Growing Usage of Electronic Signatures in Europe – The Regulatory Angle4 min read

Electronic Signature EU Regulation

The COVID-19 pandemic has transformed the traditional way of doing business. Digital is the new way of life and when all business processes have gone digital, so can send documents and receive signatures. eIDAS (electronic Identification, authentication, and trust services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Union.

eIDAS is a unified electronic signature EU regulation but apart from that member countries within Europe also have their individual regulations covering e-signature usage. It was established in EU Regulation 910/2014 of 23 July 2014 and applies from 1 July 2016. eIDAS repeals and replaces the Electronic Signatures Directive 1999/93/EC. A Regulation (like eIDAS) could also be deemed to be a legal act of the EU.

This regulation provides detailed conditions and differentiation related to three different types of electronic signatures: simple, advanced, and qualified.

Electronic Signature EU Regulation

Types of E-signatures:

Basic or Simple Electronic Signatures

The basic or simple electronic signature is technology-neutral. Meaning, any electronic form or process is typically accepted because the resulting e-signature meets the following three basic requirements for signing.

  • Used by the person related to the signature
  • Used in a fashion that demonstrates the intent of the signer
  • Associated with the document or data the signer intended to sign

Advanced Electronic Signatures (AES)

An advanced electronic signature goes beyond the essential e-signature by tying authentication to the signature and thus the document. This drastically decreases risk in business transactions by providing additional evidence that can be used to verify the signature’s authenticity. It is harder to forge, and less evidence could even be required by the court to prove the intent and authenticity of the signature.

An advance electronic signature, in addition to complying with the requirements of an SES, must also require to be:

  • Associated with the person using the signature
  • Able to spot the signer
  • Created in a way that the signer is confident it’s under their sole control
  • Linked to the document, so any changes made afterward are identifiable

For their use of electronic signatures, most business establishments choose AES as their standard e-signature. By having mechanisms for built-in authentication assurance, it increases security without impacting the customer experience.

Qualified Electronic Signatures (QES)

Qualified Electronic Signatures are based on the eIDAS Regulation, but like many other laws worldwide, they need a certificate issued by an accredited organization. QES requires a private digital certificate additionally to all or any other standard requirements. The digital certificate is like an electronic identity credential issued to the signer and to be kept under their control. It is secure, personal, and unique.

A Qualified Electronic Signature must fulfill the requirements of the Basic Electronic Signatures and Advanced Electronic Signatures. Other than that they are also expected to fulfill some more requirements. They should be:

  • Created by employing a professional electronic creation or signature creation
  • Supported by qualified certificate (issued by knowledgeable trust service provider; an example would be itsme in Belgium)
  • Like an advanced e-signature, it is recognized as sort of a handwritten signature. Under Article 25 of eIDAS, this type of signature does not require any additional evidence by the court in case of dispute.

Usually, the organization initiating the signing process is required to authenticate the signer. But Qualified E-signatures reverse this burden of proof and the signer must provide the digital certificate before they can proceed to sign the document.

Understand the Differences : Digital Signatures Vs Electronic Signatures

 Electronic Signature EU Regulations under eIDAS- Admissibility and legal effect

eIDAS controls electronic signature in order to ensures that each kind of electronic signature has legal validity and admissibility as evidence in EU courts and shall not be denied legal effect solely because of its electronic form.

The enforceability of a transaction concluded using electronic signatures will depend on a selection of things, including the type of signature used and thus the evidence embedded in it.

The eIDAS Regulation doesn’t dictate what kind of signature or when a signature is required. In their individual data laws, every EU member state must specify:

  • Use cases of documents that compulsorily require a traditional wet ink signature, and
  • use cases of documents that need a qualified electronic signature.

What kind of signature does one need to use under eIDAS?

The type of signature you need to use depends on the type of transaction and thus the extent of risk (e.g., authentication risk, legal risk, compliance risk, adoption risk, etc.) your organization is willing to require.

The COVID-19 pandemic has radically changed our lifestyles and how one conducts business. Most non-essential companies have established completely remote work setups. This “new normal” has concentrated more attention on electronic means of transactions. The “new normal” in the age of Covid-19 proceeds to facilitate the use of eSignatures .

Book a demo today and discover how electronic signatures can accelerate your business process, improve efficiency & productivity.

Recommended Reads:

Recommended Resources

Certinal - IDC

Slash your Enterprise eSign & Web Form Costs by 50%!

Certinal's Enterprise-Grade Security & Compliance