eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU.
Electronic Identification, Authentication and Trust Services (eIDAS)
The goal of the eIDAS regulation, which started in 2014, is to facilitate the flow of commerce in the EU through transparency, security, technical neutrality, cooperation, and interoperability. In pursuit of these values, eIDAS:
- Standardizes the use of electronic identification (eID)
- Defines a new class of “electronic trust services” (eTS)
- Clarifies and ensures the legal validity of electronic signatures
- Creates a European internal market within the EU for electronic trust services
Different levels of electronic signatures
The eIDAS regulation defines three types of electronic signatures: (Basic) Electronic Signature, Advanced Electronic Signature, and Qualified Electronic Signature. According to eIDAS, an electronic signature is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and is used by the signatory to sign”.
Basic electronic signature
A basic electronic signature can be any kind of signature made in an electronic and digital environment, where the signatory has manifested their intent (e.g. by clicking a button or checking a box) to become bound by the contents of the document signed.
GetAccepts standard "click to sign" solution is considered a very strong Basic electronic signature and sufficient for most business agreements.
Advanced electronic signature (AdES)
According to eIDAS, an advanced electronic signature shall meet the following requirements:
- uniquely linked to and capable of identifying the signatory;
- created in a way that allows the signatory to retain control;
- linked to the document in a way that any subsequent change of the data is detectable.
These elements of unique identity, control, and integrity of the signed document can be achieved through different means. A recognized eID assures secure authentication of the signatory’s identity in the online environment.
GetAccept has multiple ways of creating a Advanced Electronic Signature, for instance with the use of a eID or MFA solution.
Qualified electronic signature (QES)
According to eIDAS, “‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and is based on a qualified certificate for electronic signatures.” The use of Qualified Electronic Signatures includes an extra layer of assurance and trust that results in a special legal effect that shall be recognized by courts in the EU.
From a legal perspective QES should in EU be equivalent to a "wet ink" signature and the burden of proof in a court is on the challenger.
GetAccept has thru an external partnership the possibility to offer QES seamlessly integrated into the signing workflow in most European countries. It should be noted that QES add a extra level of security but also complexity and cost to the signature flow.
Please contact us for more detailed information on QES.