• Contact Sales
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Man holding YubiKey
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • authentication
  • eidas
  • government
Google headquarters
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • authentication
  • eidas
  • government
Hand holding YubiKey behind Apple iPhone
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • authentication
  • eidas
  • government
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
Woman holding YubiKey 5ci
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • authentication
  • eidas
  • government
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • authentication
  • eidas
  • government
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Critical infrastructure
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
Hand holding YubiKey behind Apple iPhone
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • authentication
  • eidas
  • government
Lock on a laptop
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • authentication
  • eidas
  • government
Government building
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

Get the white paper
  • authentication
  • eidas
  • government
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Elections & campaigns
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
man working a manufacturing line
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • authentication
  • eidas
  • government
Person looking at a computer with a government building showing
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • authentication
  • eidas
  • government
Remote workers at a wind farm
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • authentication
  • eidas
  • government
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
Laptop with a YubiKey inserted
BeyondTrust: secured with a subscription

A leader in Privileged Access Management simplifies YubiKey deployment

How they optimized ROI
  • authentication
  • eidas
  • government
S&P Global Market Intelligence report: old habits die hard

Only 46% of respondents protect their applications with MFA. How about you?

Read the report
  • authentication
  • eidas
  • government
Considering Passkeys for your Enterprise?

Learn how to avoid the common pitfalls of synced passkeys

Get the Ebook
  • authentication
  • eidas
  • government
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
YubiKeys in lots of form factors
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services

Set up your YubiKey
  • authentication
  • eidas
  • government
YubiKey on a keychain plugged into a laptop
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs

Take the quiz
  • authentication
  • eidas
  • government
Worker with a calculator and laptop with a spreadsheet
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout

Professional Services
  • authentication
  • eidas
  • government
SubscribeStore
  • Home » Blog » Everything you need to know about the revised eIDAS regulation

    Everything you need to know about the revised eIDAS regulation

    Sebastian Elfors

    Sebastian Elfors

    August 11, 2021
    6 minute read
    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    In June 2021, the EU Commission announced its plans for a revised eIDAS regulation. eIDAS (electronic IDentification, Authentication and trust Services) is the EU regulation 910/2014 on electronic identification and trust services in the EU. It came into force in 2014, so the revision is a major update to eIDAS. The past two years the Commission has been working on preparations, public surveys, expert committees and legal enhancements.

    Yubico has taken an active role in the eIDAS revision and contributed to several expert surveys with comments and suggestions for enhancements, which have also been incorporated in the revised eIDAS legislation. The YubiKey is well positioned to play an important role in the emerging eIDAS ecosystem as in the case of the EU digital wallet for example, a YubiKey can be used to protect authentication credentials, which allow for portability and recovery of the EU digital wallet and its credentials. YubiKeys also supports WebAuthn solutions that cater to secure authentication for eIDAS remote signing services.

    Major findings in the EU Commission’s analysis of the existing eIDAS regulation

    National eID schemes have low adoption across borders.

    • The eID schemes can be approved on a national (domestic) level. Such national eID schemes can voluntarily be notified on the EU level, which allows for cross-border identification. Only 19 countries have notified their eID schemes on the EU level, however, so the notified eID schemes only cover around 59% of the EU population. In addition to this, the certification requirements differ between the EU member states, so the acceptance and interoperability of notified eIDs across the EU level is low. Therefore, the cross-border eIDs have a too narrow scope, the utilization is minimal, and the federation protocols do not scale. There are also privacy concerns. All electronic identities, which are typically digital certificates, contain a set of attributes about the holder. Citizens cannot limit what eID attributes they want to present for authentication, when it is sometimes only necessary to present a specific attribute (such as age). Domestic eID schemes are however a lot more successful. In particular, private actors that issue eIDs are processing billions of authentications and signatures per year in each country.

    Gaps still exist for Qualified Trust Service Providers to authenticate securely.

    • The existing EU eIDAS regulation and technical standards for operating Qualified Trust Service Providers are considered to function properly, although certain technical and legal gaps need to be closed. When the eIDAS regulation was written in 2014, however, there were no available standards for how to operate signing devices by a trust service provider in a secure environment. So the legal eIDAS framework did not stipulate how a user can authenticate securely to a signing service provider to gain sole control of the signature process.

    Need to Harmonize with the EU’s changing legal landscape.

    • The EU has issued a number of new IT oriented regulations since 2014: The EU Cybersecurity Act (EU 2019/881), the EU NIS directive (EU 2016/1148), and the EU single digital gateway regulation (EU 2018/1724). These EU regulations will be streamlined with a future revision of eIDAS.

    Incorporate the latest technical standards.

    • The technical landscape has also changed since 2014. The most obvious change in people’s life is the increased use of mobile devices. The COVID-19 pandemic has accelerated the digitalization of our society, which has resulted in increased needs of strong authentication solutions. Blockchain technologies have matured, been enhanced and are now widely deployed, also for other use cases than cryptocurrencies. Last but not least, several new authentication solutions have been developed, such as FIDO2, WebAuthn, and OpenID Connect. Yubico is having a leading role in the design of these protocols, which are now impacting the authentication solutions on a global scale.

    Major improvements to the revised eIDAS regulation

    Mandatory for EU member states to provide EU digital identity wallets.

    • The most significant improvement is the EU digital identity wallet, which will be made available to all EU citizens. The use cases for the EU digital identity wallets are for example electronic driving license, electronic passport, electronic national ID-card, identification to online services or digital agreement signing. It will be mandatory for each EU member state to provide EU digital identity wallets to all citizens free of charge, as opposed to the current situation when eID schemes are voluntary. Private actors will also be allowed to issue EU digital identity wallets, in contrast to the current state where national certification authorities are dominating the issuance of eIDs. Privacy for the citizens will be an important topic for the revised eIDAS regulation. It will be voluntary for the citizens to get an EU digital identity wallet, and the users also will be able to select what attributes (such as age) they want to present to a validator.

    The Common Toolbox will standardize the EU digital identity wallet.

    • The EU Commission will cooperate with the EU Member States to establish a common Toolbox by October 2022. This Toolbox should include the technical architecture, standards and guidelines for EU digital identity wallets. The technical standards of the EU digital identity wallet and the related Toolbox are not yet specified, although there are references in the eIDAS reports to a number of standards and initiatives. The W3C standards on Distributed Identity and Verifiable Credentials are mentioned as the potential technical foundation of the EU digital identity wallet. As regards to the EU’s blockchain infrastructure, the candidates are European Blockchain Services Infrastructure (EBSI), the European Blockchain Partnership (EBP) and European Self-Sovereign Identity Framework (ESSIF). The Europass Digital Credentials and the COVID-19 Credentials Initiative (CCI) may also be taken into account for the Toolbox.

    Improved remote signature services.

    • In order to ensure sole control of secure remote signing processes, the eIDAS regulation will be updated with references to the CEN standard that regulate the operation and authentication to remote Qualified Signature Creation Devices.

    Harmonization with other EU regulations.

    • The eIDAS trust service reporting requirements will be replaced with the rules and regulations in the EU NIS directive. Certification of EU digital identity wallets may also be harmonized with the proposed EUCC certification scheme in the EU Cybersecurity Act. Furthermore, the EU single digital gateway regulation will create a push for the EU Digital Identity Wallets to be rolled out at scale in 2023.

    The revised eIDAS regulation contains very ambitious enhancements, and caters for a greater rollout of electronic identities across the EU. The deadline for all EU member states to implement the new eIDAS regulation is June 2024.

    Yubico will remain in the frontline for inventing solutions and products that are compliant with the EU regulations, please contact us for a consultation on how eIDAS regulations may affect your organization. For more information on Yubico’s contributions to the eIDAS ecosystem, please read our blog post on the eIDAS revision process and how the YubiKey is deployed with eIDAS solutions. 

    Share this article:

    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    Recommended Posts

    • Q&A with CEO Mattias Danielsson: Yubico’s next stage of growth as a public company and what investors can expect

      Today marks an exciting, historic day in Yubico’s history: the company is now publicly traded under the ticker symbol YUBICO on Nasdaq First Growth North Market in Stockholm. As the cyber threat landscape continues to evolve rapidly through increasingly sophisticated attacks like phishing, the need for phishing-resistant MFA with the YubiKey are at an all-time […]

      Read more
      • Investors
      • Q&A
      • thought leadership
    • Five foundational cybersecurity controls to mitigate 90% of breaches

      During my 16 years in the cybersecurity industry, and after discussions with numerous CISOs and cyber security experts, they all agree that there are five easy steps all organizations can take to mitigate over 90% of all cyber breaches1.  Just like cars were not initially designed for safety, the internet was not designed for security. […]

      Read more
      • best practice guide
    • Okta + Yubico: Better together

      Modern cybersecurity needs to be phishing-resistant, but it also needs to incorporate a great user experience for employees, IT teams and customers. We know traditional authentication methods are perceived as user-friendly, but they are not secure and vulnerable to most attacks  – in fact, 59% of people still rely on username and password to authenticate […]

      Read more
      • Okta
      • Partner Program
    • Works with YubiKey Spotlight: How Yubico works with industry leaders who share the commitment to strong authentication

      As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]

      Read more
      • Works with YubiKey
      • wwyk
Yubico Text LogoYubico Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust