eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU.
The goal of the eIDAS regulation, which started in 2016, is to facilitate the flow of commerce in the EU through transparency, security, technical neutrality, cooperation, and interoperability. In pursuit of these values, eIDAS:
The eIDAS regulation defines three types of electronic signatures: (Basic) Electronic Signature, Advanced Electronic Signature, and Qualified Electronic Signature. According to eIDAS, an electronic signature is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and is used by the signatory to sign”.
A basic electronic signature can be any kind of signature made in an electronic and digital environment, where the signatory has manifested their intent (e.g. by clicking a button or checking a box) to become bound by the contents of the document signed.
According to eIDAS, an advanced electronic signature shall meet the following requirements:
These elements of unique identity, sole control, and integrity of the signed document can be achieved through different means regardless of what technology is used. It should be noted that identification for signing purposes may or may not be “electronic” to reach the advanced electronic signature level. A recognized eID assures secure authentication of the signatory’s identity in the online environment.
According to eIDAS, “‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and is based on a qualified certificate for electronic signatures.” The use of Qualified Electronic Signatures includes an extra layer of assurance and trust that results in a special legal effect that shall be recognized by courts in the EU.