For the digital economy to run smoothly, trust and security need to be built in at every level. Trustworthy digital identities are one example of a tool that offers both security and convenience for those operating in the digital world.
There is a separate set of digital tools, known collectively as 'trust services’, which can help. Trust services sit under a piece of UK law called the eIDAS Regulations and they make electronic transactions faster, simpler, and more secure. In this blogpost, we talk about what OfDIA is doing with regard to trust services.
What are trust services?
There are several trust services covered by the UK eIDAS Regulation including:
- Electronic signature: identifies a signatory and links them securely to a signed electronic document like a flat-rental agreement. eIDAS-compliant or ‘qualified’ signatures are admissible in court and are often cited as the gold standard of electronic trust services.
- Electronic seal: validates the origin and integrity of an electronic document like an invoice, where its creator is a legal person. Electronic seals are valued by business users as they ensure certainty of an electronic document’s origin and integrity when they pass between corporate parties.
- Electronic time stamp: data in electronic form which binds other data in electronic form to a particular time, establishing evidence that the latter data existed at that time and hasn’t changed since.
- Electronic registered delivery service: a service to allow for and evidence (including proof of sending and receiving) the transmission of data between third parties by electronic means, to protect data against the risk of loss, theft, damage or any unauthorised alterations (like a kind of secure online proof of posting or recorded delivery service).
- Certificate for website authentication: data used to authenticate a website by linking the website to the natural or legal person to whom the certificate is issued.
“Qualified trust services” are the most reliable form of trust service which meets specific requirements set out in the Regulation. These services ensure a higher degree of security and stricter methods of authentication and validation which can only be offered by qualified trust service providers. They also have greater legal reliability and benefit from the presumption of integrity and the accuracy of their data.
Changes Under the Data (Use and Access) Bill
To ensure the UK trust services legal framework continues to function effectively into the future, the Data (Use and Access) bill is seeking to make some adjustments to the eIDAS Regulation. The main changes are outlined below:
- Recognition of EU Conformity Assessment Reports: Amendments in the Data (Use and Access) bill will enable the recognition of conformity assessment reports from EU-based bodies. This change ensures that EU qualified trust service providers can operate under the UK regime without facing disproportionate entry barriers and is designed to stimulate the UK market in qualified trust services.
- Unilateral Recognition of EU Trust Services: The legislation will put in place a process to end the UK's unilateral recognition of EU qualified trust services if such recognition is no longer in the national interest. This could happen if the UK and EU pursue mutual recognition of trust services or if their standards and requirements diverge significantly, though for the present the Government continues to recognise the benefit of the current arrangement to protect UK businesses who rely on EU trust service products
- Recognition of Non-EU Trust Service Products: The legislation will provide a mechanism for the mutual recognition of trust service products from countries outside the EU. This supports the government's aim of enabling UK businesses to thrive in the global digital economy by easing cross-border transactions.
- International Cooperation: Amendments will enable the Information Commissioner to share information and cooperate with overseas supervisory bodies on trust services enforcement issues. This international cooperation is crucial for addressing the global nature of digital transactions and ensuring effective oversight and international regulatory cooperation.
- Enhanced Enforcement and Investigatory Powers: The Information Commissioner's enforcement and investigatory powers will be updated. These powers relate to issuing information and interview notices, requiring technical reports, and imposing penalty notices for breaches. The changes ensure consistency in the exercise of these powers across trust services and data protection enforcement regimes.
How can trust services help build trust in the digital economy?
eIDAS-compliant or qualified trust services provide legal certainty and a high level of technical security which can help support the growing demand for secure and trusted electronic transactions by smoothing frictions, reducing costs and increasing confidence
Here at OfDIA we are exploring how the wider take up of UK qualified trust services across the economy might complement the evolving UK digital identity ecosystem. For example, HM Land Registry is already looking at how qualified electronic signatures, along with digital identity and machine-readable data can enable secure and convenient digital land and property transactions.
Sign up to email alerts to receive an update whenever we publish a new blog post.
Leave a comment