eIDAS

The eCommerce has generated an incredible trade boom, allowing companies to expand their markets internationally. But how can one verify whom they are dealing with?

Seeking harmonisation across the European Union

Is that person or that company really who they are claiming to be? To solve these uncertainties, many countries have started to implement national legislation, providing strict guidelines and rules concerning the way electronic transactions should be authenticated and signed for.
Confronted with almost as many national regulations addressing the legal framework around the e-signature as there are countries that compose it, the European Union sought harmonization. Replacing and reviewing the earlier 1999/93/EC directive on e-signature, the eIDAS regulation defines the standards that products, solutions and services around the electronic signature, electronic seals, timestamp, electronic delivery services and website authentication need to comply with. The overall objective is to ensure a seamless electronic interaction between citizens, businesses and public authorities, making transactions and access to services convenient and safe.

 

eIDAS regulation

 

The eIDAS regulatory bodies also maintain a list of all the companies that offer Qualified Trust Services. To appear on this Qualified Trust Services Providers list, a company needs to undergo an audit, to certify  conformity with the established rules.

QES: non refutable and legally binding


Several levels of assurance are being used in the eIDAS regulation to define the security offered by an electronic signature:

  • An Electronic Signature is just a jurisdictional principle, without an evidentiary effect.
  • An Advanced Electronic Signature or AdES needs to uniquely link a signature to the signatory, identify the signatory, be linked to signed data and be created by the signatory, under his or her sole control, “with a considerable level of confidence.”
  • A Qualified Electronic Signature or QES is the highest level of assurance. It has the same characteristics as an AdES, but with the difference that it needs to rely on a qualified digital certificate (issued by a QTSP), used in combination with a Qualified Signature Creation Device. QES signatures are non-refutable as they have the same legal effect as handwritten signatures.
  • Qualified signatures offer the highest level of assurance and are therefore the preferred or mandatory choice for high-value transactions. National legislators may decide to impose Advanced Electronic Signature and/or Qualified Electronic Signature for specific purposes.
    This means that all companies offering e-signature services within the EU must either follow through with auditing procedures to be eIDAS compliant, or must outsource their solution to a QTSP, in order for these signatures to be legally binding.

     

     

Want to know more?

Find us on LinkedIn