New EU Regulation Affects Banks & Opens New Business Opportunities to Companies Outside the Financial Sector
Banking and finance are traditionally highly regulated industries. Apart from national regulations, European legislation comes into play as well. Institutions and businesses often view the strict financial rules as limiting — but new regulations often open up brand new business opportunities and outline innovative business scenarios.
This is particularly true for the upcoming years of 2024-2026. This article is written in 2024, when big changes resonate through the financial sector — and are likely to have some major impact on its functioning. All changes have a common denominator — the EU.
eIDAS2 Opens Up New Business Opportunities for Electronic Services
The most significant changes are brought about by the amendment to EU Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market — so-called eIDAS2 (often referred to as eIDAS 2.0). The European Parliament approved and forwarded the proposal to national parliaments on 2 March 2024, so the legislative process isn’t over yet — but it’s already clear that the regulation will fundamentally affect the lives of all users and providers of digital services in the EU. In many ways.
The aim of eIDAS2 is to promote the development of electronic services in all Member States — especially when it comes to electronic identification and authentication. In addition, eIDAS2 also focuses on so-called qualified services. These cover e.g. electronic certificates, seals, and signatures. According to eIDAS2, these services will be used for various agendas in all states of the EU (on condition that all the necessary technical, procedural, and regulatory standards are met).
This means eIDAS2 creates business opportunities for companies in the financial sector:
- Development, deployment, and management of electronic identification and authentication solutions — with all likelihood, no digital system will be able to do without this type of solution in the future. Regardless of whether it manages data on employees, citizens, business partners, clients, and patients.
- Development, deployment, and management of systems and solutions for building the infrastructure for qualified services — such as public key certificates (PKI = Public Key Infrastructure), seals, signatures, and other certificates and accelerators for web and mobile application development.
eIDAS2 Sets the Basic Framework for the European Digital Identity Wallet (EUDIW)
eIDAS2 defines the basic framework for the creation and operation of a European mobile digital identity that should be valid in all Member States without exceptions. The European Digital Wallet will be:
- 100% secured,
- 100% reliable,
- 100% transferable — i.e. a digital identity issued in one Member State will be valid in any other EU state.
From a user perspective, European Wallet will operate as a mobile app that allows all EU citizens to securely and conveniently use and manage their digital identity (and other important documents). It will start a true revolution in document digitisation. European Wallet will include:
- digital ID — electronic versions of ID cards and driving licences (eID),
- digital diplomas & certificates (e.g. professional qualification),
- payment solutions,
- and the plan is to add other documents and services later on (such as medical prescriptions).
Users of the EUDIW wallet will also be able to create and use qualified electronic signatures and seals that will be accepted in all Member States. EU citizens will sign documents electronically, seal their declarations and attributes without requiring higher verification, an additional administrative procedure, or verification payment.
Sure enough, EUDIW and eIDAS2 regulation can be viewed as a business constraint, piling on more regulation to an already very regulated market. But with a simple switch of one’s perspective, it quickly becomes a business opportunity. Particularly for tech companies and other entities that will react to the regulation, adapt quickly to the new situation and turn the legislative restrictions into benefits for their clients and customers. Because we’re sure that users will see the European Wallet as a benefit.
In this context, it’s worth adding that while national digital IDs in Member States (such as the Czech Bank ID) can be used by a few (dozens) million people, the European wallet opens up a market of 440 million customers for tech companies who use this business opportunity to jump on the bandwagon.
“At MONET+, we expect all the eIDAS2 talk to increase the demand for e-services solutions. Identity federation in particular — which is transferring identities from one provider to another. EUDIW has a massive potential to become the preferred method for onboarding clients online, as it will be used on all digital channels where authenticated client data is required — that is currently a problem that each EU country addresses differently. Especially when it comes to AML (Anti-Money Laundering) requirements and measures that require the highest level of verification,” explains Václav Mladěnka, Head of Financial Services Business Unit at MONET+.
| The Right Time to Deal with eIDAS2 & EUDIW
For 2024 and 2025, we expect eIDAS2 and EUDIW to be a hot topic at government and legislative level. It will likely become a key issue for banks and other service providers in about two years. That said, if you start working on incorporating the new rules now, you can’t really go wrong. |
Qualified Electronic Signatures for EU Citizens (Remote Sign)
Another product that we will have to pay attention to in the near future, thanks to EU legislation. Václav Mladěnka of MONET+ says:
“We’ve been working on solutions for electronic signatures for a long time. We see it as a key accelerator for the development of digital services, especially when it comes to signing contracts, eGovernment, and also healthcare and other agendas in the future. Feedback from the market shows that Remote Sign is an interesting topic across segments, not just in finance. Our customers are particularly invested in scenarios that closely link electronic identification and authentication processes. MONET+ solutions improve the user experience and thus increase the overall satisfaction with the service. This is very noticeable in banking applications as it reflects on the popularity of the service and the bank itself.“
PSD3 Directive Sets Authentication Rules for Clients Without a Smartphone
Another regulation in the world of financial services stems from the EU Payment Services Directive (PSD) — namely PSD2 and the forthcoming PDS3. Thanks to PSD2, most of us got used to verifying banking transactions in online banking via a smartphone.
The new PSD3 sets rules for clients who don’t own a smartphone (or refuse to use it for some reason) but use internet banking. PSD3 sets out rules for securing authentication and authorisation processes for these clients — they will now need to be authenticated and get their transactions authorised by modern secure methods. This applies to both financial transactions (a wire transfer) and non-financial transactions (e.g. signing a contract).
PSD3 thus opens opportunities for tech companies — e.g. offering hardware solutions for these specific smartphone-less customers. Which could be similar to solutions that are currently used to authenticate banking transactions in companies.
NIS2 Guidelines for Enhanced Security in Cyberspace
The Network Information Security (NIS) Directive addresses cybersecurity within organisations at the EU level. The NIS regulation is proving insufficient with the rapid digital transformation we’re experiencing at the moment. Its amendment — NIS2 — is the EU’s direct response to increasingly frequent and sophisticated cyber attacks on individuals and key infrastructure of any state. NIS2 introduces more effective regulation in order to increase the level of cyber resilience in Europe. Its goal is also to unify the approach to cyber security across EU Member States.
“The NIS2 regulation broadens the range of entities subjected to cybersecurity requirements. And it also changes the established terminology. The original NIS Directive covered only operators of so-called basic and digital services. NIS2 now sets two levels of cyber security standards — for basic and important services. In addition to the existing providers, the newly defined “basic” group includes services such as mail and courier, food production, and also distribution and digital services,” describes Petr Ciprys, Business Development Manager at MONET+.
To sum up, the new European regulations undoubtedly bring about new business opportunities. There are plenty of respected and highly qualified companies in the market from both the technology and regulatory fields. Regulations such as PSD2, GDPR, NIS, or the upcoming eIDAS2, NIS2, DORA, and PSD3 are increasing the demand for appropriate solutions and creating business opportunities for technology companies.
About MONET+
Since 1996, Monet+ has been developing technologies that create a trusted digital world. Besides Digital ID, we deliver solutions for electronic payments, enterprise ID, smart cities and eGovernment. Our team of digital experts has 25+ years of experience under their belt. With making robust, highly secure, and ready-to-use solutions.
We are the Czech market leader in digital identity and electronic payments transactions. We are focusing on development of software solutions used by banks, technology providers, corporations as well as governments and public sector institutions. For many years we have been a main partner in the delivery of uncompromising security and usability.
