The eIDAS Regulation
The eIDAS regulation facilitates cross-border recognition of electronic signatures throughout the EU
The 2014 Regulation on Electronic Identification and Trust Services for Electronic Transaction in the Internal Market (eIDAS) went into effect throughout the European Union on 1 July 2016, replacing Directive 1999/93/EC on electronic signatures. Unlike the Directive, the eIDAS regulation applies equally to each EU Member State.
eIDAS identifies three levels of e-signature:
- Simple Signature
- Advanced Signature
- Qualified Signature (QES)
eIDAS facilitates recognition for QES across the EU. It also confirms that cloud-based signatures can be Qualified Signatures.
Electronic Signatures
Three standardized formats
Standard Electronic Signature (SES)
This is the simplest form of electronic signature. A SES is the electronic equivalent of a handwritten signature and does not require third-party verification.
Advanced Electronic Signature (AES)
An AES is a more secure form of SES, created using public key cryptography (PKI).
Each user has a unique PKI signing key and an associated digital certificate. This certificate is uniquely linked to the signer and acts as the person’s digital identity. The certificate is embedded in each signature that is created.
The signing key is private and remains under the sole control of the signatory – in practice the key is only accessible after authentication and authorization checks.
In addition, an AES must be linked to the data it relates to, in order to determine if the data has been tampered with after signing. If data has been changed, the signature must be invalidated.
Qualified Electronic Signature (QES)
A Qualified Electronic Signature is equivalent to a wet signature on paper. It is based on an Advanced Electronic Signature (AES) that is created by a trusted QES creation device.
The digital certificate must be issued by a Qualified Trust Service Provider and attests to the authenticity of the electronic signature to serve as proof of the identity of the signatory.
Choosing the Right Solution
Choosing the most suitable type of signature for your use case is a balancing act between accessibility, user friendliness, signer assurance, and risk mitigation
Standard Electronic Signature (SES)
- No registration required
- Authentication is optional
- Optimized customer experience and time-to-market
Advanced Electronic Signature (AES)
- Relies on international standards
- Incorporates digital identity and multi-factor authentication
- Burden of proof is on the business
Qualified Electronic Signature (QES)
- In certain use cases, the law requires the use of a Qualified Electronic Signature
- Requires face-to face identity verification
- Burden of proof is on the signer
OneSpan provides a solution for standard, advanced, and qualified electronic signatures.
We offer you a seamless and secure signing experience, on one single platform, facilitating compliance with local regulations wherever your offices are located.
Compliance
Transactions are Global, Trust is Local
OneSpan Sign supports certificates from Trust Service Providers in order to:
Facilitate compliance with global and local regulations
OneSpan’s Qualified Signatures aim to comply with the most stringent legal requirements worldwide. We facilitate legally binding Qualified Electronic Signatures through our partnerships with Qualified Trust Service Providers.
Facilitate eIDAS compliance
OneSpan partners with Qualified Trust Service Providers (TSPs) to provide trusted digital certificates in compliance with eIDAS regulation. Our partners are on the EU Trust List, enabling cross-border recognition of your Qualified Electronic Signatures in all member states of the EU.
The Signing Process
Why OneSpan
A single solution that facilitates compliance with global and local regulations
We offer a seamless and secure signing experience on a single platform, to facilitate compliance with local regulations (e.g. eIDAS, Govtech) wherever your offices are located. Our partnerships with local Trust Service Providers enable customers to integrate any type of signature (Standard, Advanced, Qualified) required, without having to integrate, manage, and maintain multiple point solutions.
Comprehensive audit trails
With OneSpan Sign, you can strengthen your organization’s legal and compliance position by capturing and reproducing stronger evidence than on paper thanks to our comprehensive audit trails and tamper-evident signatures.
Different deployment options
Deploy OneSpan Sign in a public cloud, private cloud, or on-premises behind your firewall. Fulfill in-country data residency requirements with global data centers.
Security and trust are at the heart of our business
OneSpan is a global leader in digital security and e-signature solutions. Our experience in the IT security segment is a real asset to partners and customers, who can transact digitally using our solutions with trust and confidence.
Resources
Blogs
White Papers
Get started today
Strengthen your compliance with an intuitive and flexible e-signature platform for all your signing needs
The information contained in this document is for information purpose only, provided as is as of the date of publication and should not be relied upon as legal advice or to determine how the law applies to your business or organization. It is recommended that you seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance.