We briefly addressed the subject of legal regulation of the electronic signature (e-signatures hereafter) in our previous article. In this piece, we will discuss how the electronic signature fits into the European Union (EU) legal landscape.
When it comes to electronic signatures, the legal reference in the European Union is the eIDAS regulation - eIDAS standing for “electronic identification authentication and Trust Services”. The regulation adopted in 2014 allows electronic signatures to be recognised across EU countries. More specifically, it aims at enhancing the level of trust in electronic transactions within the EU by providing a common and supportive legal framework to foster secure and seamless electronic transactions between businesses, citizens and public authorities. As a result, it increases efficiency and speed in documents and transactions processing.
eIDAS regulation defines 3 levels of electronic signatures with their respective standards and criteria. We can distinguish between simple, advanced and qualified electronic signatures.
The simple e-signature is the first level of electronic signature as defined by eIDAS and it is the most basic one. It presents a low level of complexity and therefore offers little legal protection. Basically, it reflects the consent to approve the content of a document but does not have the capability to provide clear and incontestable identification of the signatory.
Using a simple electronic signature is the equivalent to a scanned handwritten signature or a drawn signature on a touchscreen. It can even be a box checked to accept general conditions on a website.
As a rule of thumb, this level of electronic signature is mainly used in transactions with low legal and/or financial stakes. At kodehyve, our simple electronic signatures are powered and secured by in-house and AWS serverless technologies, guaranteeing a higher level of trust and assurance than simple e-signatures fulfilling the legal minimum requirements. Kodehyve users usually use simple electronic signatures for internal validation processes and other agreements not involving major legal and/or financial stakes.
The advanced e-signature is the second level of electronic signature as defined by eIDAS. This one meets all eIDAS specific requirements as mentioned in article 26 of the eIDAS regulation:
An advanced electronic signature shall meet the following requirements:
- It is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
The advanced electronic signature provides a higher degree of security and trust for all parties involved, as it identifies the signatory with a high degree of confidence and assurance. Additionally, it protects against tampering: if the signed document is forged, the signature is automatically invalidated. All these requirements make the advanced e-signature difficult to reject in court as proof of signatory identity and document integrity are embedded in the signature. Hence, these dynamics make advanced e-signatures a reliable option for the signature of official and legal paperwork involving high legal and financial stakes.
At kodehyve, our advanced electronic signatures are powered and secured by LuxTrust, an official European qualified trust services provider (QTSP)1. LuxTrust applies the best practices and latest technologies to ensure the e-signatures generated are legally-binding and compliant with the latest regulatory requirements, such as eIDAS and GDPR. Kodehyve users usually validate and sign documents that involve external partners or clients as well as an associated major legal and/or financial impact for one or both sides with an advanced electronic signature.
1A qualified trust service provider (QTSP) is a TSP who provides one or more qualified trust services (QTS) and is granted the qualified status by the national supervisory body.
The qualified e-signature meets the four eIDAS requirements mentioned above. In addition, it uses a Qualified Signature Creation Device (QSCD) (e.g. a token) and relies on a Qualified Electronic Signature Certificate provided by a Qualified Trust Service Provider such as LuxTrust. This level of electronic signature has the same legal effect as a handwritten signature.
Reversal of the burden of proof
Since they both meet all eIDAS requirements, the main difference between advanced and qualified electronic signatures is the burden of proof. On the one hand, for the simple and advanced electronic signatures, the party defending the validity of the signature has to demonstrate that the document has indeed been signed. On the other hand, the qualified electronic signature benefits from a presumption of reliability, meaning that the signature is assumed to be valid until proven otherwise. Therefore, the identification process is presumed reliable, which leads to a reversal of the burden of proof: the party questioning the identification will have to prove that it is erroneous (i.e. that the document was not signed).
Ultimately, the eIDAS regulation establishes the principle that an electronic signature should not be denied its legal effect on the basis that it is in an electronic form. Therefore, the 3 levels defined by the regulation should be admissible as evidence in European courts. However, many factors impact the enforceability of a transaction concluded through electronic signatures. The most important is the level of signature used and its underlying evidence. Therefore, a simple signature will require more proof to be provided than a qualified e-signature to be receivable in court. For instance, a scanned copy of a handwritten signature (simple signature) has more chances to be disputed in court than an advanced e-signature fulfilling eIDAS criteria. Therefore, the best option will depend on the potential consequences stemming from the signature.
Disclaimer: this article has an educational aim and derives from our own understanding of the regulation. It should not in any case be relied on or interpreted as a legal text. We recommend readers to look for official legal information before taking any action based on this information.