The main objective of the Directive on eSignature is to create a Community framework for the use of electronic signatures. It allows electronic signature products and services to flow freely across borders and ensures the legal recognition of electronic signatures.
The Directive addresses three forms of electronic signatures:
1. Basic electronic signature: understood in the simplest and broadest sense of electronic signature i.e. as a means to identify and authenticate data. It can be as simple as signing an e-mail message with a personal name.
To be a signature the authentication must relate to data and not be used as a method or technology only for entity authentication. For instance, when a person uses a PIN code to identify himself in order to get access to an electronic bank account, it is not an electronic signature. However, entering the same code in order to confirm a financial transaction and, in doing so authenticating this transaction, is an electronic signature. There are many applications making use of electronic signature technology, which do not qualify as electronic signatures according to the Directive when they are only used for entity authentication.
It should also be noted that the notion of signature used in the Directive refers to a legal concept and not to a technical one. This means that the definition is intended to cover all current and future technologies for electronic signatures as well as all possible interpretations of the term signature in the law of the Member States.
2. Advanced electronic signature(as defined by the Directive). This second form of signature has to meet the requirements defined in Article 2.2 of the Directive. In particular, this form of electronic signature is capable to be uniquely linked to the signatory and to identify the signatory, is created using means that are under the signatory's sole control and is linked to the data in such a way that any subsequent change in the data can be detected. The Directive does not favour a particular technology but in practice, this definition refers mainly to electronic signatures based on a public key infrastructure (PKI). This technology uses encryption technology to sign data, which requires a public and a private key.
3. "Qualified electronic signature": this third form is mentioned in Article 5.1 and consists of an advanced electronic signature based on a qualified certificate and created by a secure signature creation device which need to comply with the requirements in Annexes I, II and III.
Communications and related documents
- Digital Agenda for Europe Communication COM(2010) 245 final/2 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. A Digital Agenda for Europe
- The Action Plan on e-signature & e-identification COM(2008)798 of 28.11.2008 addresses new issues raised by the adoption of the Services Directive 2006/123/EC and issues identified in the Commission report on the operation of the directive (see below).
- Proposal for a European Parliament and Council Directive on a common framework for electronic signatures /* COM/98/0297 final - COD 98/0191, COM(1998)297 of 13.5.1998. This Proposal aimed at ensuring the proper functioning of the Internal Market in the field of electronic signatures by creating a harmonized and appropriate legal framework for the use of electronic signatures within the Community and establishing a set of criteria which form the basis for legal recognition of electronic signatures.
- Ensuring Security and Trust in Electronic Communication. Towards a European Framework for Digital Signatures and Encryption. Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions. COM(1997)503 of 8.10.1997 This Communication represents the first step towards the establishing of a common framework for digital signatures.