When dealing with electronic signatures, you will inevitably come across the term “eIDAS Regulation.” The eIDAS Regulation refers to the legal framework for electronic identification and trust services in the EU. In this article, we clarify the regulations contained in the eIDAS Regulation and how they are relevant to electronic signing.

The essentials at a glance

• Definition: The eIDAS Regulation (EU No. 910/2014) has established uniform standards for electronic identification and trust services in the EU since 2016.
• Goals: It facilitates the cross-border use and recognition of electronic signatures and digital identities within the EU.
• Scope: The regulation applies in all EU member states as well as in the European Economic Area (EEA).
• Swiss context: In Switzerland, the ZertES law regulates electronic signatures, which is aligned with the eIDAS regulation in many aspects, but is not automatically equivalent.

What is the eIDAS Regulation?

eIDAS, also known as Regulation No. 910/2014, is a legal regulation of the EU that has been fully in effect since 2016. It establishes a unified framework for trust services and electronic identification (eID) to facilitate the cross-border use of electronic services within the EU.

eIDAS promotes cross-border collaboration among all 27 EU member states and ensures that countries mutually recognize electronic services, which are also accepted in the event of legal proceedings.

The abbreviation eIDAS stands for:

• electronic
• Identification
• Authentication and
• trust services

Good to know: In Switzerland, the Federal Act on ZertES and not the eIDAS Regulation is the applicable legal basis for e-signatures – however, the contents are very similar.

The goals of eIDAS

The eIDAS Regulation (short: eIDAS-VO) is the legal foundation for electronic identification and trust services in the EU. It enables the legally secure signing of documents digitally — an important building block for the fast and secure digitalization of organizations in the EU.

The eIDAS Regulation – also known as Article No. 910/2014 – came into effect on September 1, 2014. In July 2016, it replaced the previous EU Signature Directive (1999/93/EC). The reason for replacing the EU Signature Directive (1999/93/EC) was that its complexity hindered the widespread use of electronic signatures across the EU. The eIDAS Regulation is much more user-centered in comparison.

Benefits of the eIDAS Regulation for Businesses

The eIDAS Regulation is a key instrument for businesses in the European internal market. It standardizes the rules for electronic signatures and trust services within the EU. Additionally, it ensures that electronic interactions between businesses are more secure, faster, and more efficient, regardless of which European country they take place in.

The key benefits for businesses:

• EU-wide recognition: The regulation ensures that electronic signatures are valid in all EU member states. This significantly simplifies cross-border transactions.
• Legal certainty: It ensures that digital transactions and contracts are recognized and enforceable throughout the EU. This provides companies with legal certainty in international activities.
• Efficiency and cost savings: By standardizing digital processes, companies can optimize their administrative workflows and reduce costs. Electronic transactions are also often faster and cheaper than traditional methods.

Where does the eIDAS Regulation apply?

The eIDAS Regulation is the "Regulation on electronic identification and trust services for electronic transactions in the internal market" of the European Union. It is the applicable law for all 27 EU member states as well as for:

• the United Kingdom
• Island
• Norway
• Liechtenstein

The eIDAS Regulation establishes uniform conditions for the cross-border use of electronic identification means and trust services. It is therefore valid both across borders and within individual countries.

eIDAS: Summary of contents

The eIDAS Regulation aims to ensure a smooth process for electronic transactions within the EU. To promote this, it standardizes and defines, among other things, the following aspects:

Trust services

The term trust services is defined in Article 3, point 16 of the eIDAS Regulation. These are electronic services, such as electronic signatures and seals, typically provided for a fee by trust service providers. They are designed to ensure the authenticity and integrity of electronic transactions and to standardize the use of electronic identifications (eID) in Europe. The eIDAS Regulation thus creates a common European market (also known as the internal market) for electronic trust services.

Electronic signatures

The eIDAS Regulation aims to clarify and ensure the legal validity of electronic signatures. On one hand, it defines electronic signatures as “data in electronic form that are attached to or logically associated with other electronic data (...)”. On the other hand, eIDAS also defines three types of electronic signatures: the simple, advanced, and qualified electronic signature.

Electronic seals

The eIDAS Regulation introduces electronic seals as a new service. They are technically comparable to electronic signatures but are assigned only to legal entities, meaning organizations. They are akin to the electronic version of a company stamp. They are used in accordance with the eIDAS Regulation, where a personal signature is not required, but proof of authenticity is desired (e.g., for certificates). The e-seal thus serves as proof that a document has remained unchanged after sealing.

Electronic timestamps

With the eIDAS Regulation, electronic timestamps have gained a new, official role. The introduction of the eIDAS Regulation also clarified what a qualified electronic stamp is, along with its functionalities and requirements. They serve as proof that a document has not been altered since the application of the electronic timestamp, thereby providing an additional layer of security.

Services for electronic registered mail

The eIDAS Regulation governs, among other things, the "services for the delivery of electronic registered letters." According to Article 3 No. 36, such a service is defined as "an electronic service that is typically provided for a fee," "which enables the transmission of data between third parties by electronic means and provides proof of the handling of the transmitted data (...)." The eIDAS Regulation further defines the legal validity of these services.

Certificates for website authentication

Certificates for website authentication ensure that a genuine and trustworthy organization stands behind a website. The eIDAS regulation introduces qualified website certificates. Although there were already some requirements from browser providers before eIDAS, these were not qualified certificates.

The eIDAS Regulation and electronic signatures

The eIDAS Regulation enables the legally secure and valid signing of documents digitally. eIDAS defines and standardizes the available standards for electronic signatures within the EU and outlines the requirements for their creation. The applicable legal standard is determined by the respective national law.

In Germany, it is the Civil Code (BGB), in Austria the General Civil Code (ABGB), and in Switzerland the Swiss Civil Code (ZGB).

E-signature standards according to eIDAS

The eIDAS Regulation defines three different security levels of electronic signatures, also referred to as e-signature standards:

• the simple electronic signature (SES), which is very easy to handle but has only limited evidential value.
• the advanced electronic signature (AES), which requires a higher level of identification and therefore has greater evidential value.
• the qualified electronic signature (QES), which imposes the highest identification requirements while also guaranteeing the strongest evidential value.

The eIDAS regulation defines three e-signature standards (Source: Skribble)

Good to know: A scanned signature or a swipe on a touch display falls under the simple electronic signature. Since these signatures are easy to copy or forge, they hold little evidential value in court.

Legality of e-signature standards according to eIDAS

The eIDAS Regulation does not provide any further details regarding the legal validity of e-signatures in general. Therefore, national law defines which documents the e-signature is permitted for and which e-signature standard is required for which contracts.

For this reason, we will take a brief detour into contract law in Germany. This distinguishes between:

• Documents requiring written form
• non-formal documents

Documents that do not require a specific form can be concluded in any way, including verbally. As long as written form is not legally required for a contract, any of the three security levels according to the eIDAS Regulation can be considered legally valid.

For contracts that require a written form, only the QES can be used; otherwise, the contract is void. The following graphic illustrates which e-signature standard can be chosen for which form requirement and how this affects your liability risk.

When deciding which e-signature standard companies should choose for informal contracts, not only the question of legal validity is considered, but also the question of evidential strength.

The evidential value of the SES is much lower than that of the QES. If the authenticity or integrity of the signature is challenged, it is much more difficult with the SES — not least because the specific legal consequences of the simple and advanced electronic signatures are at the discretion of the court.

In the case of QES, eIDAS defines the legal consequence:

The law considers the QES to be just as legally valid as a handwritten signature (Source: Skribble)

Another advantage of the QES is that it must be recognized as "qualified" across all EU member states, allowing for standardized use. This is another reason why the eIDAS regulation has established legal validity in the field of electronic signatures.

Legal validity of e-signatures under eIDAS

Regarding the evidential value of the electronic signature, the eIDAS Regulation stipulates that it must be recognized as evidence by courts.

Unlike a handwritten signature with a ballpoint pen, in the digital realm, it is not the appearance of the writing that determines the evidential value of a signature, but rather a connection of data. For example, if one uses a scan of a signature as a simple electronic signature, the evidential value is very low because it is easy to copy.

The situation is quite different with the QES: it has maximum evidential value – among other reasons, due to the following requirements.

1. eIDAS requires that every e-signature with the QES standard includes a qualified digital certificate. This serves as an electronic identification of the signing person and consequently guarantees the identity of the signer. It also ensures that the signed document has not been altered unnoticed (integrity).
2. In Germany, the Federal Network Agency is responsible for this examination and recognition. If a VDA meets all requirements, it will be listed in the EU Trusted List, which contains all trust service providers approved in the EU.

The maximum evidential value of the qualified electronic signature is thus guaranteed through qualified VDA and all the verification procedures it undergoes.

What are certified trust service providers?

A trust service provider (also known as a certification authority) is a third-party, independent entity that is regularly audited by the state and offers trust services. Well-known trust service providers in the German-speaking region include:

• Telekom AG
• Swisscom
• D-Trust
• A-Trust

Your task essentially involves creating the legal and technical infrastructure for a digital trust space on the internet to accelerate digitalization in the European internal market. To this end, certification bodies issue electronic certificates for signatures and websites to confirm their integrity and authorship, providing a faster alternative to traditional mail.

Changes in Germany due to the eIDAS Regulation

The eIDAS Regulation, which came into effect in 2016, replaces Directive 1999/93/EC on electronic signatures, addressing its shortcomings while also expanding its scope to include numerous important aspects. The most significant impact of the eIDAS Regulation is on the signing of documents. This is justified, as eIDAS aims to promote the use of electronic signatures in Europe.

Important new features include:

• The legal validity of the simple electronic signature has significantly increased.
• Introduction of a uniform and legally binding wording in Europe
• Signing via remote signature is possible (for example: activate QES through online identification)

eIDAS promotes digitalization in the European internal market

eIDAS, short for "Electronic Identification And Trust Services," is the "Regulation on electronic identification and trust services for electronic transactions in the internal market." It has been in effect since 2016 and is the applicable law for all 27 EU member states, as well as the United Kingdom, Iceland, Norway, and Liechtenstein. eIDAS aims to promote the use of electronic signatures in Europe.

FAQs

You might also be interested in these articles