eIDAS levels of electronic signatures
eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU.
The goal of the eIDAS regulation, which began to take effect in 2016, is to facilitate the smooth flow of commerce in the EU through transparency, security, technical neutrality, cooperation, and interoperability. In pursuit of these values, eIDAS:
Standardises the use of electronic identification (eID).
Defines a new class of “electronic trust services” (eTS).
Clarifies and ensures the legal validity of electronic signatures.
Creates a European internal market within the EU for electronic trust services.
These standards apply across borders as well as within individual member countries.
The eIDAS regulation defines three types of electronic signatures: (Basic) Electronic Signature, Advanced Electronic Signature, and Qualified Electronic Signature.
Scroll down to continue ⤵
eIDAS: electronic signature levels
Basic Electronic Signature: ES
In practice, a basic electronic signature can be any kind of signature made in an electronic environment where the signatory has manifested their intent (e.g., by clicking a button or checking a box) to become bound by the contents of the document thus signed.
A basic electronic signature is sufficient and legally valid for the vast majority of private transactions, B2B, B2C, and between private persons.
Advanced Electronic Signature: AES
According to eIDAS, “An advanced electronic signature shall meet the following requirements:
it is uniquely linked to the signatory;
it is capable of identifying the signatory;
it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable”.
In practice, these elements of unique identity, sole control and integrity of the signed document can be achieved through different means regardless of what technology is used. It should be noted that identification for signing purposes may or may not be “electronic” to reach the advanced electronic signature level. A recognised eID assures secure authentication of the signatory’s identity in the online environment.
Qualified Electronic Signature: QES
According to eIDAS, “‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures”.
In practice, the use of Qualified Electronic Signatures invokes an extra layer of assurance (or trust) that results in a special legal effect that shall be recognised by the courts in the EU.
Scrive solutions for each level of electronic signatures
Scrive’s Basic Electronic Signatures:
A good quality basic electronic signature solution, such as Scrive offers, provides at least:
evidence of the intent to sign
identity information including IP address, email address and audit trail (transaction log)
association of the signature with the document
integrity protection of the document
In fact, Scrive’s solution exceeds these basic criteria: our advanced evidence package ensures that documents you sign with Scrive, even on the basic electronic signature level, incorporate all available evidence from the signature process. Furthermore, each document is an integrity-protected evidence container that is virtually independent from Scrive, i.e., you don’t need to rely on Scrive and our records to have access to the evidence. All the evidence is in the digitally-sealed document.
In other words, Scrive’s solution conforms to and far exceeds eIDAS requirements for basic electronic signatures.
Scrive’s Advanced Electronic Signatures:
Scrive integrates local versions of eID means in our e-sign service as a means to securely authenticate a signatory’s identity upon signing. This satisfies the first three eIDAS requirements for an advanced electronic signature, namely that it is “uniquely linked to the signatory; capable of identifying the signatory; (and) created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control”.
To protect document integrity, Scrive, in partnership with our supplier Guardtime, applies a digital signature (meaning “sealing”, not a signature in the legal sense) using Keyless Signature Infrastructure (KSI) technology. This fulfils the last of the four eIDAS requirements for an advanced electronic signature, namely that “it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable”.
Since eIDAS is technology-neutral, there can be multiple methods to satisfy the requirements for an advanced electronic signature. Scrive offers solutions for both KSI based advanced electronic signatures, as well as advanced electronic signatures compliant with the PAdES standard (PDF Advanced Electronic Signature).
Scrive’s Qualified Electronic Signatures:
Scrive offers QES services in partnership with various qualified trust service providers (QTSP) recognised by the EU, ensuring our customers are able to choose the type of e-signature that fits their needs.