eIDAS regulation compliance

eIDAS

(Electronic Identification, Authentication and Trust Services)

PleaseSign is compliant with the eIDAS Regulation (EU 910/2014) and is the solution to collect electronic signatures from anywhere and on any device.

The purpose of eIDAS is to enable digital and secure electronic transactions across the European Union. The regulation applies to individuals, small and medium-sized enterprises (SMEs), large enterprises, governmental organisations and non-profit organisations.

eIDAS was established in EU Regulation 910/2014 of 23 July 2014 on electronic identification (applied as of 1 July 2016) and repealed the Electronic Signatures Directive 1999/93/EC from 13 December 1999. Essentially, eIDAS clarified that electronic signatures are legal in the European Union.

eIDAS describes three types of electronic signature (SES, AES, QES) which differ in levels of identity verification.

Standard Electronic Signature (SES)

The regulation defines a basic electronic signature as ‘’data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign’’. Simply put, any electronic form of signature that can be applied to a transaction by the signer to demonstrate their approval. Essentially, this could be a scanned signature, a digital stamp or a PleaseSign signature.

Advanced Electronic Signature (AES)

An advanced electronic signature is described in the regulation as follows:

  1. ‘’it is uniquely linked to the signatory’’
  2. ‘’it is capable of identifying the signatory’’
  3. “it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control’’
  4. ‘’it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.’’

Essentially, an advanced electronic signature provides a high level of identification of the person signing the document, a high level of security and can detect if the data has been tampered with before being signed. PleaseSign more than meets these requirements.

Qualified Electronic Signature (QES)

A qualified electronic signature is described in the regulation as ‘’an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures’’. Essentially, a qualified electronic signature meets the same requirements as an advanced electronic signature but is also backed by a qualified certificate. These certificates can only be issued by a trust service provider which is on a national eIDAS EU trusted list.

Qualified electronic signatures have a special legal status and have the equivalent legal effect of a handwritten signature. In practice, however, the more stringent requirements render qualified electronic signatures unviable for many business transactions.

Qualified Electronic Signatures are available in PleaseSign via integrations with trusted service providers on a national eIDAS EU trusted list (https://webgate.ec.europa.eu/tl-browser/#/).

FAQ

Are all forms of electronic signature admissible in the EU?

Yes, absolutely. eIDAS stipulates the following ‘’An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.’’ Effectively, all forms of electronic signature are admissible in the EU. Naturally, the higher levels of verification involved with advanced and qualified electronic signatures mean that they are more likely to be successfully upheld.

What types of transactions can be signed using standard electronic signatures (SES), advanced electronic signatures (AES) and qualified electronic signatures (QES)?

This is not stipulated in the eIDAS regulation. Any form of electronic signature can be used to sign transactions unless specifically prohibited in the laws of an EU member state. For example, some member states stipulate that wills, trusts, powers of attorney and any transaction usually signed by a notary cannot be signed via electronic signature. These restrictions are rare, meaning that, essentially the majority of transactions performed by organisations and individuals can be signed with an electronic signature.

What technology does PleaseSign use to comply with the regulation?

The technology and security measures used to process a transaction using PleaseSign are equal to or greater than any other provider globally. PleaseSign uses world class, bank grade hashing algorithms and encryptions keys that exceed all globally legislated requirements for electronic signature providers, including but not limited to the EU, the USA and Australasia amongst others. ‍‍

Disclaimer: The contents of this page have been produced for informational purposes only. They have been designed to give an understanding of the legal framework for electronic signatures in the EU. The contents should not be considered legal advice and are not a substitute for professional legal advice.

 

Feel free to contact us for more information.