In business, but also often enough on private occasions, you regularly encounter contracts and documents that need to be signed. However, with the ongoing digitization, it is no longer necessary to be physically present to sign these contracts and documents; we are increasingly using the electronic signature. This saves a lot of time because all the extra actions such as printing, faxing and scanning are no longer necessary.
And while the electronic signature is certainly a breath of fresh air, it is also good to know that the term “electronic signature” does not necessarily guarantee that the signer of a document is validated and that it can stand as evidence in a courtroom. So if you want a more trusted electronic signature, that can also be used as evidence in a courtroom, then it might be more interesting to go for a qualified electronic signature. But what actually is a qualified electronic signature? To answer this question, it is important to look at the electronic signature regulations in Europe, the eIDAS.
Electronic Signature Regulations in the EU
Each country and/or continent has its own regulations for the electronic signature. For example, the use of electronic signatures in Europe is regulated by the European eIDAS Regulation 2014. This regulation ensures that all EU countries recognize and accept each other’s electronic signatures. However, each country within Europe may set additional requirements for the use of the electronic signature.
Some electronic signatures have the same legal validity as a ‘wet’ signature. To determine the validity, it is important to look into the reliability level of the signature. The eIDAS splits the electronic signature into three classifications, each of which reflects the level of trust and security of the signature; the simple electronic signature, the advanced electronic signature and the qualified electronic signature.
Advanced electronic signature
To know what a qualified electronic signature is, we must first step back and zoom in on the advanced electronic signature. In order to turn a simple electronic signature into an advanced electronic signature, a number of strict requirements must be met according to Article 26 of the eIDAS Regulation, the electronic signature:
1. is uniquely linked to the signer;
2. allows for the identification of the signer;
3. is created using electronic signature creation data that the signer can use with a high level of trust, and;
4. is linked to the signed data in such a way that any subsequent change of data is detectable.
Thus, it must be clear who made the signature, that the signature was made by the person to whom the signature belongs, and that the integrity of the document remains intact. Despite these requirements, you can still set up the advanced electronic signature in several ways. Think for example of the use of two-step verification. Either way, scanning the document with the wet signature does not fall under the category of advanced electronic signature. [/vc_column_text][vc_column_text el_class=”p-15″]
Qualified electronic signature
The qualified electronic signature is the advanced electronic signature, but in addition it requires the use of a qualified means and qualified certificate (PKI certificate). This certificate links the identity of the signer to the digital signature and the signature is in turn linked to the document. By linking the certificate to the person and the document, the authenticity of the source is established and the document can no longer be modified unnoticed. The integrity of the document thus remains intact.
Using the qualified electronic signature is, because of the certificate, a lot safer, more reliable and has the same legal value as a wet signature. The qualified electronic signature also has full evidential value. It is therefore advisable to use the qualified electronic signature when signing documents where normally only a wet signature is valid. Think of private law documents such as lease agreements, labor contracts and purchase orders.
PKI certificate
The regulation of eIDAS states that when you use a qualified electronic signature, you must use PKI certificates issued in the EU. PKI stands for Public Key Infrastructure. It is a computer file and you can think of it as a digital passport of the signer. The certificate is issued by a trusted third party, after a thorough verification of the identity. This ensures that the signer is the person he or she claims to be.
In addition, the eIDAS also sets requirements for the storage of creation- and signature data. For example, you must store this data on a highly reliable and secure device. You can think of a cryptographic USB token or Hardware Security Modules.