“eIDAS: Key Against Identity Theft”

“eIDAS: Key Against Identity Theft”

The eIDAS Regulation establishes a crucial framework for electronic identification (eID) within the European Union, defining three levels of assurance: low, substantial, and high. These levels are essential for evaluating the degree of trust in a user’s electronic identity, based on the robustness of the identity verification process and effective risk management of fraud or errors. This section delves into how each level can help prevent fraud in a business environment, providing practical examples of its application.

Low Level of Assurance

The low level offers a limited degree of trust and is typically suitable for services that require minimal trust in the user’s identity and where the risk and consequences of identity fraud are low. An application example could be access to online forums or news services where identity verification is not critical. However, it’s important to recognize that basic authentication methods, such as a username and password, are susceptible to being compromised. To mitigate these risks, even in low-level services, companies can implement additional measures like personalized security questions or unusual access notifications, thus enhancing security without significantly raising the level of assurance.

Substantial Level of Assurance

The substantial level is tailored to services with moderate risk and requires more rigorous identity verification procedures. A practical example would be access to online banking services, where fraud could have moderate financial consequences. The implementation of two-factor authentication (2FA) is crucial at this level. For instance, a bank might require users to enter a password and then confirm their identity via a code sent to their mobile phone. This practice significantly hinders fraudulent actors’ ability to access protected accounts, as they would need both the knowledge of the password and access to the user’s physical device.

High Level of Assurance

The high level is indispensable for services that handle highly sensitive information or conduct transactions with a significant risk of fraud. A use case would be access to electronic medical records, where exposure of information could have severe consequences for patient privacy. To reach this level, in-person identity verifications and the presentation of official identity documents with advanced security features may be required. Biometric authentication, such as facial recognition or fingerprints, provides an exceptionally high security measure, minimizing the possibility of identity theft.

Fraud Prevention in the Business Environment

Properly implementing eIDAS assurance levels in a business environment can be an effective strategy to prevent fraud. For example, an e-commerce company can apply the substantial level of assurance for purchase transactions, requiring 2FA to validate the user’s identity before conducting any financial operation. This reduces the risk of fraudulent transactions, protecting both the user and the company.

Another example would be a company managing sensitive contracts and legal documents online. Adopting the high level of assurance and requiring biometric authentication for access and document signing ensures a high degree of trust in the user’s identity, reducing the risk of fraud and increasing the legal validity of electronically signed documents.


The adoption of assurance levels defined by eIDAS allows companies to effectively balance accessibility and security, protecting users and the organizations themselves against identity fraud and other cyberattacks. By carefully selecting the appropriate level of assurance for each service, based on risk analysis, companies can implement proportionately suitable security measures, thus ensuring data protection and trust in electronic transactions. This strategy not only enhances security but also promotes greater trust and adoption of electronic services by users, contributing to the success and sustainability of business operations in the digital age.