What is a digital signature and what needs to be considered?
What counts as an electronic signature and how legally secure it is is defined in the European regulation on electronic identification and trustworthy services for electronic transactions ( in short: eIDAS regulation ). There are three levels of electronic signature with different levels of security:
- the simple electronic signature (EES)
- the advanced electronic signature (FES)
- the qualified electronic signature (QES)
As defined in the eIDAS Regulation, electronic signatures are: “Data in electronic form that is attached to or logically linked to other electronic data and that the signer uses to sign.”
In order to be legally secure, an electronic signature or e-signature should of course comply with the specifications of the eIDAS regulation. In the eIDAS, the European Union regulates electronic identification and trust service providers (VDA) for digital transactions for its member countries.
The electronic signature / e-signature is intended to use an electronic certificate and verify the identity of the signer. In addition, the document must verifiably not have been altered since it was signed.
A list of the VDA which are recognized by the official certification body can be found on the website of the European Commission .
But what is the difference between the three e-signature types above?
The three types differ in the way they implement the above criteria and, consequently, in their probative value. Depending on the business transaction or the value of the transaction, it does not always make sense to use a multi-level identification procedure as in the QES if the EES or FES also have an appropriate level of security.