A few years ago, the BBC reported that the power of the traditional hand-written signature was under threat from its digital counterpart. While it may have taken some time, the increasing adoption of digital services – from banking and financial transactions in the private sector to taxes and healthcare in the public – has led to a significant rise in the use of electronic signatures. Despite the fact that electronic signatures have been recognized as legally valid in some countries in Europe for years, a lack of consistency across the EU member states has proved a hindrance to cross-border business.
Electronic signatures have continued to increase with the enforcement of EU Regulation No. 910/2014 back in 2016. The electronic identity, authentication, and signing regulation, better known as eIDAS, is designed to establish a framework for electronic transactions that allows legally binding cross-border business throughout the European internal market.
Indeed, eIDAS creates standards for which electronic signatures are given the same legal standing as their “wet-ink” equivalents and sees the regulation of Trust Service Providers (TSPs) by supervisory bodies within their respective member state.
Businesses operating in the EU benefit from using trust services that comply with the regulation: any signed document and agreement is valid throughout the EU. By using a Qualified Trust Service, they can be sure that a document's electronic signature has at least the same validity as a wet-ink signature. Banks, in particular, are using the eIDAS regulations to ensure the identity of their customers and the validity of their agreements. As governments continue to expand the digital services they offer to their citizens, they are also requiring the use of eIDAS-compliant services and signatures.
To achieve the highest level of security and assurance, TSPs are required to use qualified signature creation devices, also known as QSCDs, which ensure the security of their signatures by applying strong cryptography.
Regardless of how strong that cryptography may be, it will only ever be as good as the root of trust that protects the underpinning cryptographic keys.
And it’s here where nCipher comes into the picture.
Common Criteria EAL 4+ certified, nCipher nShield hardware security modules (HSMs) are the root of trust for Trust Services.
In short, approved QSCDs enable TSPs to comply with eIDAS Regulations.
As digital signatures become more prevalent and are now recognized as legally valid across the EU, regulations such as eIDAS are important in reassuring European consumers that TSPs can protect the validity of their digital transactions and their identity. As part of this, nCipher is working with leading digital service providers, integrating nShield HSMs to serve as the root of trust for protecting customers’ most valuable and sensitive digital assets with eIDAS-compliant solutions.
And it’s not just in the EU. Governments and businesses in other countries are now adopting the eIDAS model to establish trust and legally binding digital signatures. Visit nCipher and Cryptomathic to get more information on eIDAS-compliant QES and find out how to deliver remote digital signatures for business continuity.
Originally published on nCipher website: www.ncipher.com
References and Further Reading
- Selected articles on eIDAS (2014-today), by Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner, and more
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 1) (2018), by Gaurav Sharma
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 2) (2018), by Gaurav Sharma
- Digital Trade and Trade Financing - Embracing and Shaping the Transformation (2018), by SWIFT & OPUS Advisory Services International Inc
- REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
- Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more
- The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council