How to start signing documents electronically within the EU
1Get familiar with legislation and standards
The eIDAS Regulation (910/2014) sets the legal framework for electronic signatures in the EU. It defines who can use electronic signatures and in what context. To ensure that electronic signatures can be created and validated anywhere in Europe, a number of standards were identified for their implementation.
2Identify your needs
Consider the needs of your organisation and define what types of documents need to be digitally signed, and in which use cases. These are typically low-risk, high-volume agreements such as HR documents, but can also be sales and procurement papers or concern customer onboardings.
3Select the type of e-signature
There are different types of e-signatures with different trust levels: simple, advanced and qualified. Qualified e-signatures, for example, feature the highest trust level and have the same legal standing as a handwritten signature. Assess which type of e-signature is appropriate in your case. To do so, take the practical details and legal risk into account, balance cost of implementation against risk of losing a legal challenge. Any signature can be contested but features like an e-Sign audit trail, implementation choice (one time PIN via SMS; specific click to accept terms and conditions) or adding a qualified signature gives you confidence should you have to defend something before a court.
Note that you can also request certificate-based signatures from signers outside your organization.
Keep in mind that e-seals are the same as e-signatures, but used by legal entities, such as a businesses or government organisations.
4Define your IT specifications
Based on your needs and the type of e-signature chosen, refine your requirements and define IT specifications to shape the workflow, application architecture and security controls.
5Decide how to enable digital signatures
To electronically sign a document, you need a digital application. You can choose to build your own solution in-house or find a solution provider that can adapt their product to your needs. Check out our documentation and support services to help you put together a solution. Consider the benefits of going digital with CEF eSignature and assess your eligibility for CEF funding .
If you go for a solution provider approach, you can skip the two next steps and go to section 8.
6Use the eSignature DSS open-source library
You can use the Digital Signature Software (DSS) open-source library to ensure that your e-signatures and e-seals are created and verified in line with European legislation and standards. You can adopt DSS as such or use it as a reference implementation. Need help with this step? Contact our service desk for information and support.
7Make your solution compliant
If your solution is based on the DSS, it’s already compliant and you can skip this step. If you have developed your own signing application without the DSS, you can test the interoperability and conformity of your e-signature solutions with our ETSI Signature Conformance Checker. You can also validate qualified and advanced signatures and seals using our Qualified electronic signature (QES) validation algorithm
8Obtain a digital certificate from a Trust Service Provide
To digitally sign a document using an advanced or qualified e-signature, you must have a valid digital certificate. A digital certificate is similar to a digital ID and they are provided by Trust Service Providers. Access our eSignature Trusted List Browser to choose from over 200 active Trust Service Providers.
Please note that some signing solution providers have partnerships with TSPs to facilitate the provisioning of digital certificates and smooth the process.
9Start e-signing documents
You and your application are ready to start digitally signing documents.
Questions? Contact our eSignature Service Desk. All of CEF's tools and services are available at no cost.