Gartner: Entrust Named a Leader in Identity Verification

Open Web Portal Support
Signhost logoSignhost logo
Log in

How To Create A Valid Electronic Signature In The EU

Team Signhost

August 9, 2024

image

How To Create A Valid Electronic Signature In The EU

The European Union (EU) has put in place legislation to formalize the process of signing documents electronically, citing the many benefits of digital over pen and ink handwritten signatures. The European Commission states that “electronic signing allows for the full digitalization of business processes, eliminating the time and costs of printing, faxing, mailing, copying, scanning and filing in paper formats.” 

It also discusses other disadvantages of paper processes, including the risk of losing or damaging physical documents, the difficulty of searching and finding what you need and the requirement for storage. Unencumbered by this, government bodies, businesses and citizens can save time and money, improve security, reduce their carbon footprint and create a smoother and more efficient document signing process. 

As the EU embraces these benefits, it is important to know how to create an electronic signature and ensure it is secure and legally binding in the region. 

Overview of EU signature laws

The regulation on electronic identification, authentication and trust services (eIDAS) came into effect in 2016 with the intention of standardizing electronic transactions across the EU. A major element of this is to establish the different types of electronic signature and the varying levels of assurance they provide. 

Within eIDAS, it refers to an electronic signature in its most basic iteration as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

eIDAS replaced 1999’s e-signature Directive, which was the first legislative attempt to create an e-signature framework for the union. 

 

Comparison table of the types of electronic signatures

 

Type of electronic signatureFeaturesUses

Simple Electronic Signature

(SES)

Also known as the basic electronic signature, this is a non-legally binding digital mark that represents your consent. It can be in the form of a scan of an ink signature, typing your name, clicking “I Agree” or any other simple mark.

Use in situations where there is no need for high-level security. 

 

 

Examples include:

  • Signing off on internal PDF documents at work
  • Showing consent to join a mailing list
  • Website terms and conditions

Advanced Electronic Signature

(AES)

The next level of security is offered by the AES, which allows you to check the identity of the signatory using a Secure Signature Creation Device (SSCD) and a valid document from the signatory, such as a national ID card or passport. 

 

This creates a link between the signatory and the document they are signing, helping you to detect any changes made after the signature is added.

This is used for a wide range of activities that require the signatory to be identified. 

 

 

This includes: 

  • Employment contracts
  • Job offer acceptances
  • Non-disclosure agreements.

Qualified Electronic Signature

(QES)

The QES is the most secure type of electronic signature under eIDAS and is afforded the same level of assurance as a traditional ink signature. 

 

Organizations use a Qualified Signature Creation Device (QSCD) to accept signatures, with signatories, whilst signatories need to take part in a face-to-face or remote equivalent ID verification meeting. 

 

With a QES, the burden of proof in any dispute is with the signatory, not the party accepting the signature. This is the opposite of the case with the SES and AES.  

Use a QES for situations in which the highest security is necessary, including sensitive documents.

 

 

 

This includes: 

  • Mortgage agreements
  • Public procurement contracts or tenders
  • Merger and acquisition documentation

 

How To Create An Electronic Signature

Understand the type of signature needed

The first step in creating an e-signature for your document is to understand the level of assurance needed for the type of digital documents you are signing. The party requesting the signature will determine this by considering the potential consequences of anything going wrong with the identification process. 

For low-risk situations, it might just be a SES, but for additional security, an AES or even QES might provide the additional security the transaction requires. 

 

Create the signature or obtain a certificate

In cases requiring a SES, you might have to simply click a button. In other circumstances, it could require you to scan your ink signature and upload it or to draw your signature with your mouse or on your touchscreen device and leave it in the signature box. 

For an AES or QES, you need to obtain a digital certificate from a Trust Service Provider (TSP) or through the signing solution platform, such as Signhost, which works with various TSPs. You will need to use official identification to gain a certificate. This binds your identity to the signatures that you will add to electronic documents in the future. For a QES, you will have to take part in a face-to-face meeting in person or remotely to verify your identity. 

Once you have your certificate, you can save it on a USB drive, smartcard, on your computer or mobile device, or in the cloud. 

 

Verify, authenticate and sign

If the document you need to sign requires an AES or QES, you will be guided to a signing solution provider to allow you to add your online signature. 

It will prompt you to add your digital certificate, which attaches to your signature, verifying your identity and authenticating your transaction. 

This then acts as the signature on the document, which contains all the verification information needed. It is now possible to tell whether the data in the document has been tampered with after the signature. It also offers non-repudiation, so you cannot deny that you made the signature. 

You can then submit the document. 

 

Store the document

Make sure you save the signed document somewhere where you can easily find it in your digital filing system. In the event of any legal issues, this serves as evidence that you made the signature and agreed to whatever the intention of the document was.

 

Best practices for accepting electronic signatures

For companies that want to accept electronic signatures from customers, suppliers or other stakeholders, here are some best practices. 

 

Implement the correct level of authentication

When deciding the type of signature to request, think about the potential challenges to its authenticity. This will help you tailor your approach.

For important transactions, a QES offers the highest level of security. However, keep the customer experience in mind. For tasks like joining a mailing list, clients probably won’t want or need complex verification processes.

 

Maintain audit trails

Using a signing solution platform like Entrust Signhost means you will receive a transaction report every time someone signs one of your documents. This is important because it provides proof that the signature was made and can show you whether the data in the document was changed after the signature was generated. 

Keeping these documents saved in an easily accessible place allows you to reference them straight away to prove compliance in the case of an audit or challenge. 

 

Plan for scalability

As businesses grow, it’s easy to go from a small number of customers and only a few documents that need signing to significant increases in both. This requires finding a solution that allows you to build your business and can handle all levels of demand. 

When seeking a solution for your organization, check for account limits and additional fees that might apply as you scale up. Being able to work with the same partner for digital identification on an ongoing basis is more convenient than having to find a new solution at a later date. 

 

Ensure cross-platform compatibility

The process of identity verification and the creation of electronic signatures is complicated behind the scenes, but it needs to be an efficient signing process for customers. Any issues with the customer experience can lead to abandonment of processes and lost business.

Your signing solution must work on the devices your customers find most convenient. From desktop computers to smartphones and tablets, ensure that the method of signing your documents is as accessible and streamlined as possible. 

 

Integrate with other business systems

Being able to integrate your signing solution with other systems is a beneficial way of automating processes and freeing up time. For example, when a customer signs a contract, this can immediately work with your CRM to update the information you have on them without a salesperson having to remember to complete this process. This way, you keep the status of your customers up-to-date in your systems. 

 

FAQ

Can electronic signatures be used in court proceedings in the EU?

The eIDAS regulation declares that an electronic signature cannot be denied legal validity simply because it is electronic, making it appropriate for use on legal documents.

Are there any industries where electronic signatures are not advisable in the EU?

As an electronic signature has the same legal status in each of the EU member states, enabling easier cross-border trade, electronic signatures are not only acceptable in all industries but are also beneficial in facilitating additional trade. 

What steps should I take if my electronic signature is compromised?

Due to the electronic signature being linked to your unique identity and supported by personal documents, a private key, and multi-factor authentication, the likelihood of your signature being compromised is low. In the rare event of such a compromise, it is advisable to contact the certificate authority for guidance.

Now that you know how to create a valid electronic signature recognized in the EU, you can sign documents with confidence, knowing they are securely linked to your identity, and there is evidence of the state of data at the time you signed. For companies embracing digital signatures, it’s crucial to partner with the right signing solutions platform.

 

Try now

Entrust Signhost allows you to upload your documents, add verification methods and have them digitally signed within minutes. It seamlessly integrates into your systems to allow you to accept AES and QES in a user-friendly manner. Try it today.  

 

References and further reading

 

 

*Disclaimer: This content does not constitute legal advice. The suitability, enforceability or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.