Navigation path

European legislation on eSignature

Policy/Legislation: 21/09/2012 - 02:00
The main objective of the Directive on eSignature is to create a Community framework for the use of electronic signatures. It allows electronic signature products and services to flow freely across borders and ensures the legal recognition of electronic signatures.

The Directive addresses three forms of electronic signatures:

1. Basic electronic signature: understood in the simplest and broadest sense of electronic signature i.e. as a means to identify and authenticate data. It can be as simple as signing an e-mail message with a personal name.

To be a signature the authentication must relate to data and not be used as a method or technology only for entity authentication. For instance, when a person uses a PIN code to identify himself in order to get access to an electronic bank account, it is not an electronic signature. However, entering the same code in order to confirm a financial transaction and, in doing so authenticating this transaction, is an electronic signature. There are many applications making use of electronic signature technology, which do not qualify as electronic signatures according to the Directive when they are only used for entity authentication.

It should also be noted that the notion of signature used in the Directive refers to a legal concept and not to a technical one. This means that the definition is intended to cover all current and future technologies for electronic signatures as well as all possible interpretations of the term signature in the law of the Member States.

2. Advanced electronic signature(as defined by the Directive). This second form of signature has to meet the requirements defined in Article 2.2 of the Directive. In particular, this form of electronic signature is capable to be uniquely linked to the signatory and to identify the signatory, is created using means that are under the signatory's sole control and is linked to the data in such a way that any subsequent change in the data can be detected. The Directive does not favour a particular technology but in practice, this definition refers mainly to electronic signatures based on a public key infrastructure (PKI). This technology uses encryption technology to sign data, which requires a public and a private key.

3. "Qualified electronic signature": this third form is mentioned in Article 5.1 and consists of an advanced electronic signature based on a qualified certificate and created by a secure signature creation device which need to comply with the requirements in Annexes I, II and III.

Main publications

Legislation

  • Commission Decision 2003/511/EC of 14 July 2003 on the publication of reference numbers of generally recognised standards for electronic signature products in accordance with Directive 1999/93/EC of the European Parliament and of the Council.

    This Decision gives the references of three generally recognised standards for electronic signature products which presume compliance with the qualified electronic signature.

  • Commission Decision 2000/709/EC of 6 November 2000 on the minimum criteria to be taken into account by Member States when designating bodies in accordance with Article 3(4) of Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures [Official Journal L 289 of 16.11.2000].

    This Decision sets out the criteria that Member States must take into account when designating national bodies to evaluate the conformity of secure signature-creation devices.

Communications and related documents

  • Digital Agenda for Europe Communication COM(2010) 245 final/2 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. A Digital Agenda for Europe
  • The Action Plan on e-signature & e-identification COM(2008)798 of 28.11.2008 addresses new issues raised by the adoption of the Services Directive 2006/123/EC and issues identified in the Commission report on the operation of the directive (see below).
  • Proposal for a European Parliament and Council Directive on a common framework for electronic signatures /* COM/98/0297 final - COD 98/0191, COM(1998)297 of 13.5.1998. This Proposal aimed at ensuring the proper functioning of the Internal Market in the field of electronic signatures by creating a harmonized and appropriate legal framework for the use of electronic signatures within the Community and establishing a set of criteria which form the basis for legal recognition of electronic signatures.
  • Ensuring Security and Trust in Electronic Communication. Towards a European Framework for Digital Signatures and Encryption. Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions. COM(1997)503 of 8.10.1997 This Communication represents the first step towards the establishing of a common framework for digital signatures.