Posted by media on September 5, 2017 at 9:00 AM
The European Union has long hedged its bets on the use of electronic signatures. Back in 1999 the EU Parliament had already approved its first directive to establish a common legal framework for eSignatures, and encouraged their use among the then 15 member states.
In August 2014 the EU Parliament adopted a new regulatory framework for electronic identification and trust services in the internal market, called the Regulation (EU) No 910/2014, which came into force on July 1 2016, repealing the previous directive.
In this post we explain the different categories of eSignatures according to the new Regulation (EU) No 910/20 regulation
This post is also available in Spanish.
The goal of the Regulation (EU) No 910/2014, known as eIDAS, is to create a climate of trust that makes it possible to strengthen e-commerce and other digital transactions within the EU.
In other words, the Regulation aims to remove all barriers between member states by providing standardized identification systems and valid electronic signatures for citizens, that allow operation to take place in greater security and flexibility with lower costs and at greater rates of efficiency.
Unlike the previous Directive, the eIDAS Regulation will be enforced in every EU member state, making a transposition of the law unnecessary and eliminating the previous Directive’s error of leaving each member state to interpret the document as they saw fit.
It was an unfortunate move that had greatly complicated the process of recognizing the validity of eSignatures in different European countries and judicial systems.
The new regulation maintains three types of electronic signatures established in the previous policy, and reiterates that electronic signatures are legally binding and admissible as valid evidence in any court of law.
As stated in Article 25.1: " An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.”
We review briefly how the three types of electronic signatures have been defined in the Regulation (EU) No 910/2014:
An advanced electronic signature shall meet the following requirements:
a) it is uniquely linked to the signatory;
b) it is capable of identifying the signatory;
c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
If someone responds to a signature request by attaching the original printed, signed and scanned document in an email, there is a logical association between the message’s source account (the email address) and the signature.
But there is also a wide margin of interpretation and no real evidence as to who the signer really was.
Therefore, this digital signature, commonly referred to as the simple eSignature, is the one that has the lowest level of security.
Although the security offered by simple electronic signature is very limited for both the signer and the person requesting the signature, its use has been widespread.
In fact, until the emergence of platforms such as Signaturit, emailing a scanned documents with a hand-made signature was by far the most affordable way of requesting and acquiring a signature remotely.
This type of electronic signature has a much higher level of security than the simple electronic signature: it ensures that the signer can only have been the individual to whom the signature was requested.
This characteristic significantly reduces the risk of false impersonation and identity theft.
The advanced electronic signature offered by Signaturit meets each of the following legal requirements:
How to sign a document online with Signaturit.
While this type of electronic signature offers an even higher level of security, its use is hampered by the need for a qualified digital certificate and a qualified electronic signature device, which in turn must meet a number of requirements as set out in the new EU Regulation.
For this reason, qualified electronic signatures are usually limited to official governmental procedures or ones carried out by financial entities or Social Security.
Its operational complexity does not make it recommendable for companies and/or individuals seeking signatures from individuals located remotely, especially if the signatories do not have the relevant certificate.
Companies seeking to use electronic signatures to streamline and confer an additional layer of security on all its signing processes must first consider where within their company’s hierarchy it is necessary to use such a tool, that is to say, locally or globally, departmentally or company-wide.
Once this is established, an internal survey should be carried out to determine which specific departments and work procedures require electronic signatures, the relationships between departments, which people are involved in each process, and what levels of security are most needed.
The results will help determine what type of electronic signature - whether simple, advanced or qualified - is the most appropriate option to give your company the best return on investment.
At Signaturit, we can help you find the best electronic signature solutions for your business. For any questions or comments, please contact us or call us directly on +34 93 551 14 80.
This post is also available in Spanish.
Regulation (EU) No 910/2014
* Source: World Wide Web Consortium (W3C).
Sign up for our Newsletter
Subscribe to our newsletter
Digitizing your company with Signaturit is very easy. Sign up for our newsletter and receive 1 email a month with tips, events and product updates.