The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

At a glance

  • The eIDAS Regulation is an EU Regulation that sets out rules for electronic identification and trust services.
  • These services help verify the identity of individuals and businesses online or the authenticity of electronic documents.
  • The ICO is the supervisory body for UK trust service providers. We can carry out audits, grant qualified’ status, and take enforcement action.

In brief

What does ‘eIDAS’ mean?

‘eIDAS’ is shorthand for ‘electronic identification and trust services’. It refers to a range of services that help verify the identity of individuals and businesses online or the authenticity of electronic documents.

Read the key definitions section of this guide for more detail on specific types of trust services.

What is the eIDAS Regulation?

The eIDAS Regulation is Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market. It came into effect on 1 July 2016. As a European Regulation, it has direct effect in UK law and automatically applies in the UK.

There are also some specific provisions on its effect, supervision and enforcement in the UK set out in the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (the UK eIDAS Regulations).

The UK eIDAS Regulations were amended by the Data Protection Act 2018  to reflect changes in the Commissioner's investigative powers. 

The Regulation aims to enhance trust in electronic transactions between businesses, citizens and public authorities by providing a common legal framework for the cross-border recognition of electronic ID and consistent rules on trust services across the EU.

For more information on the eIDAS Regulation and relevant binding implementing decisions adopted by the European Commission, visit the Commission webpages on trust services and eID.

The European Union Agency for Network and Information Security (ENISA) also provides expert advice and recommendations on the implementation of the eIDAS Regulation.

What does it cover?

Chapter II of the Regulation provides a framework which will allow European citizens to use electronic ID to access online public services in other EU member states by September 2018. The UK’s national electronic identification scheme is Verify, and responsibility for this part of eIDAS lies with the Government Digital Service (GDS)

Chapter III of the Regulation sets out requirements for trust services. It also sets out what trust service providers need to do in order to gain qualified status, which entitles them to be listed on a trusted list and to use an EU trust mark.

This guide focuses on the trust service provisions in Chapter III of the eIDAS Regulation.

What is the ICO’s role?

The ICO is the UK supervisory body for the trust service provisions of the eIDAS Regulation. We can grant and revoke qualified status for trust service providers established in the UK, report on security breaches, carry out audits and take enforcement action.

We also cooperate with supervisory bodies in other EU member states, and submit annual reports to the European Commission and to ENISA.