Growing Usage of Electronic Signatures in Europe – The Regulatory Angle

Is Your E-Signature Solution A Sunk Cost?
August 26, 2021
Are Electronic Signatures Secure?
September 14, 2021
Show all

The COVID-19 pandemic has transformed the traditional way of doing business. Digital is the new way of life and when all business processes have gone digital, so can send documents and receive signatures. eIDAS (electronic Identification, Authentication, and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Union. eIDAS is a unified regulation in Europe for e-signatures but apart from that member countries within Europe also have their individual regulations covering e-signature usage. It was established in EU Regulation 910/2014 of 23 July 2014 and applies from 1 July 2016. eIDAS repeals and replaces the Electronic Signatures Directive 1999/93/EC. A Regulation (like eIDAS) could also be deemed to be a legal act of the EU.

This regulation provides detailed conditions and differentiation related to three different types of electronic signatures: simple, advanced, and qualified.

Types of E-signatures:

Basic or Simple Electronic Signatures

The basic e-signature is technology-neutral. Meaning, any electronic form or process is typically accepted because the resulting e-signature meets the following three basic requirements for signing.

  • Used by the person related to the signature
  • Used in a fashion that demonstrates the intent of the signer
  • Associated with the document or data the signer intended to sign

Advanced Electronic Signatures (AES)

An advanced electronic signature goes beyond the essential e-signature by tying authentication to the signature and thus the document. This drastically decreases risk in business transactions by providing additional evidence that can be used to verify the signature’s authenticity. It is harder to forge, and less evidence could even be required by the court to prove the intent and authenticity of the signature.

An advance electronic signature, in addition to complying with the requirements of an SES, must also require to be:

  • Associated with the person using the signature
  • Able to spot the signer
  • Created in a way that the signer is confident it’s under their sole control
  • Linked to the document, so any changes made afterward are identifiable

For their use of electronic signatures, most business establishments choose AES as their standard e-signature. By having mechanisms for built-in authentication assurance, it increases security without impacting the customer experience.

Qualified Electronic Signatures (QES)

Qualified Electronic Signatures are based on the eIDAS Regulation, but like many other laws worldwide, they need a certificate issued by an accredited organization. QES requires a private digital certificate additionally to all or any other standard requirements. The digital certificate is like an electronic identity credential issued to the signer and to be kept under their control. It is secure, personal, and unique.

A Qualified Electronic Signature must fulfill the requirements of the Basic Electronic Signatures and Advanced Electronic Signatures. Other than that they are also expected to fulfill some more requirements. They should be:

  • Created by employing a professional electronic creation or signature creation
  • Supported by qualified certificate (issued by knowledgeable trust service provider; an example would be itsme in Belgium)
  • Like an advanced e-signature, it is recognized as sort of a handwritten signature. Under Article 25 of eIDAS, this type of signature does not require any additional evidence by the court in case of dispute.

Usually, the organization initiating the signing process is required to authenticate the signer. But Qualified E-signatures reverse this burden of proof and the signer must provide the digital certificate before they can proceed to sign the document.

Admissibility and legal effect of electronic signatures under eIDAS

eIDAS ensures that each kind of electronic signature has legal validity and admissibility as evidence in EU courts and shall not be denied legal effect solely because of its electronic form.

The enforceability of a transaction concluded using electronic signatures will depend on a selection of things, including the type of signature used and thus the evidence embedded in it.

The eIDAS Regulation doesn’t dictate what kind of signature or when a signature is required. In their individual data laws, every EU member state must specify:

  • Use cases of documents that compulsorily require a traditional wet ink signature, and
  • use cases of documents that need a qualified electronic signature.

What kind of signature does one need to use under eIDAS?

The type of signature you need to use depends on the type of transaction and thus the extent of risk (e.g., authentication risk, legal risk, compliance risk, adoption risk, etc.) your organization is willing to require.

The COVID-19 pandemic has radically changed our lifestyles and how one conducts business. Most non-essential companies have established completely remote work setups. This “new normal” has concentrated more attention on electronic means of transactions. The “new normal” in the age of Covid-19 proceeds to facilitate the use of eSignatures.

Leave a Reply

Your email address will not be published. Required fields are marked *

Please solve this * Time limit is exhausted. Please reload the CAPTCHA.

By submitting this data, I acknowledge that I have read the Privacy Policy of Zycus and consent to the processing of my personal data in accordance with the terms of the Privacy Policy.