At a glance
- The ICO upholds information rights in the public interest.
- We aim to help you comply with the law and promote good practice by offering advice and guidance.
- We can take action if you breach the eIDAS Regulation, including the power to impose fines of £1,000.
There are a number of tools available to the ICO for taking action to enforce eIDAS, set out in the UK eIDAS Regulations. They include non-criminal enforcement and audit. The Information Commissioner also has the power to serve a monetary penalty notice imposing a fine of £1,000.
These powers are not mutually exclusive. We will use them in combination where justified by the circumstances. We can:
- conduct an audit to check you are complying with your obligations as a trust service provider, and make recommendations;
- serve an Enforcement Notice order if there has been a breach, requiring an organisation to take specified steps to comply with the law;
- issue a Monetary Penalty Notice requiring you to pay £1,000;
- prosecute you if you fail to comply with an Enforcement Notice (except in Scotland, where the Procurator Fiscal brings prosecutions); and
- report to Parliament on issues of concern.
If you fail to comply with an ICO enforcement notice, assessment notice (for a compulsory audit) or information notice (requiring you to provide us with information for our investigation) we also have the power to impose more substantial fines of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher.