The Cybersecurity Act: a complement to eIDAS

The Cybersecurity Act: a complement to eIDAS

The eIDAS Regulation is the first European regulation that addresses cybersecurity topics from a solution angle. It lays down the conditions for the development of two key solutions, electronic identification (eID) and Trust Services (TS), for the benefit of the Digital Single Market. eIDAS provides legal certainty for the European market and establishes concrete cybersecurity measures for national electronic identification schemes, electronic signatures, electronic seals, time stamping, electronic delivery service and website authentication.

Nowadays, an ever-increasing number of trust solutions are being developed. They all answer different needs depending on the intended use. It is of utmost importance to certify the means of identification and authentication at the adequate security level to increase online trust. However, such diversity creates a risk of market fragmentation as no common European certification scheme applies.

Eurosmart calls on the European Commission to complement the eIDAS Regulation with common cybersecurity certification schemes (high, substantial, basic) as established by the Cybersecurity Act. Such an alignment between the eIDAS Regulation and the Cybersecurity Act would solve the issue of fragmentation, hence simplifying certification for companies.

Eurosmart explains below how the Cybersecurity Act is a useful complement to the eIDAS Regulation when it comes to certification.