At a glance
- The ICO upholds information rights in the public interest.
- We aim to help you comply with the law and promote good practice by offering advice and guidance.
- We can take action if you breach the eIDAS Regulation, including the power to impose fines of £1,000.
There are a number of tools available to the ICO for taking action to enforce eIDAS, set out in the UK eIDAS Regulations. They include non-criminal enforcement and audit. The Information Commissioner also has the power to serve a monetary penalty notice imposing a fine of £1,000.
These powers are not mutually exclusive. We will use them in combination where justified by the circumstances. We can:
- conduct an audit to check you are complying with your obligations as a trust service provider, and make recommendations;
- serve an Enforcement Notice order if there has been a breach, requiring an organisation to take specified steps to comply with the law. Failure to comply is a criminal offence;
- issue a Monetary Penalty Notice requiring you to pay £1,000;
- prosecute you if you fail to comply with an Enforcement Notice (except in Scotland, where the Procurator Fiscal brings prosecutions); and
- report to Parliament on issues of concern.
For more information, see our regulatory action policy.