Electronic transactions increase fluidity to conduct business with anyone from anywhere. But, a lack of trust in electronic transactions can be a huge bottleneck in digital growth.
Any doubts on legal compliance of electronic signatures can deter people and businesses from embracing it.
The enactment of eIDAS regulation has been a game-changer. It was created to build trust in electronic transactions among the nationals, businesses, and governments of the European Union (EU). It plays a key role in establishing a Digital Single Market (DSM) in the EU and governing the use of electronic signatures.
Read on to learn all about the eIDAS regulation and its basic principles, governing guidelines, electronic signatures, benefits, and legal impact.
What is eIDAS? What is its purpose?
The Electronic Identification, Authentication, and Trust Services (eIDAS) came into force on July 1, 2016. It is also known as EU Regulation No. 910/2014 of the European Parliament and of the Council of 23 July 2014.
The adoption of eIDAS regulation repealed and replaced the Electronic Signatures Directive 1999/93/EC.
The aim of eIDAS is to strengthen trust in electronic transactions by providing a standard base for secure electronic communications across all the states in the EU. The eIDAS regulation:
- Fixes the irregularities in electronic transactions
- Builds trust and confidence among citizens, businesses, and public authorities w.r.t. the reliability and security of online processes
eIDAS Timeline
Here are a series of events that took place in the eIDAS regulation:
2014: The adoption of eIDAS regulation
2015: Voluntary recognition of electronic identification (eID). Establishment of an eID interoperability framework, addition of eID assurance levels, formats for advanced electronic signatures, technical specifications for national trust lists, and EU trust mark for qualified trust services
2016: The eIDAS regulation replaces the electronic signature directive. Trust service rules apply, and voluntary use of the EU ‘trust mark’ becomes available.
2018: Cross-border recognition of ‘eID means’
Who is eIDAS for?
Any individual, business, or public authority transacting electronically through electronic signatures in the European Union should comply with the eIDAS regulation.
What does eIDAS cover?
To accomplish a Digital Single Market, the eIDAS regulation has created some standards that apply within individual member states and between the member states of the European Union:
1. Cross-border recognition of nation electronic identification schemes (eIDs)
First, what is an electronic identification (eID)?
As per the eIDAS regulation, electronic identification means “the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person.”
An eID is a digital identity of citizens or organizations that authenticates them in a digital environment and makes them eligible to use online services or conduct business anywhere in the European Union.
It allows businesses to expand their customer base by providing a trusted identification of customers and businesses in other EU countries. It comes in handy, especially when dealing with restricted goods like alcohol or carrying out high-value transactions.
An eID is eligible in both B2B and B2C transactions.
What is an electronic identification scheme (eIDs)?
According to the eIDAS regulation, the national electronic identification scheme is “a system for electronic identification under which ‘electronic identification means’ are issued to natural or legal persons, or natural persons representing legal persons.”
- FAS/eCards and itsme in Belgium
- The National identification and authentication system in Croatia
- The national identification of the Czech Republic
- The Estonian eID scheme
- The German eID based on Extended Access Control
- The SPID scheme in Italy
| Quick Bite: Definition of ‘electronic identification means’ A material and/or immaterial unit containing person identification data and is used for authentication for an online service. – Material units are accepted information units like digital identity cards with a chip that holds a person’s identification data. – Immaterial units are accepted information units like sim cards or mobile apps that contain a person’s identification data. – ‘eID means’ is basically a particular method to confirm one’s identity in a digital space, which follows an eID scheme and is supplied by an eID provider. How does eIDAS boost an interoperability framework? Under the eIDAS regulation, the EU member states are needed to establish a common framework that will recognize electronic identification schemes from other member states and ensure their authenticity and security. This brings convenience and ease to conduct cross-border business. |
How does eID help?
Envision a world where the residents of the EU could conveniently pick any member state to work, expand their business, travel, or relocate.
A world where they can electronically avail public services of their current country, regardless of the place where the services were first made.
With their national eID, the citizens can access a range of public services in any country of the EU like:
- Submitting tax returns
- Applying or converting a driver’s license
- Applying for a pension
- Managing social security services
- Applying for university
- Requesting a residence certificate online
- Setting up business in any country of European Union
It tremendously brings down the paperwork, time, and money required for in-person or email validation.
Here are the other benefits when one EU member state recognizes electronic identification from all other EU member states –
- It accelerates the identification process and saves both time and money
- It increases convenience for citizens and businesses by allowing them to use their existing national ID
- It provides greater security in cross-border transactions.
| Explore More: Check out the eIDAS Interactive Tool to understand an eID system in cross-border online transactions. |
2. An internal market of “electronic trust services” (eTS) that carry the same legal weightage as traditional paper-based processes
What are electronic trust services?
Electronic trust services are the cornerstone of the eIDAS regulation as they facilitate electronic identification and transaction in a highly secure environment.
| According to the eIDAS regulation, trust service means an electronic service normally provided for remuneration which consists of: a) The creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services, and certificates related to those services; or b) The creation, verification, and validation of certificates for website authentication; or c) The preservation of electronic signatures, seals, or certificates related to those services. |
Who provides electronic trust services? – Trust service providers (TSPs)
The trust service providers provide these trust services.
According to the eIDAS regulation, “a trust service provider means a natural or legal person who provides one or more trust services either as a qualified or a non-qualified trust service provider.”
Trust service providers can be of two types – qualified trust service providers and non-qualified trust service providers.
A non-qualified trust service provider can be any company who provides trust services but doesn’t meet all the requirements laid out in the eIDAS regulation.
The qualified trust service providers undergo a rigorous qualification process to earn the qualified status and get their name on the EU trust list. A qualified trust service provider is closely followed and monitored by the supervisory body.
A trust service provider with qualified trust services is also given an EU ‘Trust Mark’ that symbolizes a higher standard of security.
| Explore More: Want to avail electronic services and looking for a trust service provider? Visit the Trusted List Browser and find a qualified trust service provider for your business! |
What are the electronic trust services covered under the eIDAS regulation?
Electronic seals
An electronic seal means “data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity.”
In simple words, you can think of them as a digital equivalent of company stamps used on documents to certify and protect data integrity and trustworthiness.
| According to Article 35 of the eIDAS regulation – “an electronic seal shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic seals.” |
The eIDAS regulation identifies three levels of electronic seals:
1. Electronic seal that was just described above
2. Advanced electronic seal that satisfies the demands of Article 36 –
- It is uniquely linked to the creator of the seal.
- It is capable of identifying the creator of the seal.
- It is created using ‘electronic seal creation data’ that the creator of the seal can use under their sole control with a high level of confidence
- It is linked to the data to which it relates in such a way that any subsequent change in the data is detectable.
3. Qualified electronic seal, which is created using a qualified electronic seal creation device and is based on a qualified certificate for electronic seal.
Electronic timestamps
These denote the date and time affixed on an electronic document which establishes evidence that the document existed at that time and has not changed since then. Timestamps bring accountability to the transaction.
| According to Article 42, a qualified electronic time stamp shall meet the following requirements: – It binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably. – It is based on an accurate time source linked to Coordinated Universal Time. – It is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider or by some equivalent method. |
Electronic signatures
As per the eIDAS definition, an ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
The electronic signature described in the eIDAS regulation covers and accepts a wide range of electronic signatures, which could be – a scanned image of signature, clickwrap signatures (I accept, I agree), electronic signatures, and digital signatures.
Three types of electronic signatures are given legal weightage under the eIDAS regulation – simple electronic signatures, advanced electronic signatures, and qualified electronic signatures. We will discuss the types of electronic signatures in detail later.
Electronic registered delivery services (ERDS)
The electronic registered delivery services provide robust and secure infrastructure with evidence for electronically transferring documents (or data) between two entities or systems. The electronic delivery services:
- Build trustworthiness
- Minimize the risk of data being stolen, lost, or tampered
- Increase efficiency and trust
- Enhance document tracking
Certificate for website authentication
‘Certificate for website authentication (WAC)’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued. The WAC –
- Certifies that the owner of a website is reliable and identifiable by trustworthy information
- Helps in keeping phishing sites at bay and protects your business from online scams and frauds
- Increases consumer trust
| Explore More: Find out how electronic ID and trust services help: – Financial services sector – Online retail sector – Professional services sector – Transport sector |
What are the benefits of eIDAS regulation?
The implementation of the eIDAS regulation benefits both businesses and citizens in a significant manner –
Reduced paperwork load – Online administrative services minimize the administrative load and paperwork. It allows citizens to move to a new country in the EU conveniently, access public services, open a bank account, or start a new business through online administration.
Legal protection – The legal security of electronic transactions builds trust both within the country and in cross-border electronic transactions.
Transparency – The legal framework and tools provided in the eIDAS regulation make the whole process of electronic transactions standardized and transparent.
Accountability – It authenticates the information flows and creates a chain of accountability around online transactions.
Flexibility and convenience – It brings ease to close documentation and signature work online from any location and device.
Efficient procedures – Streamlined and simplified procedures that lead to reduced costs and increased profits.
| How does eIDAS help? A quick example Before eIDAS regulation: Let’s say, Janet, who lives in Germany, is looking for an apartment on rent in Finland, where she will be shifting soon to start her new job. She found a great deal online and contacted the owner to start the documentation process. The real challenge came when she found out that the German and Finnish principles of electronic identification and document signing are different. The Finnish government was unable to verify Janet’s online identity and accept her electronic signatures remotely. Janet was running out of time, and she really didn’t want to lose this deal. To do so, she got into the back and forth email exchanges with the Finnish bank. She reached out to a local bank in Germany to find notary services to authenticate her electronic signature. But, all this tedious paperwork took longer than expected, and the owner rented out the apartment to someone else. After eIDAS regulation: Same scenario, but this time Janet is using an eID and qualified electronic signature solution. She used her national eID to complete the transaction and signed it remotely through a trusted service provider. The eID and qualified electronic signature make the transaction valid, and Janet closes the deal in a snap. |
What are the types of electronic signatures in eIDAS?
The eIDAS regulation provides three categories of electronic signatures – simple, advanced, and qualified electronic signatures.
Simple Electronic signatures
An electronic signature means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
A simple electronic signature is technology-neutral, meaning it doesn’t rely on any particular technology to qualify an electronic signature. It can be a typed name or even a scanned copy of the wet signature; however, it should meet the basic requirements like:
- Displaying the signer’s intent
- It should be made by the signatory associated with the signature
- Association of an electronic signature to the document
Advanced electronic signatures
Simple electronic signatures bring the ease of eSigning the document in any accepted form. But they are also vulnerable to forgery and tampering and need extra evidence to reinforce the legal validity of electronic signatures.
Advanced electronic signatures lay down stricter requirements to bolster your documents’ authenticity, identification, and security.
As explained in Article 26 of the eIDAS regulation, an advanced electronic signature must meet the following requirements. An advanced electronic signature must be:
- Uniquely linked to the signer
- Capable of identifying the signer
- Created using electronic signature creation data that the signatory can use under their sole control with a high level of confidence
- Linked to the data signed in such a way that any subsequent change in the data is detectable
Qualified electronic signatures
A qualified electronic signature (QES) is granted a special status across all the EU member states.
A qualified electronic signature should be:
- Created using a qualified signature creation device (QSCD)
- Backed by a qualified certificate issued by an EU trust service provider registered in the EU Trusted List (ETL)
Qualified certificates are required to be stored on a qualified signature creation device such as a USB token, a smart card, or a cloud-based trust service.
The certificate provides proof of authentication that ensures that the electronic signature is trustworthy and original.
| Article 24 of the eIDAS regulation states that a qualified electronic signature: – Shall have the equivalent legal effect of a handwritten signature – Based on a qualified certificate issued in one member state shall be recognized as a qualified electronic signature in all other member states |
Legal admissibility of electronic signatures under eIDAS
There are no mandatory requirements laid out in the eIDAS regulation specifying what forms a contract. So, the good news is that a contract can be formed between parties, even with a simple electronic signature. The eIDAS regulation precisely captures this in its fundamental rule.
Article 25 of the eIDAS regulation states that “an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.”
This ensures that all three types of electronic signatures are court-admissible in the EU.
A simple signature is easy to do and adds the convenience of eSigning a document without any hassle. However, there might be times when a transaction requires more than a simple electronic signature like in loan applications, credit card applications, property sale and purchase, etc.
Though the law doesn’t mandate the use of a particular signature type, it is advisable to use an electronic signature type based on the sensitivity of the transaction and associated risks.
Before proceeding with an electronic transaction with the other party, it is recommended to go through due diligence and:
- Examine the administrative and legal angle to understand the limitations and risks pertaining to the application of electronic signatures in your case
- Understand what’s at stake if things go sideways like financial loss, productivity loss, business loss, etc.
- Analyze the level of security required to safeguard the transaction
Revv & eIDAS
Revv is a modern electronic signature solution that complies with global and local laws. It enables individuals, professionals, and businesses to run their business anywhere, anytime, and from any device.
Revv provides top-notch security protection with multiple layers of encryption and AWS global cloud certification – CSA, SOC 1, SOC 2, and ISO 2700.
It offers bank-grade electronic signatures with a pool of automation features to execute electronic signatures safely and effectively.
Revv gives you three options to choose from when sending your document for electronic signatures – click-to-sign, draw a signature, or click-to-initial.
Revv gives its users the liberty to choose between clickwrap/soft signatures and electronic signatures based on the type of document requirements. Soft signatures are suited for documents that don’t demand an electronic signature; instead can be closed with the acceptance of the recipient. These are similar to clicking on “I accept” or “I agree” when you accept cookies or download an app.
If you want to send your documents for internal approvals before sending them for eSigning, Revv lets you automate and speed up the approval process.
Want to send your document in bulk to multiple recipients for electronic signatures? Revv’s ‘Bulk Send’ feature enables you to do that.
Revv’s ‘Activity’ tab helps you keep an eye on your signing process and tracks its progress. Additionally, Revv sends you notifications and keeps you updated on the same.
On top of it, Revv gives you a library of 1000+ legally vetted templates and a rich drag and drop editor to create documents on the go.
Finally, Revv gives forever cloud storage and keeps all your electronic records safe, organized, and easily accessible.
| Accelerate your document closure with Revv! Sign up for free! |
How does Revv comply with eIDAS?
According to the eIDAS regulation, adding your name to an email or making a signature to acknowledge the delivery of a parcel can also count as a simple electronic signature. However, when challenged in court, such instances may lack supporting evidence to prove the authenticity of electronic signatures.
Revv’s electronic signature solution strengthens and attaches legal value to a simple electronic signature by:
1. Providing legal proof of the signer’s intent
Revv enables signers to decide whether or not they want to sign the documents electronically. It gives them an option to reject the eSigning request by clicking on the ‘Decline to sign’ button, thus, capturing the intent.
2. Associating the signature with the document
When eSigned, Revv permanently attaches the signature with the document along with the signer’s name and the date and time stamps, making the signature an inalienable part of the document.
3. Capturing proof of validity
Revv provides the proof of signing ceremony – an evidence summary that captures end-to-end audit trail and registers each move of the signer in the signing process.
Audit trail brings assurance and compliance to electronic signatures and boosts the confidence of people, businesses, and public administrations in embracing it.
Revv provides comprehensive audit trails that include:
- Documents presented
- Signer details – name, email id, role, and a unique id
- Actions taken by the signer – login, open, review, acceptance, and signatures
- IP address
- Type of authentication process used
- Date and time stamp of each activity
Watch the below video to learn how Revv authenticates and validates electronic signatures by providing a full audit trail.
Revv further reinforces the validity of electronically signed documents by:
1. Enabling SMS-OTP-based authentication to verify the recipients.
2. Providing signers an option to record their video stating they accept the document before hitting the ‘Accept document’ button.
In crux, Revv raises the security and legal admissibility bar of a simple electronic signature.
It locks the integrity of a document and provides you with solid evidence that precisely captures every step of the signature process.
4. Forever access to electronic records
Revv uses AWS SSE-S3 (Amazon Web Services Server-Side Encryption) to ensure a secure and lifetime cloud storage of all signed records.
You can access the signed document and associated records anytime in Revv. But, you don’t have to rely on Revv to access this information, i.e., you can always download and keep a copy of records with you. Revv provides multiple options to do the same –
1. Download a document’s copy from the Revv account
2. Download documents immediately after the signing process is complete.
Once the document is signed, Revv gives an option to download the signed document before closing the browser window. This, in particular, helps the signers who don’t have a Revv account.
3. Download the signed copy via email
Revv emails a signed copy of the document to all the parties.
Conclusion
eIDAS brings uniformity in electronic transactions and makes them more secure across EU member countries. It builds cross-border trust and boosts digital transactions.
The eIDAS regulation is a crucial step to live the dream of a Digital Single Market. It streamlines the electronic identification and signing process and aids in economic growth.
Revv’s electronic signature solution is effortless to deploy, and it takes the electronic signing experience a step further. It protects the integrity and security of simple electronic signatures. It empowers users to digitize and automate their document processes with full conviction, no matter where they are located and which device they use.
Want to know more on how Revv makes the electronic signatures legally valid.
Reach out to us at sales@revv.so.
| Note: Disclaimer: This article intends to provide you information on the legal framework of eIDAS regulation. However, Revv cannot provide legal advice. Laws and regulations can change frequently, and we don’t guarantee that the details in this article stand correct all the time. Please consult legal counsel if you need to know about the legality and implementation of electronic signatures in your location. Revv disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy. |
Frequently Asked Questions
The electronic identification, authentication, and trust services or eIDAS regulation provides a legal framework for secure electronic identification and authentication of electronic documents across all EU member states. An eIDAS compliant electronic transaction means it is created lawfully and is completely safe & effective.
The eIDAS regulation ensures that electronic transactions within a country or between EU member states are safe and legally valid. It enables flawless and convenient cross-border electronic interactions with strict security measures in the European Union.
