If you do business in Europe, the Regulation (EU) No. 910/2014, best known as the eIDAS Regulation, is good news for you.
This regulation simplifies and standardises the systems for electronic interactions all over Europe to help create a “unique digital market”. Ever since it came into force in 2016, it is much easier for any citizen, company or public authority to carry out secure digital transactions in any of the member states of the European Union.
In this post, we answer the 10 most Frequently Asked Questions about this regulation so that you can understand all the advantages it offers.
This post is also available in Spanish.
Table of contents
1. What governs the eIDAS Regulation?
This is a unique and standardised regulation that applies to all Member States of the European Union and, as we mentioned above, it provides a legal framework for electronic identification and trust services.
The application of eIDAS means that any European organisation can completely digitise their business processes.
An electronic trust service is an electronic service normally provided for remuneration which consists of:
- the creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or
- the creation, verification and validation of certificates for website authentication; or
- the preservation of electronic signatures, seals or certificates related to those services.
Pursuant to Art. 3 of the eIDAS Regulation, a trust service provider is “a natural or legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider”.
So, as clearly established in the Regulation, trust service providers (TSP) can be divided into qualified and non-qualified service providers.
To be a qualified provider, one must provide qualified trust services and must be granted the qualified status by a supervisory body.
This is the body responsible for the task of supervising the qualified trust service providers established in the territory of the Member State and to take action, if necessary, in relation to non-qualified trust service providers established in the territory of the Member State.
Qualified trust service providers are those who verify one’s identity when sending a digital certificate to a natural or legal person. Trust service providers can verify identity directly, or by way of third parties, in accordance with National law.
Article 24.1 eIDAS Regulation
Requirements for qualified trust service providers
1. When issuing a qualified certificate for a trust service, a qualified trust service provider shall verify, by appropriate means and in accordance with national law, the identity and, if applicable, any specific attributes of the natural or legal person to whom the qualified certificate is issued.
An electronic signature is a legal concept which is equivalent to a handwritten signature. Its purpose is to attest to the signer’s will.
An electronic signature is defined as data in electronic form which is attached to or logically associated with other data in electronic form.
There are three types of electronic signature which mainly differ in their different levels of security, their ability (or lack thereof) to guarantee the integrity of the documents they sign and their ability (or lack thereof) to identify the signer.
Electronic signature: this is the simplest electronic signature, which is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”.
Advanced electronic signature: an electronic signature which meets the requirements set out in Article 26:
1. it is uniquely linked to the signatory;
2. it is capable of identifying the signatory;
3. it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
4. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable”.
Basically, an advanced electronic signature has a greater level of security than the regular electronic signature and it ensures the verification of the identity and the integrity of the data signed. It is also admissible legal evidence as proof in court.
Qualified electronic signature: is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. This tends to be limited to processes carried out with public administrations, such as the Treasury or Social Security
The Regulation defines three types of electronic seal: ‘electronic seal’, data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity.
- ‘advanced electronic seal’ means an electronic seal, which meets the following requirements:
- it is uniquely linked to the creator of the seal;
- it is capable of identifying the creator of the seal;
- It is created using electronic seal creation data that the creator of the seal can, with a high level of confidence under its control, use for electronic seal creation; and
- it is linked to the data to which it relates in such a way that any subsequent change in the data is detectable.
- ‘qualified electronic seal’ means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal.
A qualified electronic signature creation device that meets the requirements listed in Annex II of the (EU) Regulation 910/2014. Similarly, an electronic seal creation device is that which meets, mutatis mutandis, the requirements laid down in Annex II of the (EU) Regulation 910/2014.
The European Commission will establish, publish and maintain a list of qualified electronic signature/seal creation devices with the information provided by the different Member States.
Signaturit provides electronic signature solutions, electronic registered delivery and electronic identification services, all of which comply with the eIDAS Regulation.
This is why we are recognised as a Trusted Service Provider by the aforementioned supervisory body, and as a Trusted Third Party under the Spanish Law on Information Society Services (LSSI - Ley 34/2002, de 11 de julio de Servicios de la Sociedad de Información y Comercio Electrónico).
If you need more information on this eIDAS Regulation or if you would like some advice regarding our different trusted services, do not hesitate to get in touch with us.
You can send us an email to firstname.lastname@example.org, call us o 93 551 14 80 or fill in this form. If you prefer, you can opt for a trial of our services by registering with Signaturit for free for 14 days.
This post is also available in Spanish.