication under PSD2.

The need for regulatory alignment between the two legislations, i.e. PSD2 and eIDAS, was already raised one year ago by stakeholders participating in our events with a focus on the financial/banking sector.

eIDAS is also mentioned in the recently published green paper on retail financial services which outlines the eIDAS' role in facilitating distance payments as well as matching the Know-Your-Customer (KYC) requirements of anti-money laundering legislation.

The eIDAS Regulation offers, therefore, a set of tools to match the requirements set in the PSD2 in relation to strong authentication for on-line payments. Similarly, thorough identification of customers under the Anti-Money Laundering Directive will allow banks to meet the KYC requirements thus enabling anybody (natural and legal persons) to open and operate a bank account in another EU country online, without undergoing face-to-face identity verification in a branch.

In addition, in relation to consenting to transactions, the Regulation gives qualified electronic signatures (for natural persons) the same legal effect as handwritten signatures everywhere in the EU.

For legal persons, eSeals ensure the origin and integrity of data.

Last but not least, the Regulation provides for qualified website authentication by which users are reassured that there is a properly identified natural or legal person behind the website they visit.

The outcome of the current discussion paper will serve as the basis for EBA's further work on drafting the Regulatory Technical Standards in January 2017 in the context of the PSD2.

Now you have the opportunity to make your voice heard. We encourage you to send your comments and you have time until 8 February at the latest.

In the meantime, we continue our efforts in engaging with stakeholders to promote the uptake and use of eID and trust services in the market.

Andrea Servida's picture
Published in DSM blog


Harald Lemke's picture

eIDAS must deliver right here!

It's obvious that electronic ID systems will be become the next gate-keeper of the internet. And it's obvious as well that the big internet platforms are striving to win this game as well.

In order to prevent an eCommerce world in which every single transaction can be traced and analysed by platform based eID providers it is crucial that platform independent eID providers in Europe are developing versatile eID solutions that can be used in eBanking, eGovernment, eJustice and eCommerce as well. This is only promising if eIDAS standards will be applicable in all these action fields.

Having said this it is high time that European Commission bundles its efforts regarding eID matters into one comprehensive regulation, which can be only eIDAS.

Joran Frik's picture

Very useful indeed! Has the stakeholder input been published by the EBA?