eIDAS: 10 FAQs on Regulation (EU) 910/2014

Posted by media on March 15, 2018 at 9:00 AM

eIDAS_EU_Regulation_910_2014.png

If you do business in Europe, the Regulation (EU) No. 910/2014, best known as the eIDAS Regulation, is good news for you.

This regulation simplifies and standardises the systems for electronic interactions all over Europe to help create a “unique digital market”. Ever since it came into force in 2016, it is much easier for any citizen, company or public authority to carry out secure digital transactions in any of the member states of the European Union.

In this post, we answer the 10 most Frequently Asked Questions about this regulation so that you can understand all the advantages it offers.

This post is also available in Spanish.

 

    Table of contents

       - eIDAS: know your keys

    1. What governs the eIDAS Regulation?

    2. What is an electronic trust service

    3. Who are trust service providers?

    4. What is the supervisory body?

    5. What is a qualified trust service?

    6. What is an electronic signature?

    7. How many types of electronic signature are there?

    8. What is an electronic seal and how many types are there?

    9. What is a qualified electronic signature/ seal creation device?

   10. What trust services do we provide at Signaturit?

 

eIDAS: know your keys

1. What governs the eIDAS Regulation?

This is a unique and standardised regulation that applies to all Member States of the European Union and, as we mentioned above, it provides a legal framework for electronic identification and trust services.

The application of eIDAS means that any European organisation can completely digitise their business processes. 

What_govern_th_eIDAS_Regulation.jpeg

 

2. What is an electronic trust service?


An electronic trust service is an electronic service normally provided for remuneration which consists of:
  • the creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or
  • the creation, verification and validation of certificates for website authentication; or
  • the preservation of electronic signatures, seals or certificates related to those services.

 

3. Who are trust service providers?

Pursuant to Art. 3 of the eIDAS Regulation, a trust service provider is “a natural or legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider”.

So, as clearly established in the Regulation, trust service providers (TSP) can be divided into qualified and non-qualified service providers.

To be a qualified provider, one must provide qualified trust services and must be granted the qualified status by a supervisory body.


4. What is the supervisory body?

This is the body responsible for the task of supervising the qualified trust service providers established in the territory of the Member State and to take action, if necessary, in relation to non-qualified trust service providers established in the territory of the Member State. 

 

5. What is a qualified trust service?

Qualified trust service providers are those who verify one’s identity when sending a digital certificate to a natural or legal person. Trust service providers can verify identity directly, or by way of third parties, in accordance with National law. 


Article 24.1 eIDAS Regulation

Requirements for qualified trust service providers

1.   When issuing a qualified certificate for a trust service, a qualified trust service provider shall verify, by appropriate means and in accordance with national law, the identity and, if applicable, any specific attributes of the natural or legal person to whom the qualified certificate is issued.


6. What is an electronic signature?

An electronic signature is a legal concept which is equivalent to a handwritten signature. Its purpose is to attest to the signer’s will.

An electronic signature is defined as data in electronic form which is attached to or logically associated with other data in electronic form.

 What_is_an_electronic_signature.png

 

7. How many types of electronic signature are there?

There are three types of electronic signature which mainly differ in their different levels of security, their ability (or lack thereof) to guarantee the integrity of the documents they sign and their ability (or lack thereof) to identify the signer.

Electronic signature: this is the simplest electronic signature, which is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”.

Advanced electronic signature: an electronic signature which meets the requirements set out in Article 26:

 1. it is uniquely linked to the signatory;
 2. it is capable of identifying the signatory;
 3. it is created using electronic signature creation data that the signatory can, with a high level   of confidence, use under his sole control; and
 4. it is linked to the data signed therewith in such a way that any subsequent change in the   data   is detectable”.

Basically, an advanced electronic signature has a greater level of security than the regular electronic signature and it ensures the verification of the identity and the integrity of the data signed. It is also admissible legal evidence as proof in court.

Qualified electronic signature: is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. This tends to be limited to processes carried out with public administrations, such as the Treasury or Social Security

8. What is an electronic seal and how many types are there?

The Regulation defines three types of electronic seal: ‘electronic seal’, data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity.


  • ‘advanced electronic seal’ means an electronic seal, which meets the following requirements:
    • it is uniquely linked to the creator of the seal;
    • it is capable of identifying the creator of the seal;
    • It is created using electronic seal creation data that the creator of the seal can, with a high level of confidence under its control, use for electronic seal creation; and
    • it is linked to the data to which it relates in such a way that any subsequent change in the data is detectable.
  • ‘qualified electronic seal’ means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal.

9. What is a qualified electronic signature/ seal creation device?

A qualified electronic signature creation device that meets the requirements listed in Annex II of the (EU) Regulation 910/2014. Similarly, an electronic seal creation device is that which meets, mutatis mutandis, the requirements laid down in Annex II of the (EU) Regulation 910/2014.

The European Commission will establish, publish and maintain a list of qualified electronic signature/seal creation devices with the information provided by the different Member States.

10. What trust services do we provide at Signaturit?

Signaturit provides electronic signature solutions, electronic registered delivery and electronic identification services, all of which comply with the eIDAS Regulation.

This is why we are recognised as a Trusted Service Provider by the aforementioned supervisory body, and as a Trusted Third Party under the Spanish Law on Information Society Services (LSSI - Ley 34/2002, de 11 de julio de Servicios de la Sociedad de Información y Comercio Electrónico).

 

 servicios_confianza_Signaturit.png

 

If you need more information on this eIDAS Regulation or if you would like some advice regarding our different trusted services, do not hesitate to get in touch with us.

You can send us an email to info@signaturit.com, call us o 93 551 14 80 or fill in this form. If you prefer, you can opt for a trial of our services by registering with Signaturit for free for 14 days.

This post is also available in Spanish.


download-whitepaper-eSignatures-legality

 

Topics: Legality

Blog Subscription

Recent Posts