Starting July 1, 2016, the prevailing EU directive on electronic signatures, termed the eSignatures Directive 1999/93/EC, was replaced by the new Regulation (EU) No. 910/2014 on electronic identification and trust services called the eIDAS regulation. It assures progress in online transactions for individuals, businesses, and public administrations in two areas: electronic identification services and trust services.
The eIDAS regulation was adopted to facilitate seamless digital transactions among individuals and businesses across countries within the European Union. The new regulation will go a long way in establishing a climate of trust when it comes to online and digital transactions in the EU.
The eIDAS Regulation defines three types of electronic signature – simple, advanced and qualified electronic signatures:
As defined by eIDAS, Simple electronic signature (or electronic signature) covers all the broad types of electronic signatures as data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. This is technology-neutral, which means any electronic form or technology is generally accepted. The resulting electronic signature should demonstrate the intent of the signer, be made by the person associated to the signature and should be indelibly associated to the document the signer intended to sign.
An Advanced electronic signature is a type of electronic signature which is required to meet certain specific requirements on signer identity, security and sanctity of the signed document. The requirements specified under eIDAS are
The final type of signature defined under eIDAS is the Qualified Electronic Signatures (QES). While both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are based on Qualified Certificates. Qualified Certificates can only be issued by a CA which has been accredited and supervised by authorities designated by the EU member states and meet the requirements of eIDAS. Qualified Certificates must also be stored on a qualified signature creation device such as a smart card, a USB token, or a cloud based trust service.