Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52012AE1243

Opinion of the European Economic and Social Committee on the ‘Proposal for a Regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market’ COM(2012) 238 final

OJ C 351, 15.11.2012, pp. 73–76 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

15.11.2012   

EN

Official Journal of the European Union

C 351/73


Opinion of the European Economic and Social Committee on the ‘Proposal for a Regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market’

COM(2012) 238 final

2012/C 351/16

Rapporteur: Mr McDONOGH

On 15 June and 25 June 2012 respectively, the Council of the European Union and the European Parliament decided to consult the European Economic and Social Committee, under Articles 114 and 304 of the Treaty on the Functioning of the European Union, on the

Proposal for a Regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market

COM(2012) 238 final.

The Section for Transport, Energy, Infrastructure and the Information Society, which was responsible for preparing the Committee's work on the subject, adopted its opinion on 6 September 2012.

At its 483rd plenary session, held on 18 and 19 September 2012 (meeting of 18 September), the European Economic and Social Committee adopted the following opinion by 144 votes to 1 with 8 abstentions.

1.   Conclusions and recommendations

1.1

The Committee welcomes the Commission's Proposal for a Regulation of the European Parliament and of the Council on electronic identification (eID) and trust services for electronic transactions in the internal market, which aims to strengthen the EU Single Market by boosting trust and convenience in secure and seamless cross-border electronic transactions.

1.2

The Committee strongly supports the advancement of the Single Market and it believes that the Regulation will increase the effectiveness of public and private online services, eBusiness and electronic commerce in the EU for the benefit of EU citizens who work or study in another EU country and for SMEs as they develop their cross-border business.

1.3

The Committee welcomes that the Regulation proposes an approach that is technology neutral and open to innovation.

1.4

However, the Committee believes that the Commission should have gone further with this Regulation and advanced the development of a de facto and de jure European eID for a defined set of services.

1.5

While recognising that the regulation of identity is a national competence, and respecting the principles of subsidiarity and proportionality, the EESC recommends that the Commission now considers how a standardised EU eID, available to be applied for by all citizens on a voluntary basis, could be introduced. A European eID scheme that was available to all citizens would facilitate the realisation of a truly single market for goods and services, providing substantial societal and service benefits including a higher degree of protection against fraud, a greater climate of trust between economic operators, lower costs of service provision, and a higher quality of service and protection for citizens.

1.6

The Committee recommends that the Commission develops a EU eID standard, analogous to standards developed by the European Committee for Standardisation (CEN). An EU eID standard would define the parameters for a European Union eID, while providing a focus for the harmonisation of the diverse national eID schemes, and a template for any new eID schemes to be introduced where none currently exist.

1.7

The EESC recommends that the Commission considers the possibility of beginning the introduction of an EU eID, available on a voluntary basis to all citizens, by creating a basic scheme to provide an EU-authenticated eID for a limited set of eCommerce consumer transactions.

1.8

Because there are currently no well developed national eID schemes for businesses (legal persons) in any of the 27 Member States, the Committee recommends that the Commission, while respecting the principles of subsidiarity and proportionality, should advance the case for an early introduction of a voluntary European eID scheme for legal persons that would include a defined set of parameters for all businesses in the EU.

1.9

The Committee welcomes the provisions in the proposed Regulation for the authentication of websites. The Committee believes that the early implementation of these provisions would facilitate the development of the high-trust climate between consumers and businesses that is so vital to the digital single market.

1.10

The Committee calls again on the Commission to advance proposals for the introduction of a European Trustmark for businesses. As argued in previous Opinions by the EESC, a European Trustmark for businesses would greatly increase consumer confidence in online, cross-border commerce.

1.11

The EESC is pleased to see that the proposed Regulation takes account of the numerous Opinions by the Committee calling for cross-border harmonisation of eID, eSignature and trust services, as well as the Committee's concerns about upholding citizens rights to privacy and security while online (1). The Committee is also pleased to see that the draft Regulation includes the provision that the Member States will assume liability for their participating systems.

1.12

The Committee notes that the Regulation takes account of the technical standardisation and process development work of the STORK (2) projects to establish a European eID interoperability platform and implement a practical scheme which will create an internal market for eSignatures and related online trust services across borders. The Committee recommends that the Commission facilitates this critical effort and provides whatever support is necessary to accelerate the work.

1.13

The EESC recommends that the enactment of the proposed Regulation should be accompanied by an information campaign for citizens to explain how the cross-border eID and eSignature arrangements will operate in practice, and to assure them about any privacy and security concerns they might have.

1.14

As the digital society evolves and more critical public services are provided online, the Committee stresses the critical need for the Commission to maintain focused support for strategies aimed at accelerating digital inclusion across the Union.

1.15

The EESC asks the Commission to re-examine where the use of delegated acts is invoked in the Regulation and to advise the Committee why use of the power is essential to the implementation of the relevant Articles.

2.   Background

2.1

The eSignature Directive has been in place for over 12 years. The Directive has gaps, such as undefined obligation for national supervision of service providers, which are holding back cross-border eSignatures, and it does not cover many new technologies.

2.2

All countries in the EU have legal frameworks for eSignatures, however these diverge and make it de facto impossible to conduct cross-border electronic transactions. The same holds true for trust services like time stamping, electronic seals and delivery, and website authentication, which lack European interoperability. Therefore, this Regulation proposes common rules and practices for these services.

2.3

There are three key elements in the draft Regulation:

i.

It upgrades the legal framework of electronic signatures replacing, the existing eSignature Directive. For instance, it allows you to "sign" with a mobile phone; it requires higher accountability for security; and it provides clear and stronger rules for the supervision of eSignature and related services.

ii.

Through requiring mutual recognition between various national eID systems (different to harmonisation or centralisation), the Regulation extends the capabilities - the opportunities available with your existing eID - by making it functional across EU borders.

iii.

Other trust services are included in the Regulation for the first time, meaning there will be a clear legal framework and more safeguards through strong supervision bodies for providers of services related to electronic seals, time stamping, electronic documents, electronic delivery and website authentication.

2.4

The proposed Regulation will not:

oblige EU Member States to introduce, or individuals to obtain, national identity cards, electronic identity cards or other eID solutions,

introduce a European eID or any kind of European database,

enable or require the sharing of personal information with other parties.

2.5

Services likely to see greatest positive impact of greater eID use include, online tax collection, education courses and other social services, eProcurement and eHealth.

2.6

Through the STORK projects, which have involved 17 Member States working on the development of interoperability systems, the Commission and EU Member States have proven that cross-border mutual recognition of eIdentification works.

2.7

The draft Regulation is the last of 12 key actions proposed in the Single Market Act (3), as well as one of the proposals flagged in the eGovernment Action Plan 2011-2015 (4), the EU's Roadmap to Stability and Growth (5), and the Digital Agenda for Europe (6).

3.   General comments

3.1

Creating a fully integrated digital single market is vitally important to the realisation of the Digital Agenda for Europe, the welfare of Europe's citizens and the success of EU businesses, especially the 21 million SMEs. Today 13 million citizens work in another EU country and 150 million shop online; however, only 20 % of EU shoppers online buy goods and services from another EU state. The creation of harmonised and interoperable pan-EU eID, eSignature and trust services (including website authentication, time stamping and electronic seals) is critical to advancing the digital single market.

3.2

It is essential to promote the development of e-procurement, to improve efficiency, transparency and competition. The current take-up of e-procurement is slow, with no more than 5 % of EU procurement procedures allowing for electronic processing.

3.3

It is regrettable that in the absence of a European eID card scheme, numerous and diverse national schemes have been developed. The EESC recognises that the policy now proposed by the Commission in this draft Regulation, to facilitate the creation of a fully integrated digital single market by 2015 (7), is directed towards the mutual legal recognition of the diverse national notified eID schemes and at creating a concrete technical interoperability of all notified schemes.

3.4

The Committee notes the evolutionary approach taken by the Commission in the creation of this Regulation, which builds on the eSignature Directive (8), to ensure that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available.

3.5

However, the Committee believes that the EU needs a standardised European eID scheme for all citizens and businesses and it regrets that the Regulation does not attempt to advance the development of a common European eID. Although the Regulation will require all Member States to accept all national eID schemes notified under the Regulation, it will permit countries to decide whether or not to notify their national schemes, and it also respects the preferences of those Member States without a national eID scheme.

3.6

Although the proposed Regulation respects national sovereignty and does not make it obligatory for all citizens in the EU to have an electronic identity (eID), the benefits of a universal European eID scheme should be considered. In time, those citizens without an eID will find themselves disadvantaged. To enjoy equality of opportunity, every citizen will need an eID that can be used across all borders in the EU.

3.7

The implementation of interoperability systems across the EU is critical to the successful delivery of seamless electronic transactions dependent on eID and the delivery of trust services, and much work still needs to be done to deliver a full European eID interoperability platform.

3.8

There should be a Europe-wide information programme to advise people about how to use eID, eSignature and trust services so that they are able to properly protect their online privacy and security. The awareness and information campaign should be implemented so as to communicate with citizens at different levels of information need and digital understanding.

3.9

Many people have privacy and security concerns when transacting business on digital services. These concerns are magnified when they do not understand the technologies being used to provide those services and this creates unnecessary fear and resistance. More effort needs to be made by public bodies and Member States to explain how personal privacy and security is protected when using notified eID and eSignature technologies. In this regard, the EESC notes that the proposed scheme on trust services has been designed so that no unnecessary data is revealed or exchanged and to avoid the centralisation of information.

3.10

The Committee has called on the Commission in previous Opinions to advance proposals for the implementation of an EU certification scheme, a European Trustmark, for businesses operating online. A European Trustmark would provide assurance that the business is fully compliant with European law and that a consumer's rights will be protected. Such a scheme would increase consumer confidence in online commerce.

3.11

The Committee is concerned that as Europe becomes more digitally connected, using eID and trust services, it is vital that all citizens have access to the technology and skills that enable them to benefit equally from the digital revolution. Digital inclusion is still a big issue for the EU where a quarter of the population has never used the Internet; age, gender and education remain the key challenges.

4.   Specific comments

4.1

While respecting the principle of subsidiarity, the EESC recommends that the Commission considers how an EU eID card for all citizens could be introduced. Perhaps this might be achieved by defining a standard set of parameters that could be included in any national eID scheme to confer EU eID status and by the introduction of a EU-authenticated eID for a specified set of services. Thus citizens might apply for a EU eID, on a voluntary basis, to use when no national scheme exists.

4.2

The Committee would like the Commission to consider introducing an EU eID by creating a basic scheme to provide a limited EU-authenticated eID for online eCommerce consumer transactions. Authentication of this European eID could be centrally managed by a EU-controlled authority that would provide consumers and merchants with the high degree of trust and security they require.

4.3

Because there are currently no well developed national eID schemes for businesses (legal persons) in any of the 27 Member States, the Committee recommends that the Commission seizes the opportunity now to promote the early introduction of a European eID scheme for legal persons. The design of such a scheme should of course respect the principles of subsidiarity and proportionality. By acting now, the EU would avoid the harmonisation problems caused by the myriad of diverse national eID schemes for citizens that have developed in the absence of a universal European eID card. Furthermore, the implementation of a European eID scheme for legal persons would create immediate commercial benefit for Europe's 21 million SMEs as they grow cross-border business.

4.4

The Committee notes that in 16 of the 42 Articles in the draft Regulation the power to adopt delegated acts (9) is conferred on the Commission. Whereas the EESC understands that delegated acts are required to facilitate the implementation of some technical aspects of the Regulation and provide the Commission with flexibility in this regard, the Committee is concerned about such extensive use of these powers. The EESC fears that the safeguards concerning the use of delegated acts (10) may not be adequate for ensuring that the Council and the European Parliament will have effective control of the Commission's exercise of these powers, which has consequences for the legal security and certainty of the mechanism.

Brussels, 18 September 2012.

The President of the European Economic and Social Committee

Staffan NILSSON


(1)  OJ C 97 of 28/4/2007, pp. 27-32

OJ C 228 of 22/9/2009, pp. 66-68

OJ C 44 of 11/2/2011, pp. 178-181

OJ C 54 of 19/2/2011, pp. 58-64

OJ C 318 of 29/10/2011, pp. 105-108

OJ C 229 of 31/7/2012, pp. 1-6

(2)  www.eid-stork.eu/.

(3)  COM(2011) 206 final.

(4)  COM(2010) 743 final.

(5)  COM(2011) 669 final.

(6)  COM(2010) 245 final.

(7)  EUCO 2/1/11 and EUCO 52/1/11.

(8)  Directive 1999/93/EC.

(9)  Article 290 of the Treaty on the Functioning of the European Union.

(10)  Safeguards as contained in Article 290 of the Lisbon Treaty and the Common Understanding of the European Parliament, the Council and the Commission on the functioning of Article 290 of the TFEU.


Top