As the digitization of our society increases, we see that more and more transactions are no longer taking place physically but online. Determining the right identity of a person is central to this.
It’s therefor no surprise that the legal framework for the use of the digital signature has been tightened by the European Union. On July 1st, 2016, the regulation (EU) Nr. 910/2014 entered into force, also known as the eIDAS regulation.
A digital signature can best be described as a process where you determine a number of things;
- Identity, who are you?
- Authenticity, is it true what you say?
- Integrity, how unchangeable is the information?
Depending on the purpose for which the signature is used, we can determine the reliability level at Eclipse. The reliability can be divided into different levels (from light to heavy);
- Electronic signature: data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
- Advanced electronic signature: An advanced electronic signature shall meet the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and (d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
- Qualified electronic signature: An advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures;
The Electronic signature (No. 1) can be seen as, for example, a picture of a scanned handwritten signature, here the reliability level is not very high. However, higher requirements apply to the other two signatures.
The advanced electronic signature (No. 2) can be used as evidence in legal proceedings and makes higher demands. An asymmetric key pair is used and a certificate-based digital ID is assigned to each signer by a trusted certification authority (CA) and the signature is supported by PKI (Public Key Infrastructure) technology.
The qualified electronic signature (No. 3) is the heaviest and is the only one in the EU seen from a legal point of view on the same level as the handwritten signature. The same requirements apply as signature no. 2 only here, among other things, the validity is determined by a real-time face-to-face check of the identity of the applications.
Generally, the advanced electronic signature (No. 2) is most commonly used in the market. Do you wonder which digital signature is suitable for your procedure? Do you have additional questions about this article?
Please contact us.