Policy and legislation :: European legislation on eSignature
21 September 2012
The main objective of the Directive on eSignature is to create a Community framework for the use of electronic signatures. It allows electronic signature products and services to flow freely across borders and ensures the legal recognition of electronic signatures.
The Directive addresses three forms of electronic signatures:
1. Basic electronic signature: understood in the simplest and broadest sense of electronic signature i.e. as a means to identify and authenticate data. It can be as simple as signing an e-mail message with a personal name.
To be a signature the authentication must relate to data and not be used as a method or technology only for entity authentication. For instance, when a person uses a PIN code to identify himself in order to get access to an electronic bank account, it is not an electronic signature. However, entering the same code in order to confirm a financial transaction and, in doing so authenticating this transaction, is an electronic signature. There are many applications making use of electronic signature technology, which do not qualify as electronic signatures according to the Directive when they are only used for entity authentication.
It should also be noted that the notion of signature used in the Directive refers to a legal concept and not to a technical one. This means that the definition is intended to cover all current and future technologies for electronic signatures as well as all possible interpretations of the term signature in the law of the Member States.
2. Advanced electronic signature(as defined by the Directive). This second form of signature has to meet the requirements defined in Article 2.2 of the Directive. In particular, this form of electronic signature is capable to be uniquely linked to the signatory and to identify the signatory, is created using means that are under the signatory's sole control and is linked to the data in such a way that any subsequent change in the data can be detected. The Directive does not favour a particular technology but in practice, this definition refers mainly to electronic signatures based on a public key infrastructure (PKI). This technology uses encryption technology to sign data, which requires a public and a private key.
3. "Qualified electronic signature": this third form is mentioned in Article 5.1 and consists of an advanced electronic signature based on a qualified certificate and created by a secure signature creation device which need to comply with the requirements in Annexes I, II and III.
This Directive establishes the legal framework at European level for electronic signatures and certification services. The aim is to make electronic signatures easier to use and help them become legally recognised within the Member States.
This Decision gives the references of three generally recognised standards for electronic signature products which presume compliance with the qualified electronic signature.
This Decision sets out the criteria that Member States must take into account when designating national bodies to evaluate the conformity of secure signature-creation devices.