Anyone who has ever signed documents digitally or had to identify themselves on the internet has undoubtedly already come into contact with the EU eIDAS Regulation. It is an integral part of (legal) security on the internet because it sets the standards for electronic identification and other trust services. In this guide, you can find the eIDAS Regulation and its impact on electronic transactions.
The abbreviation eIDAS stands for the “Electronic Identification, Authentication, and Trust Services” Regulation, which has been in force since 1 July 2016. This EU regulation lays down binding rules on “electronic identification” and “electronic trust services” that all countries within the European Union must adhere to. In this way, uniform framework conditions can be established in Europe.
The eIDAS Regulation is another critical step for the EU to transform into a digital single market. The regulation aims to create a uniform standard for digital signatures in the EU and establish further “trust services” to digitize previously analog processes. Trustworthy electronic transactions can thus be standardized and offer users significantly greater legal certainty. This will enable more citizens, businesses, and public authorities to use these processes for themselves and carry out electronic transactions quickly and securely across national borders.
The eIDAS Regulation is implemented in each EU member state by a national law without changing the contents of the Regulation (e.g., in Austria, the Signature and Trust Services Act (SVG)). Federal rules specify regulations and obligations to which trust service providers must adhere. For example, they can also select contents not precisely regulated in the eIDAS Regulation. This includes, for example, the retention periods for data processed by the trust service. The trust services provided in this way must be recognized in every other EU country.
The following trust services are mainly included in eIDAS:
With a qualified electronic signature, documents can be digitally signed in a legally secure and straightforward way.
The qualified electronic seal can be used digitally as a company stamp or official seal.
The timestamp can be used to prove that a document was available in an appropriate form at a selected point in time.
The registered mail and delivery service can transmit documents securely, providing proof of dispatch and receipt.
The validation service can check electronic seals, time stamps, and signatures. An example of such a validator is the signature verification of the Austrian Rundfunk und Telekom Regulierungs-GmbH.
The verification and preservation service preserves the evidential value of signed documents or documents with electronic seals.
The eIDAS Regulation has some advantages for citizens and businesses in the European Union.
On the one hand, eIDAS is a great digitalization driver. It enables remote digital signatures, which is particularly important for contract management. In this way, many bureaucratic processes, such as the identification and signing of documents, can take place digitally and without media disruption.
In addition, the eIDAS Regulation increases legal certainty for electronic signatures and offers increased security for transactions with regulated identification via the Internet. Every qualified electronic signature of an authorized trust service provider must be recognized throughout the EU.
The eIDAS Regulation also clarifies and standardizes the legal basis for electronic identification and trust services to make the guidelines clear and transparent for everyone.
In addition to the benefits for the citizens and businesses of the European Union, the eIDAS Regulation will also positively impact the economic growth of the EU and create new jobs.
According to eIDAS, the simple electronic signature is "data in electronic form which is attached to or logically associated with other electronic data and which the signatory uses to sign." Thus, the simple signature has only a relatively low complexity, which means it is not very secure and does not have a high probative value. A typical example is already an e-mail sender or an image file in a Word document.
In contrast to the simple electronic signature, the advanced electronic signature is more complex and must fulfill higher requirements. For example, eIDAS prescribes three criteria. Firstly, the signature must be assigned to a specific person and must be able to show whether data has been subsequently changed in the document. The third criterion is that the signing person must prove that they have set the signature. There is also an extensive range of what can or cannot be considered an "advanced electronic signature." This signature is also subject to the free assessment of the evidence in court.
According to the eIDAS Regulation, the qualified electronic signature is equivalent to a handwritten signature and has a high degree of legal certainty. The Regulation provides precise specifications based on many standards regarding how such a qualified electronic signature will be structured and which registration methods are permitted for this signature. This leads to a reversal of evidence in many jurisdictions: In the case of a qualified electronic signature, the courts initially assume that the signature is correct until the opposite can be proven.
The eIDAS Regulation is vital for contract management because it enables remote signatures. Through the EU regulation, signatures can be made available by trust service providers, which makes signature creation simple and quick on any device.
Before a person can sign remotely, they must identify themselves once and register a means of authentication for the digital expression of will. To sign a document, the person releases the signature through authentication (e.g., via an app with a fingerprint).