Response to consultation on draft Guidelines on the use of remote customer onboarding solutions
Go back
- The draft guidelines oppose, on the one hand, qualified trust service providers and providers of a digital identity regulated, recognised, approved or accepted by the relevant national authorities and, on the other hand, other digital identity issuers. The draft guidelines do not address the use of digital identities issued by electronic identification means providers notified and recognized at the European level as per Article 6 of the eIDAS Regulation. This should in our view be corrected. Given the very high standards to which those are subject (see Article 7 of the eIDAS Regulation), the use of digital identities issued by electronic identification means providers recognized under Article 6 of the eIDAS Regulation and providing a level of assurance substantial or high should be subject to a very limited set of verifications. At the very least, they should be assimilated to the use of qualified trust service providers.
- It should be made clear that, when using a relevant qualified trust service or a digital identity regulated, recognised, approved or accepted by the relevant national authorities, the entities of the financial sector are not required to verify all elements that have been audited as part of the certification as qualified trust service provider or the recognition as digital identity ‘regulated, recognised, approved or accepted by the relevant national authorities’.
Otherwise, entities of the financial sector will be required to perform checks that, in our view, are not necessary and that represent important costs and efforts.
6. Do you have any comments on the Guideline 4.5 ‘Digital Identities’? If you do not agree, please set out why you do not agree and if possible, provide evidence of the adverse impact provisions in this section would have.
We believe that, with regard to the use of digital identities, the draft Guidelines should be amended as follows:- The draft guidelines oppose, on the one hand, qualified trust service providers and providers of a digital identity regulated, recognised, approved or accepted by the relevant national authorities and, on the other hand, other digital identity issuers. The draft guidelines do not address the use of digital identities issued by electronic identification means providers notified and recognized at the European level as per Article 6 of the eIDAS Regulation. This should in our view be corrected. Given the very high standards to which those are subject (see Article 7 of the eIDAS Regulation), the use of digital identities issued by electronic identification means providers recognized under Article 6 of the eIDAS Regulation and providing a level of assurance substantial or high should be subject to a very limited set of verifications. At the very least, they should be assimilated to the use of qualified trust service providers.
- It should be made clear that, when using a relevant qualified trust service or a digital identity regulated, recognised, approved or accepted by the relevant national authorities, the entities of the financial sector are not required to verify all elements that have been audited as part of the certification as qualified trust service provider or the recognition as digital identity ‘regulated, recognised, approved or accepted by the relevant national authorities’.
Otherwise, entities of the financial sector will be required to perform checks that, in our view, are not necessary and that represent important costs and efforts.