Blog General Compliance

eIDAS and Lightico: The Legality of eSignatures in the European Union

By Leor Melamedov

The new EU regulation number 910/2014 on eSignatures replaced the previous eSignatures Directive 1999/93EC on July 1, 2016. The new regulation, termed eIDAS (electronic identification and trust services), ensures online transactions for governments, individuals, and businesses can take place in a smooth and compliant way. Specifically, it covers the areas of trust services and electronic identification services. The purpose of the eIDAS was to enable frictionless digital transactions in countries spanning the European Union. It was designed to encourage high degrees of electronic trust across borders, making it an integral part of efficient and globalized business transactions.

What kinds of eSignatures does eIDAS govern?

According to the eIDAS regulation there are three types of eSignatures: simple, advanced, and qualified.

Simple electronic signatures

According to eIDAS, a simple electronic signature is a blanket term for all eSignatures. It covers every type of signature in which electronic data is attached to the signature and is used for the purpose of authentication. It is technology-neutral, so any electronic document or form can have such a signature embedded into it, such as Adobe PDF or Microsoft Word. Regardless of the type of technology it’s connected to, a simple electronic signature must demonstrate the signer’s intent, be created by the person who is providing consent, and should be inseparable from the document it’s signed on.

Advanced electronic signatures

An advanced electronic signature, as its name suggests, must include additional elements that guarantee the signer’s identity, and the security of the document. It must be uniquely linked to the signer and be connected to the data in such a way that any subsequent changes to the document, such as tampering, can be detected.

Qualified electronic signatures

Finally, the last type of signature defined by eIDAS is called a qualified electronic signature. Even though both advanced and qualified signatures are uniquely tied to the signer’s identity, qualified electronic signatures are based on qualified certificates. As such, they can only be issued by a Certificate Authority (CA), which is an industry-approved organization that regulates the integrity of such electronic signatures. A CA must be accredited and supervised by bodies assigned by EU member states, and meet the stringent requirements of eIDAS. Qualified certificates must be stored on a qualified signature creation device such as a USB token, a smart card, or a cloud-based trust service.

eIDAS and the legal standing of eSignatures

According to Article 25 of the eIDAS regulation, the legal admissibility of eSignatures is binding. It states: “An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.” A qualified electronic signature is considered equally binding as a wet signature, and its use is actually encouraged. The Commission Decision of October 16, 2009 (2009/767/EC) declares that to simplify procedures and encourage seamless cross-border business cooperation, “procedures by electronic means should rely on simple solutions, including as regards the use of electronic signatures.” Not only are electronic signatures legally valid, but they are promoted as a better alternative in many cases. Article 1 specifically states that all three of the electronic signature types can be accepted as legally binding. The Commission “In no way prevents member states from accepting any type of electronic signatures—normal, advanced, or qualified.” The eIDAS encourages adoption of electronic signatures by promoting national electronic ID cards and electronic signatures for digital and eCommerce transactions.