eIDAS provides clarity: The new regulation of the European Parliament, which has been in force since September 2018, has for the first time created a standard EU-wide, cross-border legal framework for the use of electronic identification and trust services/eIDAS). The regulation includes strict compliance requirements to identify signers and verify the authenticity of signed documents. It aims to facilitate secure and seamless electronic transactions within the EU. eIDAS now ensures these transactions have the same legal status as paper-based transactions. For companies operating in the EU, this means identity verification performed in one EU country also applies in all other member states and vice versa.

This mainly involves electronic signatures: Companies use them when they process orders, contracts and invoices online or send agreements, terminations and any other digital documents that require a signature. With the implementation of eIDAS, companies active across the EU now can be assured that their eSigned documents will be accepted in all EU countries.

The benefits of electronic signatures are primarily in time-savings. With both business and private customers, companies can sign contracts without having to meet face-to-face and without having to print, sign and scan the document. Documents are sent in a matter of seconds – not days as with mail – and there are no shipping costs. Additionally, archiving digital documents with eSignatures on a hard disk or a server in the cloud has major benefits in terms of space, cost and security compared to a hardcopy archive housed, for instance, in a basement. In addition to a read receipt for emails, electronic signatures also have a higher binding character. This also promotes compliance with agreements. In addition, with advanced and qualified eSignatures, it is clear who signed the document and whether it may have been modified subsequently. This creates trust between contract partners. International companies, for example, can thus fulfill their cross-border compliance requirements.

It is important to be aware of the different forms of eSignatures to be able to decide which signature should be used for a document. The terms "digital" and "electronic" signature are also often used interchangeably – this is incorrect. We explain the difference here:

What is a digital signature?

A digital signature refers to the technology used to encrypt advanced and qualified electronic signatures. For digital signatures, you can make use of off-the-shelf solutions from providers such as DocuSign or XiTrust. The asymmetric method generates two electronic keys, one public key and one private key. Documents that the sender encrypts with the private key can only be read by the recipient who has a public key. While the private key always remains secret, the public key is publicly available.

What is an electronic signature?

Electronic signatures are data added to an electronic document to confirm the signing of that document. Legally, they provide proof that neither the transmitted digital document nor the associated metadata or the signature itself was modified after sending. Using this data, the signature creator also proves his or her identity. According to the eIDAS regulation, electronic signatures are admissible as evidence in EU courts and can be divided into three security levels:

• Simple electronic signature  – The most commonly used form of eSignature (approx. 90 percent). The author is documented, for example via a scanned handwritten signature, the email signature or digital signing at the package acceptance. His or her identity cannot be proven. Since it has little evidential value in a legal dispute, the simple electronic signature is more common in informal documents such as permits, certificates, protocols or travel expenses. But it is also used for approvals in a business process with user ID and password.

• Advanced electronic signature – Sufficient for the majority of all agreements with business and private customers. It is assigned specifically to the sender via a unique verification key. This ensures authentication of the certificate holder and verifies the integrity of the data. If the recipient cannot decrypt the document using the sent public key, the signature is not authentic or the document has been modified subsequently.

• Qualified electronic signature – Necessary for signature standards with the highest legal relevance, such as in life insurance or loan agreements. It is the digital counterpart to the personal signature and additionally contains a certificate of a qualified trust service. This trust center generates a private and public key pair, and places the private key on a secure media such as a chip card. This electronic certificate can be decrypted using a card reader, and clearly confirms the identity of the signature creator. Thanks to these security measures, the qualified electronic signature is as legally binding in all EU member states as a document with a handwritten signature.

With the eIDAS regulation, the EU has created a further prerequisite to ensure companies in Europe are able to work together in an even more networked, binding and trusting manner. Electronic signatures are a tool designed to enable users to complete transactions faster and more efficiently.

In our next blog article on eSignatures, we’ll show you how the use of electronic signatures in enterprise content management systems can strengthen your business model and deliver concrete benefits in your daily business.