Legislative amendments on strong electronic identification enter into force
The Act on Strong Electronic Identification and Electronic Signatures will be amended. The aim is to increase the supply of secure and reliable electronic services.
The Government proposed on 28 March 2019 that the amendments to the Act be adopted. The President of the Republic is expected to approve the bill on 29 March 2019.
The amendments will promote the spread of electronic identification and the development of secure and reliable electronic services. The amendments are also aimed at ensuring a reasonable level of pricing between identification service providers, which, in turn, will enable more extensive use of electronic identification in e-services.
The strong electronic identification adds to the reliability and security of electronic transactions. The aim is to provide the consumers with inexpensive and secure services. The amendments concern the providers of identification services and will not have direct impacts on electronic transaction for example in e-commerce. The amendments will not directly affect the prices of consumer services.
Amendments promote market development
The identification market is evolving and the interest in providing the services is constantly growing.
The legislative amendments will ensure that the pricing between the service providers will not be an obstacle in developing the services based on strong identification.
In future, the operation and the contractual obligations of the trust network for providers of strong electronic identification services will be clearer.
This is based on the Government Programme’s objective of creating a growth environment for digital business operations. The project is part of the Government's key project related to digitalisation, experimentation and deregulation.
Identification service providers form a trust network
Strong identification ensures that online services are used securely and with the correct party. The Act on Strong Electronic Identification and Electronic Signatures specifies the requirements for information security and other aspects that strong identification must meet.
The National Cyber Security Centre of the Transport and Communications Agency of Finland supervises the compliance with the requirements, issues regulations specifying the Act and maintains a public register of identification service providers that meet the requirements.
The identification service provider automatically joins the trust network once it has notified the Transport and Communications Agency that it has started operating. The notification must be made in order to receive the status of strong electronic identification.
It is possible to provide identification services without the notification to the authorities, too. In that case, however, the service will not be given the status of a strong electronic identification service.
The trust network comprises of providers of identification devices, including banks and telecom operators and providers of intermediation services. The intermediation service provider will bring together different identification services and their clientele. The idea is that a web service using strong identification only needs to make one contract with one intermediation service provider. Earlier a contract had to be made with each identification service provider separately. The operation of the trust network is based on the Act and was started on 1 May 2017.
The amendments will enter into force on 1 April 2019. They include a transition period during which the contracts of the network must be changed to meet the new requirements.
The Transport and Communications Agency will continue to supervise the compliance with the Act and will annually assess the maximum price level regulation of the trust network.
Jenni Rantio, Senior Government Adviser, tel. + 358 050,524 2326