One Word Will Impact E-Signature Adoption in Europe
One little word will soon be the most significant development for e-signature adoption in Europe. The Electronic ID and Trust Services (eIDAS) regulation will come into force July 2016, effectively opening the floodgates for mainstream adoption of e-signatures across the EU. That word: uniformity. The 1999 European Union Directive as it pertains to e-signatures, required members to achieve a particular result without dictating the means of achieving it. Each country was free to create their own framework and rulings around e-signatures and enact them into law. The resulting differences in e-sign laws across the EU have made it challenging for countries to accept each other’s e-signatures and transact across borders.
eIDAS Regulation to Replace EU Directive
eIDAS is a regulation passed by the European parliament which will replace the EU Directive. It applies uniformly to all 27 European Union member states. This prevents individual countries from enacting their own interpretation of the regulation – making it easier to do business digitally throughout Europe. As a result, Forrester Research sees Europe as a green field for electronic document signing and confirms that "E-signature is now a viable business option in Europe."
Different Types of E-Signature
There are three types of electronic signatures recognized in the EU:
|Basic E-Signature||Lowest security; could be as simple as typing your name in a document.|
|Advanced E-Signature||Includes digital signature security for non-repudiation; user authentication (but does not require third-party digital certificates); and in some cases, audit trails for compliance and enforceability.|
|Certificate (Qualified) E-Signature||Akin to an Advanced E-Signature but requires a third-party digital certificate. A Trusted Service Provider (TSP) must issue a digital certificate to an individual in person. The process of having to go to a TSP office to obtain that digital certificate makes for a cumbersome experience that has hampered adoption.|
US: Easy Process, High Adoption
In the US, the national ESIGN ACT and state-level Uniform Electronic Transactions Act (UETA) have for years made the use of e-signatures legal and binding across all states. As a result, the adoption of e-signatures has been widespread across B2C, B2B and internal processes.
The most widely used electronic signature for regulated businesses in the US is the Advanced E-Signature. With it comes authentication of the signer, digital signature security for non-repudiation, and audit trails for compliance and legal purposes. The Advanced E-Signature provides a greater level of security than the Basic E-Signature – but still provides a convenient, easy signer experience that does not require a digital certificate issued by a third party.
Europe: Confusion Stifles Adoption
In Europe, just as in the US, is it possible to use Basic and Advanced E-Signatures; however, there is a broad misperception that the more stringent Certificate or Qualified E-Signature is the only one acceptable for admissibility in court.
While this is true in a limited number of use cases and countries (since under the EU Directive each country could interpret the law differently), this is not what is laid out in the EU Directive or eIDAS. The law states that you cannot deny the legal effect of an e-signature just because it’s not based on a qualified certificate.
Many European businesses are already using Advanced E-Signatures in enforceable agreements and contracts with customers and business partners. As a result of eIDAS coming into effect in 2016, analysts expect to see even greater adoption of Advanced E-Signatures especially among European banks, financial services companies, insurance carriers and other paper-intensive industries.
That is not to say that the Certificate or Qualified E-Signature will disappear. Although adoption of the Advanced E-Signature will grow in Europe, e-signatures based on digital certificates will still be required in certain use cases. Treasury management is a good example. For companies who deal with their banks in B2B applications like funds transfers, it makes a lot of sense for the CFO to have a qualified digital certificate.
However, it is not practical to expect that third-party digital certificates be used in transactions with consumers. At the end of the day, businesses transacting in Europe need to look at their use case to determine if there is a law that requires third-party digital certificate authentication as part of the document signing process. In my experience, the answer will be no in the majority of cases.
 Forrester Research Inc., Brief: E-Signature Transactions Topped 210 Million In 2014: Transaction Volume Will Exceed 700 Million By 2017