CubeIQ Blog - CubeIQ Limited

Go to content

Electronic Signature Technology in EU

CubeIQ Limited
Published by in Strong Authenication ·
Tags: #eSign#electronicsignature#esignature#eSignature#digitalsignature#KYC#eKYC#eIDAS#eID

On July 23, 2014, the European Commission published the electronic identification and trust services (eIDAS) Regulation as Regulation 910/2014. On July 1, 2016, eIDAS took effect, replacing the existing EU directive on electronic signatures. Any EU member state law that was inconsistent with eIDAS was automatically repealed or replaced.

eIDAS Regulation is allowing individuals and businesses across the European Union to take advantage of a new series of digital signatures, seals, time stamps, registered delivery, and website authentication across national borders. These electronic signatures will have the same legal weight as their physical counterparts. The new regulations put into place new trust centers to ensure that online signatures and certificates are authentic and will help the EU move towards its goal of a Digital Single Market.

eIDAS set of rules replaced the previous eSignature Directive that had been in place across the EU since 1999 (Directive 1999/93/EC Of the European Parliament and the of the Council of 13 December 1999). In the years since the original rules were implemented, electronic signatures have not entered widespread use across Europe, due to the varied interpretation of the rules by individual member nations and the lack of technical infrastructure.

Revising the previous Directive is one of the 12 policy initiatives proposed in the Single Market Act (the Act) with the main purpose of ensuring confidence in electronic transactions and creating a pan-European legal framework for all EU member states. eIDAS regulation allows for businesses to utilize universal, secure digital signatures and authentication methods that can be used anywhere in the EU and also provides a framework for businesses outside of the EU to conduct their business securely.

Except digital signature and website certificate authentication the regulation also introduces a set of new e-Trust Services (eTS), namely:

  • E-Seals: these are digital signatures which can be applied by legal persons e.g. companies (as opposed to e-signatures which are just for natural persons). This leads to concept of Qualified e-Seals applied automatically by companies for example for e-invoice, e-statement or e-bills signing.
  • Time-stamping service: to bind data with trusted timestamp to independently prove when a particular transaction took place.
  • Electronic Registered Delivery service: to prove that an identified sender sent an electronic document at a particular date and time and that it was received without change by the identified recipient at a particular date and time.

Key Articles
eIDAS regulation introduces mutual recognition of e-identification means and electronic trust services (e-signatures, e-seals, e-registered delivery services, time stamping, website authentication).

Articles 6 to 12 of the regulation focus on electronic identification (eID) and the provisions apply when member states choose to notify the Commission of their national eID schemes. However, there is no obligation for EU member states to introduce such a scheme.

Articles 13 to 24 cover trust services and the ancillary infrastructure related to electronic transactions such as verifying electronic signatures, creating certificates for website authentication and preserving electronic seals.

Articles 35-40 introduce the use of electronic seals, which are similar to electronic signatures but only available to legal persons.

One key change of the new regulation is the introduction of the advanced electronic signature. This signature, as opposed to the basic electronic signature that is in place under Directive 1999/93/EC, allows unique identification and authentication of the signer of the document and enables the verification of the integrity of the signed data. The signer is capable of using the latest technologies for providing his signature, such as mobile devices.

Another key change is the mutual recognition of qualified electronic signatures from all member states that will adopt the new regulation. For those member states with eID schemes, the concept of the mutual recognition will have a significant effect facilitating more efficient interaction with public service providers.

Article 25 of the regulation keeps the principle that all electronic verification services shall be admissible as evidence in legal proceedings, including electronic signatures, seals, time stamps, registered delivery services and certificates for website authentication. It specifically provides that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the fact that it is in electronic form. However, these electronic verification services have to meet certain technical requirements to confirm the integrity and correctness of the data to which they are linked.

The regulation includes a definition of trust services covering a wide range of electronic services, including electronic signatures, electronic time stamps and website authentication. It distinguishes between qualified and non-qualified trust services. The former will appear on a public register, and will have an EU trust mark and increased liability, with qualified trust providers facing a reverse burden of proof.
The concept of qualified versus non-qualified trust services applied also in Directive 1999/93/EC. However, the new regulation provides a clearer definition of trust services, their requirements and associated supervisory measures, applying under greater scrutiny to more electronic services than before. The main objective is to build public confidence in the security of digital transactions and to encourage more people to use electronic signatures, by demonstrating to individuals and businesses their advantage over handwritten signatures.

The new directly effective regulation ensures uniformity across the EU, and will address the existing problem of different national rules on electronic signatures, which is due to every member state implementing the law individually.

Back to content