Swedish Companies Registration Office “Bolagsverket” finally takes an important step towards digital signatures
As public authorities continue their digital transformation, the Swedish Companies Registration Office “Bolagsverket” is no exception. Starting in October, Bolagsverket is set to offer all new qualified signature service. This long-awaited step allows any user to use eIDAS qualified signatures for all types of submissions. Unfortunately, the move also demonstrates how Bolagsverket has so far failed to provide citizens with the eIDAS services which they have the right to. Since 2016.
According to Bolagsverket sources, the first version is set to launch on www.bolagsverket.se October 15 2022. The brand new e-service will accept and handle most types of cases if, and only if, they are signed with a qualified signature.
This is a big step forward for Swedish digitalization, however it also comes with a continued lack of compliance with the eIDAS regulation and Swedish law. Bolagsverket require that any submission of documents signed with qualified signatures is preceded by an eID authentication.
In effect, requiring an eID to submit a qualified signature defeats the purpose of the qualified signature. Not accepting qualified signatures goes against eIDAS regulation. No public authority under eIDAS can force citizens to use an eID for generating and submitting a document signed with a qualified signature. Although the new service will provide much-needed remote access to more digital processes, full compliance with eIDAS has yet to be achieved.
Bolagsverket have been notoriously slow to accept qualified signatures. One major reason is the lack of technical understanding of how the trust services are setup, operated and validated among Bolagsverket’s senior policy makers.
Another major reason is that Bolagsverket are stuck in IT systems that are poorly adapted to the world of eIDAS trust services. Despite having validation tools such as the EU DSS tool, the customer facing administrators have access only to a screen shot of documents, which makes it impossible for them to access the validation properties contained in e.g. a pdf (PAdES). Add to that a lack of training among administrators, the majority of whom have no idea what a qualified signature is.
Although ZealiD sources in Bolagsverket claim that they will soon move to an “open” system for accepting qualified signature signed documents without eID authentication, Bolagsverkets actions is a good example of how public bodies in Sweden are failing to support businesses in digital processes that have been regulated by law.
Hopefully, many businesses and users will benefit to some extent from the elegant properties contained in the qualified trust world, despite Bolagsverkets long and continued history of failing to adapt to eIDAS.
Want to learn more?