This article describes what advanced electronic signatures are, and what their significance, under the eIDAS regulation, holds for EU member states.
Many types of business and public service processes can be sped up by incorporating the use of electronic signing, especially cross-borders. Instead of waiting to receive signed documents back via the postal service, facsimile or scanned and attached to an email, messages and documents can be securely signed on an online device. This can be especially advantageous when a document requires multiple signatures from different people in different locations. But of equal importance, an electronic signature can be more secure than a handwritten signature. This is where the advanced electronic signature comes in.
What is an Advanced Electronic Signature?
Under eIDAS, an electronic signature is considered to be advanced if it has met several requirements, including:
- It uniquely identifies and links its signatory
- The private key used to create the electronic signature is under the sole control of the signatory
- If the data is tampered with after the message has been signed, the signature must identify that this has happened
- Invalidating the signature in the event its accompanying data has changed
From a technical point of view, advanced electronic signatures recognized by the EU and compliant with eIDAS can be implemented through the following three digital signature standards:
The three standards have been developed by the European Telecommunications Standards Institute ETSI.
Regulated Mechanisms for Cross-border Acceptance of Advanced Electronic Signatures
Under the eIDAS Regulation, the European Parliament expressed the need for a public key infrastructure, thus make it necessary that a European validation authorities gateway be established. Each Member State is required to establish “points of single contact” (PSCs) for existing trust services to ensure that eIDs can be used in cross-border transactions in the public sector, including EU citizens’ ability to access cross-border healthcare.
Legal Implications of Advanced Electronic Signatures
Following Article 25 (1) of the eIDAS regulation, an advanced electronic signature shall “not be denied legal effect and admissibility as evidence in legal proceedings …”However it will reach a higher probative value when enhanced to a qualified electronic signature. Article 24 (2) of the eIDAS Regulation grants a qualified electronic signature the same legal effect as a handwritten signature.
eIDAS lays the groundwork to build trust among internal markets in regards to electronic transactions. By providing a common foundation, citizens, public agencies and businesses can take advantage of secure electronic transactions. The intended goal is to increase the efficiency in which these transactions with electronic business, electronic commerce and public and private online services can be conducted in the EU.
The use of advanced electronic signatures has helped to overcome the major obstacles that the digital market has experienced and were identified in the EU's Digital Agenda for Europe.
One of the greatest challenges to be met was developing a system that would allow EU citizens to enjoy the benefits of having a single digital market and the accessibility to seamless cross-border digital transactions. Previously, electronic barriers prevented citizens from authenticating themselves with their electronic identification because other Member States did not recognize their home country’s electronic identification scheme. Now, all participating Member States must recognize advanced electronic signatures.
The solutions for digital signing, developed and offered by Cryptomathic are fully compliant to the eIDAS requirements on advanced and qualified electronic signatures.
References and Further Reading
- Selected articles on Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Peter Landrock, Torben Pedersen, Dawn M. Turner and Tricia Wittig
- A Digital Agenda For Europe (2010), by the European Commission
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC(2014) by the European Parliament and the European Commission