Types of electronic signature
The eIDAS Regulation defines three levels of electronic signature, with increasing levels of technical trustworthiness and therefore credibility in legal proceedings:
Standard Electronic Signatures
- Standard electronic signatures can only be used by individuals.
- The eIDAS Regulation provides a broad definition of what an ‘electronic signature’ is without reference to any specific technologies: data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
- For example, you can sign a document simply by scanning your signature or digitally ticking a box in a document.
- At this basic level there is no way of knowing the true identity of the person who has ‘signed’ the document and there is no way to tell that the file/document hasn’t been tampered with.
Advanced Electronic Signatures
- Advanced Electronic Signatures (AdES) overcome the limitations of basic electronic signatures.
- AdES must be uniquely linked to the signatory and can authenticate the signer and the document.
- Furthermore, it must enable the verification of the integrity of the signed agreement, i.e. detect if it has been tampered with.
- This authentication is normally provided with a digital certificate issued by a Certificate Authority.
- Signers create their signature using data solely under their control and the final document is tamper-evident.
Qualified Electronic Signatures
- Qualified Electronic Signatures (QES) are a stricter form of AdES and, under the eIDAS regulation, the only signature type given the same legal value as handwritten signatures.
- Qualified Electronic Signatures are based on Qualified Certificates which can only be issued by a Certificate Authority which has been accredited and supervised by authorities designated by the EU member states and meet the requirements of eIDAS.
- Qualified Certificates must also be stored on a qualified signature creation device such as a smart card, a USB token, or a cloud based trust service.