The eIDAS regulation introduced in 2016 establishes uniform standards for signing electronic documents in the EU. Its goal is to provide a common framework for the cross-border use of electronic IDs and trust services in Europe. In this article, we take a closer look at the eIDAS regulation and how an enterprise content management system (ECM system) can help your business to ensure compliant electronic identification processes.

The eIDAS regulation (Electronic Identification And Trust Services) provides standardized guidelines for electronic IDs and trust services in the EU. It enables the recognition of electronic signatures in court as legally binding evidence and defines qualified signatures that have the same legal status as handwritten signatures.

Who has to comply with the eIDAS regulation?

As an EU regulation, the eIDAS regulation is directly applicable to all 27 member states of the European Union, as well as in the United Kingdom, Iceland, Norway and Liechtenstein. The regulation applies to all public administration and stipulates that cross-border identification must be based on mutual recognition of the national electronic ID systems of member states.

An electronic signature (also known as an eSignature) confirms the signature of an electronic document, serves as proof of identity, and can be accepted as evidence before EU courts in accordance with the eIDAS regulation. Companies use them, for example, to process POs, orders and invoices online or to furnish contracts, notices of termination, and other digital documents with the required signature.

The eIDAS regulation distinguishes differing types of eSignatures:

Simple electronic signature

In the context of the eIDAS regulation, the term "electronic signature" means the digital form of a signature that the signer uses to confirm or approve a document, for example, a scanned handwritten signature. This documents the originator. However, their identity remains unchecked. As a result, this is a “simple” form of eSignature.

Advanced electronic signature 

Advanced electronic signatures require clear assignment to the signer, enable identification, use signature creation data, and are linked in such a way that subsequent changes to the data are recognized.

Qualified electronic signature

The qualified electronic signature has a special legal meaning within the EU member states, and is equivalent to the conventional handwritten signature. Its use requires careful identification and a corresponding qualified certificate.

Note: In addition to the qualified eSignature, it is possible to add a qualified time stamp to a document. This ensures that the document was actually created at the time specified.

Tip: Under "eSignatures: A technology with big value", you can learn more about the different types of eSignatures and when to use each.

In addition to the electronic signature, there is also the electronic seal. Here’s how it differs from an eSignature: a seal can only be assigned to legal entities and is used exclusively as proof of origin. It is used wherever a personal signature is not required, but proof of authenticity is desired, for example, in the case of official notifications.

In cases with high legal relevance, you need a certification service from a government-accredited trust service provider. After registration, which is often accompanied by clear identification using methods such as video identification, you will be given access to the system. You will now be able to electronically sign documents with special software.

Note: Ideally, your document management system (DMS) has an interface to the signature software that will enable you to digitally sign documents directly from your DMS.

What does the Trust Services Act regulate?

The Trust Services Act (VDG) forms the core of the eIDAS regulation and regulates various electronic trust services, including the issuing of eIDAS certificates for advanced and qualified signatures. Providers who offer trust services for electronic transactions have to obtain a corresponding qualification status from the responsible supervisory body. DocuSign and Adobe Acrobat Sign are examples of two qualified trust service providers.

The eIDAS regulation governs the recognition of electronic signatures and trust services in the EU, but not the specific requirements or the type of signature. This is left to the national laws of the member states.

• In Germany, the Act on the General Terms for Electronic Signatures and for Changing Other Regulations (Signature Act – SigG) governs the national signature law. It implements the requirements of the eIDAS regulation, defines requirements for different signature types and trust service providers and sets rules for the legal recognition and use of electronic signatures.
• Switzerland regulates the use of electronic signatures and trust services in the Federal Law on Electronic Signatures (ZertES). It defines different types of signatures and specifies requirements for their use in order to ensure legal recognition and the interoperability of trust services.
• In Austria, the Federal Law on Electronic Signatures governs the use of electronic signatures and trust services.

The eIDAS directive for electronic transactions in the EU imposes strict compliance requirements to identify signers and ensure the authenticity of signed documents. With advanced and qualified electronic signatures, for example, it is important to be able to clearly identify who signed the document, when, and whether changes were made subsequently.

ECM software helps substantially to meet these high compliance requirements. An ECM system achieves through the following capabilities:

• Ensuring transparency throughout the entire authoring and signature process
• Protecting documents and data against unauthorized changes, overwriting and deletion
• Providing differentiated access security for documents
• Enabling the secure exchange of signed documents and data

The introduction of the eIDAS signature has established uniform European standards for electronic identification and trust services. It enables the legally binding recognition of electronic signatures as evidence and equates qualified signatures with handwritten signatures. A modern ECM system supports this compliance and ensures transparency, document protection and secure data exchange.