Understanding the legality of electronic signatures in the European Union.
Starting July 1, 2016, the prevailing EU directive on electronic signatures, termed the eSignatures Directive 1999/93/EC, was replaced by the new Regulation (EU) No. 910/2014 on electronic identification and trust services called the eIDAS regulation. It assures progress in online transactions for individuals, businesses, and public administrations in two areas: electronic identification services and trust services.
The eIDAS regulation was adopted to facilitate seamless digital transactions among individuals and businesses across countries within the European Union. The new regulation will go a long way in establishing a climate of trust when it comes to online and digital transactions in the EU.
The eIDAS Regulation defines three types of electronic signature – simple, advanced and qualified electronic signatures:
As defined by eIDAS, Simple electronic signature (or electronic signature) covers all the broad types of electronic signatures as data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. This is technology-neutral, which means any electronic form or technology is generally accepted. The resulting electronic signature should demonstrate the intent of the signer, be made by the person associated to the signature and should be indelibly associated to the document the signer intended to sign.
An Advanced electronic signature is a type of electronic signature which is required to meet certain specific requirements on signer identity, security and sanctity of the signed document. The requirements specified under eIDAS are
The final type of signature defined under eIDAS is the Qualified Electronic Signatures (QES). While both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are based on Qualified Certificates. Qualified Certificates can only be issued by a CA which has been accredited and supervised by authorities designated by the EU member states and meet the requirements of eIDAS. Qualified Certificates must also be stored on a qualified signature creation device such as a smart card, a USB token, or a cloud based trust service, we are not a TSP (Trusted Service Provider).
Article 25 of the eIDAS regulation reaffirms the legal admissibility of eSignatures as it says:
An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.
A qualified electronic signature will be considered the equivalent of a handwritten signature, but the Commission Decision of 16 October, 2009 (2009/767/EC) states that in order to simplify procedures, and facilitate cross-border use, “procedures by electronic means should rely on simple solutions, including as regards the use of electronic signatures.”
It goes on to specify in Article 1 that the Commission in no way prevents member states from accepting any type of electronic signatures—normal, advanced, or qualified. The eIDAS regulation backs this and seeks to create a streamlined market for digital transactions and e-commerce using national eID and electronic signatures.
SignEasy’s verified email for every user, 2FA with passcode and biometric authetication, audit trail & document verification to indicate tampering makes it an Advanced Electronic Signature provider. This covers a significant number of daily business transactions across industries.