Using and implementing e-signature solutions represents a strong opportunity to create new services and generate greater efficiency in normal business and digital onboarding processes. This belief has been shared by the European Union since 2016, the year in which the so-called eIDAS Regulation came into force (EU Regulation 910/2014).
The eIDAS Regulation covers the complex matter of electronic identification and electronic trust services, which include electronic signatures. The aim is to offer a common framework to all European Union countries and create the best environment for cross-border transaction and cooperation. Currently, the eIDAS Regulation is going through a review process, and a new version of it is expected to be approved by the early months of 2023, or even by the end of 2022.
When referring to the digitalization of processes, the electronic signature represents a formidable enabling tool. That’s why in this contribution we will share some facts about the different kinds of electronic signatures defined by the eIDAS Regulation and how to implement e-signatures in order to create simple, digital and fully compliant processes.
What do we mean by electronic signatures?
When we talk about electronic signatures, we generally refer to different ways by which it is possible to sign a contract without printing it, and without affixing a handwritten signature on it.
Generally speaking, when signing a contract electronically, we associate a set of electronic data, which build up the electronic signature itself, to another set of electronic data, which form the document or the contract we need to sign. This could simply be done by clicking on a button, for example.
The legal value of a signed contract depends on a series of elements which can be summed up as follows:
- evidence of intent;
- identity, and
- integrity.
To make a signed document legally binding, these three aspects must always be present and clear, regardless of the format of the document – paper or digital.
What do you need to make a contract legally binding?
As we mentioned before, the intent of the signer should always be evident: it makes it clear that the signing party understands the content and the terms of the document they are going to sign.
But to identify the counterpart – to be able to associate the undersigned document to its signer – is just as important. This can easily be done by means of the email address or mobile phone number that are related to the signer and are used to send them the invitation to sign the document. It is also possible to ensure the counterpart’s identification by means of electronic identification (eID) or by asking them to upload a copy of an ID document, when circumstances require a stronger form of identification. .
Last but not least, it could be necessary to prove the validity of a contract, as in the case of a dispute. In this case, to prove that the document has not been intentionally tampered with, you will need to demonstrate its integrity.
But how can you ensure all of these characteristics?
This can easily be done by collecting evidence of all the events that define the life-cycle of a signed document – from the moment it is shared with the counterpart, to when it is signed.
Scrive, which is Doxee’s partner for electronic signature, ensures the evidence of the “3 I’s” thanks to the Evidence Package, a set of information that describes all the different events the document undergoes, and that is attached to the signed document itself.
Evidence collected in the Evidence Package consists of audit logs that show, for instance:
- a screenshot of the agreement in the Scrive UI, to demonstrate intent;
- proof of the identification of the signer, which could be their email address or phone number, or a means of eID;
- time references that show the exact date and time of events such as identification, opening of the document, signing.
Finally, a digital signature (or digital seal) is affixed to the signed document: this will prevent it from being tampered with and ensure its integrity.
But there are different types of electronic signature, with different characteristics both from a technological and from a legal point of view. So, let’s try to figure out what an electronic signature looks like according to eIDAS.
Electronic signatures in the eIDAS Regulation
Each country may have its own regulation when it comes to signing a document or a contract, but when we talk about electronic signatures in any EU country, we should always consider the eIDAS Regulation first. That’s because the eIDAS Regulation is an EU regulation, and this means it must be applied in all EU countries at a first level. Then, every country may have its norms about the topic, but always taking into account the framework of the eIDAS Regulation.
That being said, let’s see how many different kinds of e-signatures we have in the eIDAS Regulation and how they work.
A simple or basic electronic signature (BES) can be any kind of signature made in an electronic environment where the signatory has manifested their intent (e.g., by clicking on a button or checking a box, as we mentioned before) to agree with the contents of the document.
According to eIDAS, an AES or advanced electronic signature must comply with the following additional requirements:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- it is linked to the signed data in such a way that any subsequent change in the data itself is detectable, thus ensuring the immutability of the signed data.
These elements we have just described can be achieved through different means regardless of what technology is used (principle of technological neutrality). We also point out that the identification for signing purposes may be an electronic identification (eID), but other forms of identity verification in a digital environment could be valid as well. Using a recognized eID to assure secure authentication of the signatory’s identity offers the opportunity to digitalize the whole signing process, avoiding hybrid solutions.
Finally, a QES or qualified electronic signature means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. The use of Qualified Electronic Signatures is related to an extra layer of assurance (or trust) that results in a special legal effect that shall be recognized by the courts in the EU.
In some cases, Qualified Electronic Signatures can be based on cryptographic technology. For instance, the Italian Code of Digital Administration (d.lgs n. 82/2005, commonly referred to as CAD) provides for the definition of a specific type of QES, which is defined in the Italian regulation as “digital signature”. According to Italian law, this kind of signature must not only rely on qualified certificates, but also on the use of asymmetric key cryptography. .
Why do you need an electronic signature to simplify your digital processes?
Implementing an electronic signature can help simplify a digital process when it comes to collecting a counterpart’s signature on a document. In fact, an electronic signature helps speed up signing processes, as it makes it possible to sign a contract at any time, anywhere and from any device, be it a personal computer or a smartphone.
Depending on the specific process and type of contract, it is possible to choose the solution of electronic signature that best fits the requirements and can help us reach the final goal.
Basic electronic signatures and advanced electronic signatures are usually the best option when it comes to digitalizing onboarding or signing processes, because they combine the need for efficiency with the need of having legally binding documents. BES and AES are easy to use and are free of charge for the signers. Furthermore, users do not need to manage new personal credentials or passwords – they just need their email address or mobile phone, and a valid means of identification for AES.
Creating a better customer experience thanks to e-signatures: a successful partnership
Integration is often the key to success: that’s why Doxee has chosen Scrive as a partner for electronic signature, to digitalize contract signing processes. Electronic signature is now an indispensable element when companies choose the path of progressive digitalization, given that improving the customer experience is such a critical factor for business development.
The integration of Scrive’s solution with the native Doxee Platform® enables the total elimination of paper at each step, reducing waiting times to just a few clicks and making the entire process of signing contracts absolutely reliable and completely traceable from a legal point of view.
Since 2010, Scrive has been a leader in the field of digitalisation, providing electronic signatures and identification solutions, enabling businesses around the globe to sign agreements with their customers, partners and employees; all of this, combining security, compliance, and data quality with a focus on customer experience.
The attention to customer centricity is also something that Scrive and Doxee have in common: for more than 20 years, Doxee has been supporting companies in the digitalization of their processes, helping them to offer a valuable, personalized and effective customer experience.
This article was written in collaboration with Scrive
