Search This Blog

Wednesday, 5 August 2020

Brexit-proofing... eIDAS Certificates

The European Banking Authority has just reminded firms to get ready for the end of cross-border activity between the EU and UK. Among other things, for Open Banking this means:
account information service providers (AISPs) and payment initiation service providers (PISPs) registered/authorised in the UK will no longer be entitled to access customers’ payment accounts held at the EU payment service providers and their PSD2 eIDAS certificates under Article 34 of the Commission Delegated Regulation (EU) 2018/389 [the eIDAS Regulation] will be revoked.”
However, as explained by the UK's Information Commissioner, a version of the eIDAS Regulation will take effect in UK law after 1 January 2020 (by virtue of the snappily titled Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019/89). 

This means UK law will continue to recognise EU registered qualified trust service providers, with the intention that UK-based organisations can continue to use EU-based trust services as well as UK-based trust providers. The approved trust providers that appear in the eIDAS trusted list for the UK immediately before the end of the transition period will remain on the list for the new UK scheme after transition ends. But the certificates issued under the UK scheme - or by EU service providers to UK-based firms - will not be recognised in the EU (or EEA).

Of course, it's a practical/commercial issue as to whether EU-based trust service providers will continue issuing certificates to UK firms after Brexit transtion ends…