The practical side of electronic signing is unquestionable. Everything is digital, we want everything to be within our reach and to spend time on what matters to us. But what about the legal side of the story? What depends on its validity and how is the system of use legally regulated?
The answer is not unambiguous. The legal level to be met is determined by two factors:
- in which state the e-signature is realized,
- which business process should be digitized by e-signature.
What does the EU legislative framework regulate? What is eIDAS?
As of 1 July 2017, all EU Member States are obliged to apply the eIDAS provisions to the Regulation of the European Parliament and of the Council no. 910/2014 on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market.
eIDAS (electronic Identification and Trust Services) by the Regulation seeks to ensure:
- trust in electronic transactions by providing a common foundation for secure electronic interaction between citizens, companies and public authorities,
- easier and safer transactions,
- mutual recognition of electronic identification.
Levels of legality of electronic signature according to eIDAS
E-signature is defined as “electronic data that is attached or logically linked to other electronic data and which signatory uses for signing” (eIDAS Article 3). Therefore, your signature in email can also be an electronic signature. So, when we talk about its legal value, we differentiate 3 levels.
1. Simple electronic signature
Simple Electronic Signature (SES) – is any signature in digital form (such as the signature in the email) and can be seen as a “placebo” because it has no legal value. In order to have it, it is necessary to take into account the integrity of the document as well as the audit trails of the process steps.
2. Advanced electronic signature
Advanced Electronic Signature (AdES) – is considered “provable” because this signature can identify the signatory. It is unique for the one and under the exclusive control of the signatory and enclosed in the document so that it becomes invalid if the content changes.
The most commonly used biometric and HTML5 signature (with user identification using some of the authentication methods).
3. Qualified electronic signature
Qualified Electronic Signature (QES) – is an advanced electronic signature that is made with the help of qualified means for electronic signatures design and is based on a qualified electronic signature certificate. It is equivalent to a handwritten signature and has the characteristic of “non-refusal”. Simply put, a qualified e-signature increases the level of security of what advanced electronic signature means.
Which type of electronic signature to choose?
E-signatures are as safe as are the secure business processes and technology used to create them.
For important transactions or those with high value is required a higher quality electronic signature that is more reliably linked to the owner, in order to secure the required level of security and create trust in the basic system. This is why at least the AES level of e-signature is recommended.
Qualified Electronic Signatures (QESs) are required when some country’s local laws for a particular transaction require a written legal form. The advantage of QES is that such signatures have the characteristic of “non-rejection”. On the other hand, it is more complicated to achieve what they require:
- issuing a personal qualified signature certificate,
- Certified Identity Checks by the CA (Certificate Authority) organization issuing a qualified electronic certificate) when issuing the certificate to the holder (signatory),
- must be created, stored and used with a qualified signature-creation device.
However, eIDAS has simplified the QES process by allowing the use of a “remote signature” in which Qualified Trust Service Providers (QTSPs) manage the e-signature environment on behalf of signatory. This means that users do not have to manage a system for creating qualified electronic signatures in their environment. Instead, users can use the service of creating qualified electronic certificates or the use of qualified electronic certificates for the creation of qualified electronic signatures, so that the services are performed in a controlled environment of the trust provider (ie, QTSP), when necessary during the business process. Furthermore, it is important to note that the eIDAS Regulation stipulates that a trust provider, certified to provide a particular service (or services) in any EU country, can provide the same service in all EU Member States.
Improve user experience and speed up business processes
The use of an electronic signature depends on the specifics of your business and the process you want to digitize. Still, it is most often used for e-signatures:
- In branch office,
- on the field,
- on your own devices (mobile phones, web interfaces, etc.)
- for internal needs.
Electronic signature in branch offices
It runs on devices you choose according to your own criteria. Such devices are most often customized to browse the entire document and to simply put a signature by the client/user.
Except for putting up a signature, devices are also used to display marketing messages in the form of static or moving images as well as video clips. In such a situation, the possibility of verifying signatures in real-time is often used. The function is relatively easy to implement due to the fact that the device is in a closed ICT system and does not use the public parts of the data transfer network.
Electronic signing on the field
It runs out of protected and controlled areas, so the choice of devices and their functionality is mostly adapted to portability and ease of handling. Different tablets based on Android OS or iPad devices are most often used. In addition, portable “laptop” devices with the addition of signature pads or brand new “Tablet PC” devices with touch screen are in use. One of the most important characteristics in this situation is the possibility of communicating the devices with the central system.
Electronic signatures on your own devices
The latest application of electronic signing takes place on web-enabled devices located at clients at a remote location. The document is displayed and signed to the URL that the client receives from the document creator. This reduces the need for the presence of a sales representative at the client’s location, which significantly reduces the costs and time needed to conclude the sale.
Electronic signature for internal needs
Except for creating a better user experience, e-signing has a significant application in office business. Single Sign On authentication system and PKI (Public Key Infrastructure) integration enhances system security and speeds up your processes as well as Batch Signing documents for approval processes.