eIDAS: Are You Ready for the Changes in Europe?
Europe is entering a new digital era. On July 1, 2016, the electronic identification and trust services for electronic transactions (eIDAS) regulation will come into effect – a significant step forward for e-signature adoption in Europe. The new regulation comes at an opportune time. According to a 2015 report by Forrester Research, Europe lags behind the United States in terms of e-signature use and adoption, despite being a leader in mobile and electronic identification. This is due in large part to the fragmented legal frameworks in Europe as a result of the 1999 EU Directive. eIDAS effectively replaces the Directive and promises to make trusted communications between businesses, citizens and public authorities easier in Europe – removing the previous hurdles to cross-border recognition of e-identities and e-signatures.
What does this mean for companies doing business in Europe?
There is tremendous business value for organizations to move to an all-digital process with e-signatures. With the ability to fully digitize and automate business processes, e-signatures support faster and more secure document signing turnaround times, as well as reduced costs compared to manual, paper-driven processes.
Clearer definitions for trusted services and e-signatures in the new eIDAS Regulation will undoubtedly increase business and consumer confidence in digital transactions and encourage European organizations to use them for their day-to-day business needs. This will in turn help move the needle on electronic signature use and adoption in Europe in 2016 and beyond.
How eSignLive complies with eIDAS
As organizations put measures in place to comply with eIDAS, they need to ensure the solutions they evaluate and select meet the requirements for advanced and qualified e-signatures. In the eSignLive Spring ’16 Release, we offer a new option for organizations who operate in industries and geographies that require the use of personal digital certificates (also known as qualified certificates in Europe).
eSignLive meets the eIDAS requirements for the Qualified E-Signature and supports use cases when a qualified certificate (or any digital certificate based on the X.509 standard) is used by the signer for e-signing. The certificate can be stored on the user’s system, smart card or hardware token to authenticate the digital identity of the signer and carry out the signing process.
This new option is in addition to eSignLive's built-in support for broader e-signature use cases using the more common server-side signing approach with the Advanced E-Signature. Because no hardware devices or the issuance of smart cards are required, deployment is typically quicker and less costly, and adoption for customer-facing transactions is higher – while still meeting the stringent requirements needed to ensure enforceability and auditability. Access to the document for signing is only given after the user has been uniquely identified and authenticated into the system.
What about data security and data residency in Europe?
Selecting an e-signature solution that complies with eIDAS is only one part of the equation. For many organizations, the solution must also ensure data stays on European soil. Contracts, agreements, account opening documents, loan applications, and disclosures all contain personal information that is often subject to regulatory and export controls. For this reason, where your e-signature service and data are hosted is of utmost importance.
In his report on Five Cloud Data Residency Issues That Must Not Be Ignored, Gartner analyst Brian Lowans underlines the seriousness of data residency by stating, "It is really important to understand where data is stored, and to classify any data that is subject to regulatory or export controls. Enterprises need to put in place a corporate plan that reviews data compliance, government access laws and security requirements prior to negotiations with service providers."
With eSignLive, European customers can choose to have their e-signature data reside in Europe with the availability of eSignLive hosted on IBM SoftLayer data centers in the United Kingdom and Germany. Our solution not only provides organizations in Europe with choice and helps them meet data residency requirements, but also ensures minimal data latency and optimal performance.
Beyond data residency, look for an e-sign solution that has completed a rigorous security audit such as the SOC 2 Type II attestation, that ensures the service is continuously monitored and protected against unauthorized access, use and modification – day in and day out.
A legal perspective
Still confused by the changing landscape in Europe, including eIDAS and how it applies to your business? Join Lorna Brazell, IP lawyer at international law firm Osborne Clarke and Michael Laurie, VP Product Strategy at eSignLive by VASCO on March 23rd for a complimentary 60-minute webinar on eIDAS and how the new regulation can help your business transact digitally throughout Europe.