What is an eSignature? 1/3

You have come to the right place, we are going to explain what an electronic signature is and in upcoming posts, how you can implement an electronic signature system for your personal or professional dealings.

Whether due to lockdown or for other reasons, you may have sought alternatives to signing paper documents. And probably you may have even been told  that they need to provide the legal validity guarantees in case of judicial claim.

It seems that when we mirror the signature on a screen as that on a paper, we are facing an equivalence in the concept of signing … but are there any other possibilities? Let us go see it.

First, we will explain their potential and to this effect we should go through some standards.

Concept and definition

We will rely on the European regulations, the main one being the European Regulation 910/2014, (eIDAS Regulation). Being a regulation  it is not necessary any transposition of the member states and , therefore it is directly applicable. The new regulation maintains three types of electronic signatures:

a) Electronic signature

As defined under eIDAS “any data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” As you can see, it is an open definition that has been written under the principle of technological neutrality and that allows to receive future innovations due to the rapid changes in technology.

This means that any system that allows the three characteristics incorporated into the definition, namely; (1) electronic format, (2) association with other electronic data and (3) used to sign, must be considered  electronic signature.

In practice, systems we use most often,eg password, an OTP, a scanned  or a biometric signature embrace this definition.

b) Advanced electronic signature

A type of esignature that must meet the specific requirements of article 26 of  eIDAS Regulation:

  1. Uniquely linked to the signer.
  2. Capable of identifying the signer.
  3. Created using signature creation data that the signer can use under their sole control.
  4. Linked to the signed data in such a way that any subsequent change in the data is detectable.

We see that the requirements are more demanding, despite the fact that the eIDAS Regulation does not confer special legal effects on electronic signatures. The main difference is that the technical security of the advanced electronic signature is usually higher. Therefore, it is more reliable and offers a more robust evidence framework for potential legal claims about its validity.

c) Qualified electronic signature

According to eIDAS Regulation: (1) It is an advanced electronic signature (therefore, it must meet the above mentioned requirements) created by means of a (2) qualified electronic signature creation device and it is based on a (3) qualified electronic signature certificate.

This electronic signature is the only legal equivalent of a written signature in the EU member states.  Furthermore, a qualified electronic signature based on a qualified certificate issued in one member state will be recognized as a qualified electronic signature in all other member states (Art. 25 eIDAS).

Within this definition, different new concepts have been introduced. You might learn about them on my next post (Part 2), along with trust service providers related information. We will talk about electronic signature certificates and the validity of the signature.

Leave a Comment