Electronic signatures

Everything you need to know about legality and how to use them

Overview

An electronic signature is meant as a replacement for the traditional handwritten signature. It's in the form of electronic data and is associated with other data in electronic form, such as a document.

The benefits are many and one of them is speed. By removing physical logistics, doing business is made much easier, especially internationally.

Saving costs is perhaps the biggest factor. Postage, printing and paper are now a thing of the past. And by automating the validation and archiving of signed documents, a lot of time and can be saved.

  1. language Created with Sketch.

    Benefits

    A brief explanation about what electronic signatures and their benefits are

  2. information Created with Sketch.

    Regulation and legality

    What does legally valid mean. And which laws and regulations should you consider.

  3. settings Created with Sketch.

    3 tiers of electronic signatures

    Higher does not equal better. Pick the right tier that matches your needs.

Regulation

The electronic signature is not a new concept. The EC (European Commission) already drafted the e-Signature Directive in 1999. And in The Netherlands the electronic signature law was passed in 2003.

Still this was not enough to stimulate large scale adaptation in Europe. Largely because the legislation could still differ per country. In the United States this was different thanks to the ESIGN ACT.

The new eIDAS (Electronic Identification and Trust Services) regulation brought the necessary change. Since 1 juli 2016 all EU member states are required to follow the same standards

more about eIDAS
what is eIDAS

Legally valid

Electronic signatures are legally valid thanks to eIDAS. But what does this mean? Just like traditional signatures, they can now be used as evidence in a courtroom.

But that does not mean they are holy. Both electronic and traditional signatures can be disputed. In that case, it is up to you to prove that the person has really signed.

It is therefore extremely important to record and secure the process of creating the electronic signature. To achieve this, eIDAS describes three tiers of electronic signatures: 'standard', advanced and qualified.

Legally valid

Technology neutral

eIDAS describes electronic signatures without mentioning specific technologies. This was deliberately done to leave room for innovation. The flip side of this is that there may be confusion due to different interpretations. Our advice is to look carefully at the regulations yourself when in doubt.

Electronic signature

"Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign"

Simply entering a check mark, your name or 'agreed' on a website can already be an electronic signature. This doesn't have to resemble like your handwritten scribble in any way.

The big advantage is that this type of signature is very easy to use for the signatory.

The disadvantage is that this type of signature is easy to dispute. It is quite possible that another person has completed the form because their are no checks being done. So the risk of fraud is high.

Electronic signature

Advanced electronic signatures

For this tier, the identity of the signatory must be uniquely linked to the signature.

This can be done by basing the signature on data that only the signatory has at his/her disposal. For example, access to a specific device, phone number or bank account. But other methods are also possible.

Another requirement is that the signature and the associated data are protected against future changes.

In practice, proven techniques are used to achieve this, such as encryption and digital signatures. This makes an advanced electronic signature a well balanced solution that combines easy-of-use, cost and strong legal proof.

Advanced electronic signatures

Qualified Electronic Signatures

Qualified Electronic Signatures are the only exception where eIDAS requires specific technology. Documents must be provided with a certificate issued by a TSP (Trusted Service Provider).

This means that every signatory must first identify themselves with the TSP. This makes the qualified electronic signature very secure, but also too impractical and costly for most applications.

The qualified electronic signature is therefore best applied to agreements of very high value and high potential risk. For example the ownership transfer of real estate.

Qualified Electronic Signatures

Comparison

3 tiers compared

Standard Advanced Qualified
Legally valid Yes Yes Yes
Connected to other data Yes Yes Yes
Uniquely connected to the signatory Optional Required Required
Identification of signatory Optional Required Required
Two-factor Authentication (2FA) ¹ Optional Required Required
Detection of changes² Optional Required Required
Secured with a certificate³ Optional Optional Required
Certificate issued by a TSP Optional Optional Required
Enclosed data for validation Optional Optional Required

Two-factor Authentication (2FA) ¹

The risk of fraud is drastically reduced if, during a login session, the user not only has to enter his username and password (something he knows) but also needs something he "has" - like his cell phone - to complete the login session. This second factor of authentication can, for example, be a One Time Password or verification via the Authenticator app.

Detection of changes²

PDF documents are hard to adjust for the average person. However, it could be possible that someone changes your signed documents. For example, by adjusting the terms of a contract. Thanks to a digital certificate, every modification to the original document can be traced. Simply put, the digital signature of the certificate no longer matches the document as soon as it is adjusted. Thanks to cryptographic calculations that only work in one direction, this cannot be forged.

Secured with a certificate³

Certificates are issued by special Certificate Authorities (CA). Certificates can expire and be withdrawn, making it possible to validate the validity of documents even after a long time. According to eIDAS, a certificate is not required for an advanced electronic signature, but in practice this is almost always used. This is because a certificate is the most common way to meet the other requirements of an advanced electronic signature.

Read to start?

Check out CM Sign to start with eSigning today. Or contact us for more information, use the button below or call us at +3176-2012696

CM Sign Contact us

Select Your Country

Selecting a country will show relevant information for that region and may change the language.