IDCUKI Dominic Trott

Dominic Trott                                    
Research Manager, European Security
Read full bio  @DominicTrott

Friday the 1st of July 2016 sees the EU’s eIDAS regulation come into force. In broad strokes, eIDAS has two ambitions: 

  1. To make electronic transactions more convenient through the application of common standards across all EU member states, providing for the first time a single, consistent legal framework for electronic trust services (eTS).
  2. To boost confidence in digital transactions through more stringent security requirements for trust service providers, such as liability for damage caused ‘intentionally or negligently’ due to failure to comply with eIDAS.

eIDAS regulation IDC UKI IDC has sized the Western European trust services market, and has created a forecast for the 2014-2018 period. During this period, the eTS market is expected to enjoy a period of growth (CAGR of 5.1%) that will surpass the overall IT services market (CAGR of 2.8%) in percentage terms. The eIDAS regulation is seen as a spur that will intensifying the level of growth for eTS market.

An important element of eIDAS that is expected to drive growth for the eTS market is the support for advanced electronic signatures. This is a development beyond so-called qualified eSignatures, which require a certification embedded in hardware such as a token or USB stick. By contrast, advanced eSignatures can be handled through software, allowing them to be embedded on mobile phones for users, and generated by trust service providers (TSPs) in the cloud.

To demonstrate this point, one needs only to look at the authentication market. While RSA’s SecurID tokens were once ubiquitous, the inconvenience of having to carry a loose token around was one of the reasons why their popularity waned. However, there is an opportunity for vendors to differentiate themselves in the eTS by embedding advanced eSignature certificates within mobile phones through software-driven solutions, as demonstrated by Spain’s Firmaprofesional and Lithuania’s BITĖ.

Given the recent political developments in the UK, and seeing as I am a London-based analyst, it is important to consider the geo-political forces influencing eIDAS. The regulation becomes enforceable from Friday the 1st of July, and at this time the UK remains a member state of the EU. It is also important to note that, while the regulation is only just becoming enforceable now, it was launched in 2014, giving a two-year run-in period. Many UK organisations will have already taken steps to take advantage of the opportunity, albeit the most impact to date will have fallen on eTS vendors in ensuring that they are compliant.

Nonetheless, with the EU remaining Britain’s largest trading partner, IDC expects that it will be in British companies’ interests to comply with eIDAS regardless the situation around the UK’s EU membership. Adhering to the common standards enacted through eIDAS will make electronic transactions more convenient for British businesses and individuals seeking to interact with their peers in Europe.

If you want to learn more about EU’s eIDAS regulation or any other Security research for the upcoming future, please contact Dominic Trott. You can also find more insights about the current Brexit and tech situation from IDC’s Three scenarios for how Brexit will impact Information Technology spending in Europe.

In addition to this press release and posts, we now have a  35-page report on the impact of Brexit on UK as well as European IT spend available: The Brexit Impact on IT Spend in the U.K. and Western Europe: A Scenario Analysis. The report outlines the scenarios in more detail, the associated assumptions as well as the expected impact across hardware, software and services for each of the scenarios. If interested, please contact Sara Fernandez for more information.