eIDAS: A New EU E-Signature Regulation Coming July 2016
Over the past 15 years, e-signatures have become a mainstay in facilitating business, government, and other types of legally binding transactions across the globe. Laws and regulations that have established the legality of e-signatures include the Electronic Signature in Global National Commerce Act of 2000, the Uniform Electronic Transactions Act, the EU EC/1999/93 Directive, and a new European regulation, eIDAS, which is set to take effect on July 1st, 2016.
What is eIDAS?
eIDAS (a new regulation for electronic identification and trust services for electronic transactions in the internal market), also known as the EU Regulation No 910/2014 is designed to replace the EU 1999/93 Directive, and update the legislative structure that governs electronic identification, documentation, and signatures across all 28 members of the European Union.
The regulation addresses two main areas: electronic identification systems and electronic signatures.
eIDAS to Update EU Electronic Identification
The goal of eIDAS relative to updating electronic identification systems is to foster a uniform code that will allow different member states with different electronic identification (eID) schemes to be recognized by one another. This will allow greater ease of communication and foster commercial, legal, and governmental transactions across state borders within the European Union. Establishing electronic identification for the purpose of strengthening these relationships relies in large part on organizations called Trust Services.
Organizations that establish a verifiable and trustworthy electronic identity for a person through providing electronic signatures, e-seals, e-time stamps, etc. are called Trust Services. eIDAS provides a more robust and clear definition of what qualifies as a Trust Service provider than was previously established under EU EC/1999/93 Directive. The legal requirements and stipulations for Trust Service Providers in Europe were established with the EU Regulation No 910/2014. Article 19 requires Trust Service Providers to perform due diligence. They also need to comply with the necessary legal, cryptographic, risk management, and audit standards to ensure safety and accountability.
Update to EU E-Signature Laws
The second primary section of eIDAS updates the electronic signature laws governing EU commerce, and establishes a single code to help create a more unified European digital marketplace. The definition of e-signatures will not have changed under eIDAS, but additional clarification for things like different types of e-signatures, e-identification, e-seals, e-time stamps, e-documents, e-delivery service, and website authentication is established. These types of electronic records are fully admissible within a legal proceeding context under article 25 of eIDAS. For several types of electronic transactions and records, it will be necessary for them to be issued by a Trust Service Provider.
Defining Electronic Signatures
This new regulation differentiates between and defines three different levels of e-signature: standard e-signature, advanced e-signature, and qualified e-signature.
Standard e-signatures are defined as electronic data which has been attached to, or logically associated with another set of electronic data and used in such a way as to allow a signatory sign.
Advanced e-signatures are distinct from standard e-signatures because they have an additional layer of identification that links the signature to the signatory with a high level of confidence and establishes that the signature is under the sole control of the authorized signatory. Additionally, any changes or modifications made after the initial signing will be immediately detectable.
Qualified e-signatures are essentially an advanced electronic signature with even more verification and security. To qualify, it must:
- Be created by an electronic signature creation device which meets all qualifications.
- Be based on a qualified security certificate for electronic signatures.
- Be made with unique data.
- Contain a certificate for electronic signature, which creates a link between a natural person and electronic signature validation data.
- Confirm the full name or at very least the pseudonym of the signatory.
- Be issued by a qualified Trust Service Provider.
Concord and eIDAS
With definitions and legal language surrounding e-signatures, electronic documentation, and electronic identification becoming more clear and focused, several questions naturally arise:
Where does Concord lie in this new legal landscape?—Concord’s Contract Success Platform provides everything needed for successful contract management, all done electronically through the cloud. These services include e-signatures, contract drafting, contract negotiation, execution, and optimization. Our role as an electronic contract management company will be unchanged.
What is Concord’s relationship to Trust Service Providers?—Concord, while not itself a Trust Service Provider, does have a close working relationship with Trust Service Providers both in Europe and the United States, to provide our customers with all the services they need to securely manage electronic identification and e-signatures.