The world is slowly but surely moving away from its centuries-old obsession with paper. With the very real threat of man-made climate change, it is a welcome sign that the world is moving towards electronic means for recording and communicating information which is reducing the pressure on our forests. In addition to the trees saved, this also reduces the carbon impact of having to physically ship those documents around – usually via the least carbon-efficient modes like airplanes.

But behind all of this digitization, there is a considerable amount of effort that goes on in the background in order to ensure that the customer’s entire digital journey is seamless, fast, error and fraud proof. In the European Union, regulations like eIDAS and their supporting technical standards provide the broad framework which allows for secure digital authentication and use of electronic signatures and seals. Digital signatures and seals enable a lot of the digitization of paper-based processes that we see today, right from financial services to eGovernance and everything in between.

eIDAS specifies three assurance levels for digital signature standards - the Simple Electronic Signature, Advanced Electronic Signature (AdES) and Qualified Electronic Signature (QES) - which come with each their assurance levels. Advanced Electronic Signatures (AdES) have to meet specific criteria under the eIDAS Regulation which differentiates them from simple electronic signatures. AdES is described in detail in this article but some of their requirements include:

  • It uniquely identifies and links its signatory

  • The private key used to create the electronic signature is under the sole control of the signatory

  • If the data is tampered with after the message has been signed, the signature must identify that this has happened

  • Invalidating the signature in the event its accompanying data has changed

New call-to-actionWith the highest assurance levels and legal value, a Qualified Electronic Signature is an Advanced Electronic Signature based on a qualified certificate, whereas the digital signature must be created by a Qualified Electronic Signature Creation Device (QSCD). Simply put, the difference between the AdES and the QES is the addition of a qualified certificate and certification requirements for the signature creation process. The certificate is issued by a qualified trust service provider, and it attests to the authenticity of the electronic signature to serve as proof of the identity of the signatory.

Qualified Electronic Signatures and Seals provided by Qualified Trust Providers in the EU ensure non-repudiation from a legal perspective and have the same legal value as handwritten signatures. This legal clarity combined with the inherent security built into these instruments is what makes them so exciting for digital service providers. A Qualified Electronic Signature created in any EU Member State will have the same legal value as a handwritten signature in all EU Member States.

The European Telecommunications Standards Institute (ETSI) produces the standards needed for all sorts of electronic communication systems like wireless, mobile, radio etc. For digitally signing different file formats, ETSI standards include:

  • Cryptographic Message Syntax Advanced Electronic Signature (CAdES)

  • XML Advanced Electronic Signature (XAdES)

  • PDF Advanced Electronic Signature (PAdES)

CAdES is built around the Cryptographic Message Syntax (CMS) providing standards for advanced electronic signatures. XAdES does something similar for XML Digital Signatures and PAdES has been designed to allow PDF documents to carry advanced electronic signatures. PDF documents are popular because of the way they can present any paper document in a digital format and so signing them digitally has a rather wide array of applications.

Digital-Signature-workflow

This image demonstrates a sample workflow using PAdES for signing PDF documents electronically. Image Source: Adobe

 

The development of such standards allows businesses to improve efficiency, streamline and standardize their end-to-end document workflows, reduce costs and the cut down on the time it takes to process customer requests. The technology to go paperless and adopt a fully digital-delivery business model has existed for quite a while. However, there was always a barrier to this because of the need to manually sign documents which invariably led to hiccups and delays.

To be fair, such digital signing standards are not unique to the EU but the challenge here has been to develop standards that are acceptable to all Member States and can be used across borders. That aspect is indeed unique, and it presents a blueprint for global adoption of such standards. Also, and perhaps more important, detailed technical standards have been accompanied by a legal framework (EU regulation), making it binding in all EU countries alike. This not only provides a high probative value but also a legal standing in court with the validity of a handwritten signature.  What has been designed to make the European Single Market a reality, might eventually end up laying the foundation for a global endeavour on this front.

Download white paper

References and Further Reading

 

Other Related Articles: # Digital Signatures # eIDAS

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.