eIDAS is the European Regulation for the electronic identification and trust services for electronic transactions. The new Regulation on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market (referred to as the eIDAS - electronic IDentification and Authentication Services) was published as Regulation (EU) No 910/2014 on 28 August 2014. Most of its provisions took effect July 1, 2016, and repeals the existing eSignatures Directive.
Because it is a regulation and not merely a directive (as was predecessor eSignatures), eIDAS is not open to interpretation and represents European Union law. eIDAS was developed to ensure the ability to safely conduct electronic transactions online when dealing with businesses or public services, allowing both the signatory and the recipient a higher level of convenience and security.
Interoperability of government issued ID: this section of the eIDAS mandates EU Member States to mutually recognize each other’s electronic identification (eID) systems when accessing online services. This cross-border recognition makes eID from any EU Member State interoperable between all other Member States. Although this is a mandate for the public sector, the private sector will follow suit if it indeed proves to make business transactions easier, faster and cheaper and truly opens up business opportunities across borders.
Single Digital Market: While the eSignatures directive guaranteed the admissibility of electronic signatures, eIDAS will go a step further in defining and providing requirements associated with Trust Services to ensure the security of electronic transactions. With eIDAS, Electronic Trust Services (eTS), including electronic signatures, electronic seals, time stamps, electronic registered delivery service and website authentication, will work across borders and will have the same legal status as paper-based processes. The goal here is to increase confidence in the safety and reliability of digital transactions, which will lead to growing adoption and usage.
eIDAS recognizes electronic signatures as legally binding and identifies different levels of electronic signature.
Common Criteria is an international set of guidelines and specifications for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. Common Criteria (CC) certification is a pre-requisite for qualified digital signatures under the eIDAS Regulation.
Le RGPD est peut-être la norme de confidentialité des données la plus complète à ce jour. Elle concerne toute organisation qui traite les données personnelles des citoyens de l'UE - quel que soit le lieu du siège de l'organisation.
Toute organisation qui joue un rôle dans le traitement des paiements par carte de crédit et de débit doit se conformer aux exigences strictes de conformité PCI DSS pour le traitement, le stockage et la transmission des données de compte.
Partout dans le monde, des nouvelles exigences en matière de notification des brèches de données ont vu le jour suite à la perte d'informations personnelles. Elles varient selon les juridictions mais comprennent presque toutes une clause de "safe harbour".