Motives for Regulating Private Electronic Identification Schemes through Amendments to the Electronic Identification Act

1. NEED FOR ELECTRONIC IDENTIFICATION

The successful implementation of state policy on e-government is inherently linked to the establishment of accessible electronic identification schemes. These schemes enable remote identity verification and authentication of both natural and legal persons, allowing them to access public services remotely.

At the same time, the introduction of electronic identification schemes enables cross-border access to public services as part of the unified policy of the European Union. In this regard, the European Parliament and the Council adopted Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation). One of its objectives is to remove barriers to the cross-border use of electronic identification means used in Member States, ensuring authentication at least for public services. The Regulation does not aim to interfere with national electronic identity management systems but ensures secure electronic identification and authentication when accessing cross-border online services.

Electronic identification is a key prerequisite not only for the development of public services but also for the private sector, given the digital transformation of businesses and the shift toward electronic service delivery.

Regulation (EU) No 910/2014 allows Member States to involve the private sector in providing electronic identification means (Recital 13).

Currently, Bulgaria has a regulatory framework for a state electronic identification scheme (Electronic Identification Act). However, the use of private electronic identification means is regulated in a fragmented manner. For example:

  • Qualified electronic signatures are used for identification under e-government regulations;
  • The Anti-Money Laundering Act allows identification via electronic documents and signatures;
  • Secondary legislation permits identification via notified schemes or qualified trust services under Regulation (EU) No 910/2014.

Given this, Bulgaria should establish a clear and consistent legal framework for the registration and use of private electronic identification schemes, aligned with AML rules, data protection, consumer protection, and the eIDAS Regulation.

2. PRINCIPLES

The development and use of private electronic identification schemes in Bulgaria should be based on the following principles:

  • Accelerated introduction of private eID schemes for access to e-government services;
  • Pluralism and equal treatment of state and private schemes;
  • High assurance levels for electronic identification;
  • A clear regulatory framework with transparent registration and independent oversight;
  • Notification to the European Commission for cross-border use under equal conditions;
  • Immediate integration with national e-government infrastructure (portal, authentication systems, national eID node);
  • Convenience and accessibility for users;
  • Fair competition to ensure lower costs and better services;
  • Technological neutrality in scheme registration.

3. NEED FOR LEGISLATIVE CHANGES

To implement these principles, amendments to the Electronic Identification Act are required.

Currently, the Act regulates only the state electronic identification scheme (to be developed by the Ministry of Interior). Private schemes should also be regulated within the same law due to its specialized scope.

3.1 Scope of Electronic Identification Schemes

The law should clearly define which schemes can be used in Bulgaria:

  • State electronic identification scheme;
  • Private electronic identification schemes;
  • Notified schemes under Regulation (EU) No 910/2014.

3.2 Eligible Providers

Private schemes should be created by qualified trust service providers under Regulation (EU) No 910/2014.
This is justified because:

  • Electronic identification is a critical public service;
  • These providers already meet strict security, organizational, and compliance standards;
  • They are regulated, audited, and insured;
  • Similar models are used in countries like Germany, Italy, and the UK.

3.3 Integration Requirements

Private eID solutions must integrate with:

  • The Unified e-Government Portal;
  • State administrative systems;
  • National and cross-border eID infrastructure.

3.4 Notification (eIDAS)

Clear rules must be established for notifying schemes under Article 9 of Regulation (EU) No 910/2014, including:

  • Registration as a trust service in the national trusted list;
  • Compliance with Articles 7–9 of the Regulation;
  • Meeting a “high” assurance level (even though “substantial” is allowed, a stricter standard is preferred for public services);
  • Independent conformity assessment audits at the provider’s expense.

Additionally:

  • Providers of private schemes should be allowed to maintain electronic authorization registers;
  • The Chair of the State e-Government Agency should act as the notifying authority;
  • Electronic identification should have the same legal effect as physical presence.

4. FINANCIAL IMPACT

The proposed amendments do not require additional public funding, as:

  • The State e-Government Agency and the Communications Regulation Commission will operate within their existing budgets and structures.

Why did BESCO create Leadership & Advocacy Academy?

Leadership & Advocacy Academy doesn’t only develop individual participants. For BESCO, it is a long-term investment in a stronger ecosystem - building capacity where it matters most: within the organizations, institutions, and communities that shape the public environment.