Introduction

This knowledge article summarizes concepts described in the eSignature Documentation provided by the European Unions's Connecting Europe Facility (CEF) program in the context of the eIDAS Regulation (i.e., the "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC"). eIDAS stands for "electronic Identification, Authentication, and trust Services). It has applied to EU Member States since July 1, 2016, when it came into full effect and the eSignature Directive 1999/93/EC of 1999 was repealed.

What is an electronic signature?

An electronic signature is an electronic indication of a person’s intent to agree to the content of a document or a set of data to which the signature relates. Like its handwritten counterpart in the offline world, an electronic signature is a legal concept capturing the signatory's intent to be bound by the terms of the signed document.

What are the different types of electronic signatures?

The eIDAS Regulation defines three levels of electronic signature: "simple" electronic signature, advanced electronic signature and qualified electronic signature. The requirements of each level build on the requirements of the level below it, such that a qualified electronic signature meets the most requirements and a 'simple' electronic signature the least.

Let's look at those three levels and then consider how those relate to digital signatures.

"Simple" Electronic Signatures

An electronic signature is defined as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign"  (eIDAS Article 3).

Something as simple as writing your name under an e-mail or pasting a scanned image of your handwritten signature into a Microsoft Word document might constitute an electronic signature. Thus, you don't even need any specific tool to create "simple" electronic signatures.

Advanced Electronic Signatures (AdES)

An advanced electronic signature (eIDAS Article 3) is an electronic signature that is additionally:

• uniquely linked to and capable of identifying the signatory;
• created in a way that allows the signatory to retain control;
• linked to the document in a way that any subsequent change of the data is detectable.

The most commonly used technology able to provide these features is the use of a public-key infrastructure (PKI), which involves the use of certificates and cryptographic keys.

DokuMate can create advanced electronic signatures in two different forms (i.e., Associated Signature Containers (ASiC) and XML Advanced Electronic Signatures (XAdES)) for different use cases. All you need is an X.509 certificate for digitally signing your e-mails, for example, from a trusted certificate authority, meaning that your certificate chain ends in a trusted root certificate authority that is listed in the trusted root certificate authorities store on Microsoft Windows computers (see List of Participants - Microsoft Trusted Root Program).

Qualified Electronic Signatures (QES)

A qualified electronic signature (eIDAS Article 3) is an advanced electronic signature that is additionally:

• created by a qualified signature creation device; and
• based on a qualified certificate for electronic signatures.

Signature creation devices come in many forms to protect the electronic signature creation data of the signatory, such as smart cards, SIM cards, USB sticks. "Remote signature creation devices" can also be used where the device is not in the physical possession of the signatory, but managed by a provider. Those remote qualified signature solutions offer an improved user experience while maintaining the legal certainty offered by qualified electronic signatures.

DokuMate has not yet been tested with qualified signature creation devices, so you might not be able to create qualified electronic signatures with DokuMate.

What is the difference between electronic and digital signatures?

An electronic signature is an electronic symbol (e.g., a string of characters representing your name, an image of your handwritten signature) attached to a contract or other record, used by a person with an intent to sign. In contrast, using cryptographic means, digital signatures guarantee that an electronic document is authentic. Therefore, while both advanced and qualified electronic signatures are digital signatures, a "simple" electronic signature is not a digital signature. However, what is important to know is that both electronic and digital signatures are binding, although a written form requirement for contracts can only be fulfilled by qualified electronic signatures.