Electronic signatures prove that a document has not been manipulated and originates from you. They are also essential for securing your signature internationally.
Every day, we are sending or receiving a vast number of documents. Most of them do not require any special validation while circulating in business or governmental circles. But some, like certificates or certain contracts, must be designed in a way that even a court would find them to have legal weight and value. To provide this level of trust, it must be guaranteed that:
- the content of the document has not been altered (integrity)
- the person signing the document is really who he or she claims to be (authenticity).
Electronic signatures are today‘s version of a handwritten signature from the paper age. There are several electronic trust services for which an EU regulation has laid out Europe-wide rules: eIDAS covers three types of e-signatures, which represent different levels of legal heft: simple, advanced and qualified electronic signatures. It also stipulates EU-wide recognition, although they also impact businesses from other countries like the USA - more on this later.
Simple: basic coverage
For the majority of documents, we generally only need a simple electronic signature. So a typed name and/or the bitmap image of a handwritten name under an email and even under many contracts is often sufficient. No special form is prescribed by law for such documents and there is only a small risk that their legal validity will be questioned. With DocuWare, you can set a simple electronic signature, for example with a stamp.
Advanced: medium coverage
In dispute situations, the signatory of a document or the creator of the signature must be able to be identified. For this type of document, you will need an advanced electronic signature. This is used, for example, for commercial contracts in the B2B area. The eIDAS prescribes certain rules for this. For example, the signature creator can be identified by using an electronic signature certificate. The advanced signature offers a medium level of evidential/legal value.
|Electronic or Digital?|
|The two higher levels of the electronic signature - advanced and qualified - are also considered digital signatures because they use a digital encryption process. This involves encrypting a checksum of the document content and attaching it to the document. Advanced e-signatures can be accepted by other EU members, whereas qualified ones must be accepted throughout the EU. However, each member country regulates for itself whether a transaction requires a digital signature and what level it must correspond to.|
Qualified: legally binding
For certain documents, for example, a country’s legislation might require a handwritten signature, as is the case with employment contracts. In these cases, a qualified electronic signature is used, which is equivalent to a handwritten signature in court (with some exceptions) and has the highest legal value. The eIDAS regulation also puts the strictest demands on them. A qualified e-signature requires a special certificate, whereby the public key is clearly linked to the verified identity of the signature creator. In addition, a qualified e-signature must be created by a special qualified signature hardware and be based on a qualified certificate for electronic signatures.
Qualified e-signature certificates are provided by Trust Service Providers (TSP), which have been granted qualified status by a national authority after being officially approved. They are listed here: EU List of eIDAS Trusted Lists (LOTL).
|Advanced vs. Qualified|
|According to eIDAS, a qualified e-signature is an advanced electronic signature, but in addition was "created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures." The signature creation device, i.e. the hardware, can be directly under the control of the signature creator (e.g., smart card and card reader) or under the control of a qualified trusted service provider (VDA).|
Adding qualified e-signatures automatically in a workflow – by remote signature
In the past, companies were only able to create qualified electronic signatures if the hardware for this – the signature creation device – was under their control, i.e. using a smart card or card reader. eIDAS now allows the signature creation device to be located at a qualified TSP, which stores and applies the certificate and keys for the signature creator. These providers provide a secure signing platform via the Internet where companies, authorities or private individuals can then sign their documents.
This is particularly practical for document types that are integrated into a company's routine processes. The DocuWare Signature Service lets you automatically apply a qualified electronic signature to your documents as an integral part of a workflow.
|Five Facts on eIDAS|
What does eIDAS mean? The abbreviation for this regulation stands for "Electronic IDentification, Authentication and Trust Services" for electronic transactions in the European single market.
What’s it all about? eIDAS provides uniform guidelines to make electronic transactions more secure and trustworthy and also easier. It regulates trust services, i.e. electronic services for creating, checking and validating electronic signatures, seals and certificates.
How important is it? A European Union (EU) regulation is basically a type of European law. Legally speaking, EU regulations are above the national legislations of EU member states. So each EU member state must therefore adapt its laws to the content of these regulations. In Germany, for example, eIDAS was implemented as part of the Confidence Services Act, among other areas.
Since when? The eIDAS regulation was enacted in 2014 with a transitional phase and has been applied since 2016.
Where does eIDAS apply and who must comply with it? The eIDAS is not only valid in the EU, but also across the entire European Economic Area (EEA), which also includes Norway, Iceland and Liechtenstein. However, non-European companies doing business with EU companies should also take eIDAS into account. For example, many US companies have branches or customers in the EU and must therefore also comply with the eIDAS requirements. Every country in the world has its national regulations. In the United States, for example, there are the UETA (Uniform Electronic Transactions Act) and ESIGN (Electronic Signatures in Global and National Commerce Act) laws that govern the legal recognition of electronic signatures within the US. In addition, various industries have their own rules for the recognition of trust services.
Learn more about DocuWare Signature Service.