What is an electronic signature?
An electronic signature is an electronic indication of a person’s intent to agree to the content of a document or a set of data to which the signature relates. Like its handwritten counterpart in the offline world, an electronic signature is a legal concept capturing the signatory's intent to be bound by the terms of the signed document.
Three types of electronic signatures
The eIDAS Regulation defines three levels of electronic signature: 'simple' electronic signature, advanced electronic signature and qualified electronic signature. The requirements of each level build on the requirements of the level below it, such that a qualified electronic signature meets the most requirements and a 'simple' electronic signature the least.
Simple Electronic Signatures
An electronic signature is defined as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign" (eIDAS Article 3) . Thus, something as simple as writing your name under an e-mail might constitute an electronic signature.
Advanced Electronic Signatures (AdES)
An advanced electronic signature (eIDAS Article 3) is an electronic signature which is additionally:
- uniquely linked to and capable of identifying the signatory;
- created in a way that allows the signatory to retain control;
- linked to the document in a way that any subsequent change of the data is detectable.
The most commonly used technology able to provide these features is the use of a public-key infrastructure (PKI), which involves the use of certificates and cryptographic keys
Qualified Electronic Signatures (QES)
A qualified electronic signature (eIDAS Article 3) is an advanced electronic signature which is additionally:
- created by a qualified signature creation device;
- and is based on a qualified certificate for electronic signatures.
Signature creation devices come in many forms to protect the electronic signature creation data of the signatory, such as smartcards, SIM cards, USB sticks. "Remote signature creation devices" can also be used where the device is not in the physical possession of the signatory, but managed by a provider. Those remote qualified signature solutions offer an improved user experience while maintaining the legal certainty offered by qualified electronic signatures.
Qualified certificates for electronic signatures are provided by (public and private) providers which have been granted a qualified status by a national competent authority as indicated in the national 'trusted lists' of the EU Member State. Those lists can be accessed through the Trusted List Browser. Many providers of qualified certificates will deliver the corresponding private key on a qualified signature creation device.
While different levels of electronic signatures may be appropriate in different contexts, only qualified electronic signatures are explicitly recognized to have the equivalent legal effect of hand-written signatures all over the EU.
When to use an electronic signature?
Electronic signatures can be used in a variety of situations. As their legal effects are equivalent to the ones of handwritten signatures, qualified electronic signatures can be used in any situation, even cross-border, where handwritten signatures are used, such as:
- Contracts (sales, employment, lease, insurance, etc.)
- Transactions (e-commerce, online banking, etc.)
- Administrative procedures (tax declarations, requests for birth certificates, etc.)
Electronic signatures in the European Union
Electronic signatures were first recognised in European legislation through the Directive on a Community framework for electronic signature (eSignature Directive) adopted in 1999. Since 1 July 2016, electronic signatures in the EU are governed by the Electronic Identification and Trust Services (eIDAS) Regulation. eIDAS provides a predictable regulatory environment directly applicable to all EU Member States to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
How does the European Commission support e-signatures in Europe?
Introduction to the eSignature building block
The eSignature building block helps public administrations and businesses to accelerate the creation and verification of electronic signatures. The deployment of solutions based on this building block in a Member State facilitates the mutual recognition and cross-border interoperability of e-signatures. This means that public administrations and businesses can trust and use e-signatures that are valid and structured in EU-interoperable formats. The provision of many online services requires exchange of documents whose signature can be recognised across border. It therefore constitutes a key building block for the European Digital Single Market.
eSignature is a building block of the Digital Europe Programme (DIGITAL). These building blocks are reusable specifications, software and services that will form part of a wide variety of IT systems in different policy domains of the EU. The promotion of common building blocks is a way to lower barriers for technical integration and provide tried and tested solution components that will speed up the delivery of online services that work across borders, in a cost-efficient manner.
What is DIGITAL eSignature trying to achieve?
The eSignature building block supports the use of cross-border interoperable electronic signatures in Europe. This means, for example, that a Greek entrepreneur can sign a permit application in Helsinki and expect it to be recognized by public authorities in Dublin.
What does DIGITAL eSignature offer?
The DIGITAL eSignature building block consists of several services managed by the European Commission. These include:
- The Digital Signature Services (DSS) open-source library for the creation and validation of e-signatures.
- The Trusted List Manager, which helps the Member States' Trusted List Scheme Operators (TLSOs) create and edit a Trusted List in a standard, machine-readable format.
- Technical specifications and associated standards (maintained by ETSI), which outline the requirements laid out by the eIDAS Regulation in regard to e-signatures and e-seals.
- DSS Conformance Testing (maintained by ETSI), to help service providers and public administrations test interoperability and conformity of their e-signature solution.
A complete overview of DIGITAL eSignature's services can be found here.
A brief history of DIGITAL eSignature
The eSignature Directive (1999/93/EC), effective as of January of 2000, first provided recognition of legal effectiveness to electronic signatures, thus establishing the legal framework at European level for electronic signatures and certification services.
ISA action 1.9 aimed to make it easy for Member States and their e-Government managers to use and accept electronic signatures by providing them with the necessary technical tools, in response to the 2006 Services Directive (2006/123/EC). This Directive stated that service providers from any Member State willing to create and run a business in another Member State, were entitled to carry out all relevant administrative procedures and formalities via Points of Single Contact and by electronic means, including across borders.
In 2016, Regulation (EU) N°910/2014 (the eIDAS Regulation) came into full effect, and the eSignature Directive was repealed. The new legal framework ensures legal certainty for cross-border use of e-signatures, e-seals, time-stamps, e-delivery service and website authentication certificates.
In response to these legislative developments, the eSignature building block has been operationalised and rolled-out by the Digital Europe Programme (formerly known as CEF) since the end of 2014, resulting in the set of tools and services available today. The following EU bodies currently manage DIGITAL eSignature:
- The European Commission's Directorate General for Informatics (DG DIGIT) is responsible for the technical management of DIGITAL eSignature.
- The European Commission's Directorate-General for Communications Networks, Content and Technology (DG CNECT) is responsible for the implementation of EU policy directly related to eSignature.
- The Innovation and Networks Executive Agency (INEA) is responsible for the implementation of the DIGITAL Telecom programme grants in cooperation with the European Commission.
What are the benefits?
1. Benefits of electronic signature for end users
Electronic signing allows for the full digitalisation of business processes, eliminating the time and costs of printing, faxing, mailing, copying, scanning and filing in paper formats which presents many disadvantages:
- risk of loss, destruction and incompleteness
- difficulty to search, edit and share
- need for bulky, physical storage space
By eliminating these burdens, gouvernements, companies and citizens implementing the electronic signature will:
- save significant time
- enhance the security of the processes
- reduce operational costs
- cut carbon footprint
- improve all parties' satisfaction
Electronic signing is fast, green, secure and extremely convenient, contributing to an improved overall experience.
2. Benefits of DIGITAL eSignature's DSS open-source library
DSS allows for a simplification of the complex details of electronic signatures and enables the protagonists to focus on generating what s/he wants to produce, be that an invoice, a contract, etc.
DSS is therefore a powerful lever for governments and businesses to integrate electronic signature with less effort. It also increases cross-border interoperability and allows for higher levels of trust and confidence on electronic transactions.
3. Benefits of DIGITAL eSignature's Trusted List Manager for Trusted List Scheme Operators (TLSOs)
The Trusted List Manager is a single point of access to all technical tools needed for TLSOs to manage Trusted Lists.
The Trusted List Manager enables the easy creation, editing, signing and maintenance of a Trusted List in the format required by the eIDAS regulation. It also allows TLSOs to verify compliance of the Trusted List with standards as well as the availability of the Trusted List.
What are the use cases?
Different use cases can be foreseen for the use of eSignature. We provide a few examples of inter-institutional, cross-directory or external interactions:
European legislative process
Signature of legislative, regulatory or administrative acts.
Judiciary procedural documents
Court briefs, pleadings, case management or other procedural documents.
Social security registries, business registries, tax registries.
Easier mandate management, shifting from paper mandates to e-mandate systems.
Internal administrative procedures
HR documents (employment contracts, privacy notices, non-disclosure agreements, benefits paperwork), contract management, e-invoices.