man looking down on digital device

  • Reto Grubenmann, Director |

No trust, no economy: Why eIDAS / ZertES certification matters

Using eSignatures and eID – key building blocks of the digital market – reduces costs, improves efficiency, grows revenue and prevents fraud. Thanks to the EU’s eIDAS regulation, the private sector has had a solid regulatory environment to develop and expand the use of electronic signatures and transactions in the EU. What are the benefits of certification?

In today’s digital economy, the level of security and trust around sharing identity data as well as the user’s experience are key differentiators. As customers are increasingly using mobile devices to access applications, consume content and digital services, conveniently integrating high-security identification, authentication and electronic signature services is fundamental to doing business.

On 1 July 2016, the European Directive (EN) Nr. 910/2014 Electronic identification and trust services for electronic transactions in the internal market (eIDAS) took effect to establish a consistent legal framework and single market for the recognition of electronic signatures and identities across all EU member states. This provided the private sector with a predictable regulatory environment in which to develop and expand the use of electronic signatures and transactions in the EU.

Why certify your trust services?

Widely accepted as a global standard – legally on par with traditional handwritten signatures – electronic signatures are an essential tool for improving process efficiency and developing new business channels by automating processes.

Certification in compliance eIDAS and the new European Regulation ETSI EN 319.403 brings the following additional benefits:

  • Identity fraud protection: Authentication and signature methods provide high levels of security.
  • Market growth: Within the eID sphere, many different standards exist at both the Swiss and European levels. Certified bodies have access to and participate on equal terms with the common market. Whilst these are essentially different standards, there is mutual recognition in the certification approach and management.
  • Brand enhancement strategy: Contributes to brand enhancement via a customizable component in the user’s mobile device used to authenticate and sign with their mobile ID.
  • The process of authenticating or verifying the identity of the signer occurs prior to electronic signing. For instance, accessing the documents to be signed or bank account information requires that first the signer proves their identity with a password, an OTP (On Time Password) or a qualified electronic certificate. The signature solution itself can provide a set of authentication methods or federation mechanisms for the recognition of third parties and other identities.

How is the financial sector affected?

Several regulations and recommendations affect electronic banking services. Financial entities are obligated to compile reliable information on their international clients’ identities (know your customer, KYC), especially during the online processes for opening accounts and transferring funds. This requires setting up registration processes as well as using trusted information sources that allow identity verification.

Once known, the client’s identity must be strongly authenticated in all online electronic processes using multiple security factors that jointly provide a high level of assurance.

Until recently, banks treated the user’s financial information as if it were their exclusive property. Now, new regulations require banks to consider this information as belonging to the account holders who, as data owners, have the right to give online access to this information to third-party entities. All of this must take place while respecting the customer’s privacy, protecting their data and guaranteeing that the account holder has given their consent for the disclosure of their data to a third-party, either physically or online.

Compliance as competitive edge

The social, mobile, analytics and cloud technologies are driving and giving form to the digital economy. The impact of these forces is felt across all sectors. Users go where the value is (applications) and application developers go where users are – creating a self-perpetuating system with infinite growth potential. From this perspective, concentrations of existing bank users are potential hubs for application communities to subsequently create new value.

Today’s tech-savvy customers demand convenience as well as security and trust around their identity data. Companies that best respond to those demands by offering user-friendly, high-end identity protection, authentication and eSignature services have a competitive advantage, particularly as the use of mobile devices increases.

For example, in the case of banks, differentiation may exist in the ability to offer basic services to third-party clients such as Internet service providers and social networks: Setting up streamlined onboarding processes, registering the user with data given via social networks and applying more appropriate identification methods when the user wants to perform sensitive financial operations.



eIDAS Certification (PDF)

KPMG’s Certification Compliance and Methodology (PDF)


Our services and further information