3 min read

Exploring the value chain of remote QES in a complex business ecosystem

Picture of Guillaume Forget Guillaume Forget : 27. June 2021

Digital Signatures eIDAS
Exploring the value chain of remote QES in a complex business ecosystem

Signing is a way of showing consent when different stakeholders agree on something and the digital production of a signature is no different. Digital signature processes are integrated in a global ecosystem, where the signature represents the deliberate consent of a signatory so that a contract or transaction can be executed in a non-repudiable way in accordance with contract fulfillment and legal requirements.

The remote electronic signing experience can be represented in the below value chain:

eIDAS-value-chain-QES

As input, you have documents to be signed and as output, you get the signed documents that allow contract execution. Porting this to the digital world improves efficiency, security and certainly convenience since it allows for an end-to-end digital experience offering:

  • Higher transformation rates and time savings when a compelling user experience is provided
  • Cost savings without mailing, scanning, etc.
  • Better sustainability

As the diagram shows, the remote signing experience is tightly bound to other functions including:

  • Customer identification (Registration Authority)
  • CA services (for certification generation and dissemination)
  • Authentication services (required to guarantee that the signature operation was duly authorized by the signatory)

For a signature solution to be rolled out at the qualified level (Qualified Electronic Signature) and implemented in a corporation, a number of support activities need to be duly performed.

  • Contractual aspects: performing the above functions comes with some liability. Even though the core signing service is provided by a single legal entity (the registered trust service provider), it is likely in practice that several legal entities are implied including the TSP, the end-user, the business application owner and the Registration Authority. To define the contractual terms and responsibilities, the involvement of legal departments is often required.
  • Audit: a successful audit by an eIDAS accredited Conformity Assessment Body is a necessity to offer the level of a Qualified Electronic Signature. The scope of the audit encompasses all functions and a number of security controls, technical and operational standards must be enforced.
  • Integration: for the solution to be deployed in a frictionless way as part of an existing business portal, integration is required. Depending of the level of control and privacy requirements, some parts of the solution may be operated on-premise and some in the cloud.
  • Project management: to steer these activities and ensure that business objectives are met, it is common practice to appoint a project manager to supervise the implementation.

To provide a consistent and coherent solution and shorten the implementation time, Cryptomathic has teamed up with a number of partners in these fields (Technology suppliers, Trust service providers, Auditors, System integration, etc.). This extends our core value proposition and offers a primary contact point to a total solution which is tailored to your needs.

Please feel free to contact us to learn more about our global value proposition or if you are interested in partnering with us.

 

Download white paper

References and Further Reading

  • COMMISSION DELEGATED REGULATION (EU) supplementing Directive 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (2017), by the European Commission
  • Selected articles on Authentication (2014-18), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

Image: architecture_250, courtesy of perceptions (creative break), Flickr (CC BY-ND 2.0)