An electronic signature is meant as a replacement for the traditional handwritten signature. It's in the form of electronic data and is associated with other data in electronic form, such as a document.
The benefits are many and one of them is speed. By removing physical logistics, doing business is made much easier, especially internationally.
Saving costs is perhaps the biggest factor. Postage, printing and paper are now a thing of the past. And by automating the validation and archiving of signed documents, a lot of time and can be saved.
A brief explanation about what electronic signatures and their benefits are
What does legally valid mean. And which laws and regulations should you consider.
Higher does not equal better. Pick the right tier that matches your needs.
The electronic signature is not a new concept. The EC (European Commission) already drafted the e-Signature Directive in 1999. And in The Netherlands the electronic signature law was passed in 2003.
Still this was not enough to stimulate large scale adaptation in Europe. Largely because the legislation could still differ per country. In the United States this was different thanks to the ESIGN ACT.
The new eIDAS (Electronic Identification and Trust Services) regulation brought the necessary change. Since 1 juli 2016 all EU member states are required to follow the same standardsmore about eIDAS
Electronic signatures are legally valid thanks to eIDAS. But what does this mean? Just like traditional signatures, they can now be used as evidence in a courtroom.
But that does not mean they are holy. Both electronic and traditional signatures can be disputed. In that case, it is up to you to prove that the person has really signed.
It is therefore extremely important to record and secure the process of creating the electronic signature. To achieve this, eIDAS describes three tiers of electronic signatures: 'standard', advanced and qualified.
"Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign"
Simply entering a check mark, your name or 'agreed' on a website can already be an electronic signature. This doesn't have to resemble like your handwritten scribble in any way.
The big advantage is that this type of signature is very easy to use for the signatory.
The disadvantage is that this type of signature is easy to dispute. It is quite possible that another person has completed the form because their are no checks being done. So the risk of fraud is high.
For this tier, the identity of the signatory must be uniquely linked to the signature.
This can be done by basing the signature on data that only the signatory has at his/her disposal. For example, access to a specific device, phone number or bank account. But other methods are also possible.
Another requirement is that the signature and the associated data are protected against future changes.
In practice, proven techniques are used to achieve this, such as encryption and digital signatures. This makes an advanced electronic signature a well balanced solution that combines easy-of-use, cost and strong legal proof.
Qualified Electronic Signatures are the only exception where eIDAS requires specific technology. Documents must be provided with a certificate issued by a TSP (Trusted Service Provider).
This means that every signatory must first identify themselves with the TSP. This makes the qualified electronic signature very secure, but also too impractical and costly for most applications.
The qualified electronic signature is therefore best applied to agreements of very high value and high potential risk. For example the ownership transfer of real estate.
|Connected to other data||Yes||Yes||Yes|
|Uniquely connected to the signatory||Optional||Required||Required|
|Identification of signatory||Optional||Required||Required|
|Two-factor Authentication (2FA) ¹||Optional||Required||Required|
|Detection of changes²||Optional||Required||Required|
|Secured with a certificate³||Optional||Optional||Required|
|Certificate issued by a TSP||Optional||Optional||Required|
|Enclosed data for validation||Optional||Optional||Required|
The risk of fraud is drastically reduced if, during a login session, the user not only has to enter his username and password (something he knows) but also needs something he "has" - like his cell phone - to complete the login session. This second factor of authentication can, for example, be a One Time Password or verification via the Authenticator app.
PDF documents are hard to adjust for the average person. However, it could be possible that someone changes your signed documents. For example, by adjusting the terms of a contract. Thanks to a digital certificate, every modification to the original document can be traced. Simply put, the digital signature of the certificate no longer matches the document as soon as it is adjusted. Thanks to cryptographic calculations that only work in one direction, this cannot be forged.
Certificates are issued by special Certificate Authorities (CA). Certificates can expire and be withdrawn, making it possible to validate the validity of documents even after a long time. According to eIDAS, a certificate is not required for an advanced electronic signature, but in practice this is almost always used. This is because a certificate is the most common way to meet the other requirements of an advanced electronic signature.
Selecting a country will show relevant information for that region and may change the language.