Many of our clients have concerns about the use of an electronic signature and its legal value. Several facts need to be presented:
- the use of electronic signatures and electronic identities is regulated by the European law EU regulation regarding electronic identification and trust services – eIDAS. It is valid throughout the European Union;
- there are three types of signatures in use – Simple, Advanced and Qualified. Signing a document with each of them has different legal consequences;
- an additional confirmation of the signature of the document can be provided by a Trusted Third Party (TTP). This can be used as evidence in legal proceedings, confirming the signing of the document, its contents and the exact time of the signature (electronic time stamping service, provided, by a Trusted Third Party);
- signed documents can be stamped with an electronic seal (regular or qualified) that ensures the documents have not been altered after signing (integrity assurance).
Trusted Third Party (TTP) – is an independent entity that facilitates the interaction between the parties by guaranteeing impartiality and objective proof of the performance of specific factual or legal acts. It is an electronic “notary” who guarantees evidence of the electronic signature process independent of all participants in the transaction.
Trust Service Provider (TSP) – under Regulation (EU) No 910/2014 (eIDAS), a Trust Service Provider (TSP) is defined as “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider.” TSPs are responsible for assuring the electronic identification of signatories and services by using strong mechanisms for authentication, digital certificates and electronic signatures. eIDAS defines how Trust Service Providers perform authentication and non-repudiation services and how they are to be regulated and recognized throughout EU member states. A TSP can provide one or more of the following services:
- creating, verifying and validating electronic signatures, seals or time stamps, electronically-registered delivery services and certificates that are related to those services;
- creating, verifying and validating certificates to be used for website authentication;
- preserving electronic signatures, seals or certificates related to those services.
Advanced Electronic Signature – it is applicable in signing most documents and carries legal effect under Article 25 (1) of eIDAS which states: “An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures”. An Advance Electronic Signature can be used to sign any document for which the law does not provide for a written form under pain of invalidity or a special form, such as a notarial deed. This signature is already uniquely assigned to the signatory, allows the signatory to be identified, is linked to the signed data in such a way that any subsequent change of the data is recognizable. The Advanced Electronic Signature is a signature with a security level sufficient for the customer – service provider relationship. The requirements for this signature on the one hand allow the unambiguous identification of the person signing the document and on the other hand are not difficult to apply in practice either for the signatory or the verifier. It works on the basis of an advanced certificate (generated by e.g. employer or other entities participating in e.g. workflow processes). Most common electronic signature service providers offer advanced signatures, along with electronic document sealing. Documents can be electronically sealed which results in ensuring the integrity of the signed documents (changing the document after signing results in breaking the seal and clear identification of this fact in the document). An additional evidentiary safeguard may be the use of an electronic timestamp, provided by a Trusted Third Party (TTP). This timestamp closely communicates the exact time the document was signed, guaranteed by the trusted third party.
Qualified Electronic Signature (QES) – a qualified signature is an electronic signature that has the legal force of a handwritten signature. It is certified with the use of a qualified certificate, i.e. a certificate that enables the verification of the person who creates the electronic signature. An electronic signature that is verified by a qualified certificate has the legal effect of a handwritten signature. Qualified Electronic Signature – QES has the highest legal power, generated by a QES creation device based on a qualified certificate for electronic signing, issued by a qualified Trust Service Provider (TSP).
Electronic Seal – means data in electronic form added to or logically associated with other data in electronic form to ensure authenticity of origin and integrity of associated data. The most characteristic feature of the electronic seal is that it can be used by legal persons, so companies, organizations or institutions. In the case of an e-signature, it is natural persons and it serves them as a signature. In the market, as in the case of e-signature, there are several types of e-seals, and each of them must meet additional conditions.
Advanced Electronic Seal – is unique to the legal entity that is affixing it and allows for recognition of its identity. The person affixing the seal has control over the data used to affix the seal. Any subsequent change in the document supported by the seal is recognizable. A andance seal is based on an advanced certificate.
Qualified Electronic Seal (QES) – meets all the conditions of an advanced seal. In addition, it is created using a qualified device or by a service provided by a qualified seal provider (cloud service). Qualified Electronic Seals are eIDAS compliant. This means that such seals can be used throughout the European Union, where they are respected. A qualified seal is based on a qualified certificate.
Qualified Time Stamping (QTS) – Qualified Time Stamping is a service that identifies the exact date an electronic document was created. Timestamps are used at the same time as a signature or electronic seal, and their use makes the timing of the signature credible to a third party. You can use time-stamping wherever you need to confirm that an e-document existed at a particular time. According to the eIDAS regulation, a qualified electronic time stamp is a service that makes it possible to precisely determine when an electronic document was created. The marker is issued by certified trust service providers must bind the date and time to the data of the signed document so as to exclude the possibility of undetectable data change and be based on a precise time source. The law does not require that a QES qualified signature be timestamped with a QTS qualified timestamp for validity, but it does require that the signature be made within the validity period of the certificate used to validate it. Proving this is more complicated than using a qualified timestamp, so it makes sense to use it.
Summary – an Advanced Electronic Signature with an Advanced Electronic Seal (ensuring the integrity of the signed documents) is sufficient to sign most documents (except those requiring a written form under pain of invalidity or a special form). Such signatures may be generated by any organization. For the documents that require a written form to be kept under pain of invalidity or a special form, it is necessary to use a qualified signature bearing a qualified seal (ensuring the integrity of the signed documents). These signatures are issued by a qualified Trust Service Provider (TSP). It is always a good idea to include a Qualified Time Stamp (QTS) in the document. It allows you to determine with 100% certainty the date on which a document was created or signed at any time, which ensures full reliability for all companies, institutions, offices and individual customers.