All Trains Cancelled: How an e-Signature Failure Derailed a €3bn Swiss-Austrian Transport Deal

Last week order for 186 double-decker trains was nullified due to a legal formality surrounding the Qualified Electronic Signature used to ink the deal. Guillaume Forget, Managing Director and e-signature specialist of Cryptomathic GmbH, unpacks what went wrong and highlights what businesses everywhere can learn from the debacle.

Read more

An Overview of EBA's New Guidelines on ICT and Security Risk Management (EBA/GL/2019/04) in the Light of COVID-19

Considering the COVID-19 impact on digitalization, EBA’s updated Guidelines on ICT and Security Risk Assessment will help focus on priority areas, including compliance.

Read more

Federated Signing

This article explores how federated signing can resolve some of the challenges banks face when onboarding customers online in the eIDAS and PSD2 era.

Read more

Why banks need Non-Repudiation of Origin and Non-Repudiation of Emission

Have you ever heard the kind of sweet and innocent voice saying, “I didn’t eat my brother’s ice cream”, while the kid’s mouth and t-shirt are covered with chocolate and cream?

Read more

Signing in the Cloud


What is driving Electronic Commerce and e-Government solutions? The answer is simple: useful applications and user-friendly yet secure solutions that can deliver operational cost savings. Smartcards, used for providing digital signatures for Electronic Commerce (EC), never caught on in any significant volume for the mere fact that there are very few smartcard readers around, which makes such solutions very expensive. However, there is an alternative

Read more

Delivering Advanced Electronic Signatures - via a central signing server

The notion of Advanced Electronic Signature was introduced in the European Directive for electronic signatures[1], which remains today an important milestone for the standardisation and legal recognition of electronic signatures. Advanced Electronic Signatures (hereinafter AdES) offer a very practical method to protect information and provide trust in electronic business. They can be embedded in popular document formats such as PDF, XML and CMS messages[2] and are also the base stone for creating qualified electronic signatures (QES)[3]

Art. 2 of the directive contains some requirements on signatory identification and. This paper describes how a central signature server can fulfill these requirements. This article relates to the European Commission Standardisation mandate m460 to CEN and ETSI on electronic signatures and is proposed as input for the ETSI standard prTS 14167-5.

Read more