What does EU Regulation 910/2014 say?
eIDAS is the abbreviation for “electronic identification and trust services”. This is a regulation of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. It officially came into force in July 2016 and applies to all EU member states and additional states of the EEA. Switzerland which is neither a member of the EEA nor the EU, has not adopted the eIDAS but has its own signature law containing the essential regulations of the eIDAS.
Table of contents
The contents of the eIDAS Regulation include electronic identification and trust services, with the topics of electronic signatures, seals, time stamps and registered delivery services. It mostly applies to the signing of contracts, electronic registered delivery services or secure website authentication.
eIDAS & electronic signature – Summary
According to the eIDAS Regulation, electronic signatures are divided into three types, the simple, advanced and qualified electronic signature. An electronic signature means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.The following is an overview of the three signature types:
Simple electronic signature
There is no list of requirements for a "simple electronic signature" (SES) and it can be signed without any identity verification.
Typical application scenarios:
General terms and conditions, documentation, etc.
Advanced electronic signature
According to Article 26 of eIDAS, the "advanced electronic signature" (AES) meets the following requirements:
- The E-Signature is uniquely linked to the signatory;
- It is capable of identifying the signatory;
- It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Typical application scenarios:
Tenders, requests, purchase agreements, etc.
Qualified electronic signature
According to eIDAS, the "qualified electronic signature" (QES) means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
Typical application scenarios:
Guarantees, fixed-term employment contracts, etc.
Electronic time stamp
An electronic signature can include an electronic time stamp. According to eIDAS, this is data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time.
In fact it is time data such as the signature’s date and timestamp. This is not only convenient because it eliminates the need to manually enter the date as is usually the case with a paper contract but it is also important in the event of a dispute.
The qualified electronic time stamp represents the highest security level and must meet additional requirements:
- It binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably.
- It is based on an accurate time source linked to Coordinated Universal Time.
- It is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method.
- Further articles
More on the topic of digital signatures