Electronic signatures provide a secure, legal and efficient way for companies and private individuals to sign documents online. But what exactly does the term mean, and which legal requirements apply? This article will examine the various details concerning this type of signature.
What is an Electronic Signature?
An electronic signature can be used to digitally verify the authenticity and integrity of a document or message. It functions as the digital equivalent of a handwritten signature and can take various forms - from simple typed names to complex cryptographic systems.
Essentially, an electronic signature confirms the identity of the signatory and verifies that the signed data can’t be altered after signing. Electronic signatures are more than just digital signatures; they incorporate multiple types of technology and processes that ensure the security and reliability of online document signing procedures. These include encryption methods, digital certificates and special signature keys that conclusively identify the signatory. These features make e-signatures an important tool for electronic identification, especially in areas that require a high level of security and legality.
3 Types of eSignatures
Generally, we differentiate between three types of e-signatures: in addition to simple electronic signatures, there are advanced and qualified electronic signatures.
SES: Simple Electronic Signatures
Simple electronic signatures (SES) are the most basic form of e-signatures. It is a digital image of a signature that is often used to indicate consent or approval in a digital process.
An SES is easy to implement, but it offers only limited security. Unlike advanced and qualified electronic signatures, this method does not verify the identity of the signatory or ensure that a signed document cannot be changed. This makes the SES suitable for less sensitive applications with low liability factors; examples include a scanned handwritten signature or clicking “I accept” during online transactions.
AES: Advanced Electronic Signatures
The advanced electronic signature (AES) provides a higher level of security than the simple electronic signature. It meets specific requirements to verify the signatory's identity and protect the integrity of the signed data.
One of the key features of the AES is that it is clearly linked to the signatory, making any subsequent changes to the data detectable. To this end, advanced electronic signatures are generated via signature keys. These keys are part of a cryptographic system designed to enable solely the legitimate holder of the key to produce the signature. As a result, the AES is an appropriate solution for contexts with a medium liability risk, such as sales contracts.
QES: Qualified Electronic Signatures
The qualified electronic signature (QES) provides the highest level of security among electronic signatures and is legally equivalent to a handwritten signature in Switzerland (ZertES) and in all EU member states (eIDAS). It reliably identifies the signatory and authenticates the integrity of the signed document.
A QES is generated by a secure signature creation device (SSCD). This device ensures that the signature key is created and used in a secure environment to protect the signature from manipulation and misuse. Thanks to these high security standards, the QES is used in many legal contexts with substantial liability risks, such as employment law and public administration.
How Electronic Signatures Work
Digital signatures use cryptographic processes that safeguard the integrity and authenticity of a document. They require a digital key combination - the public key for verifying digital signatures and the private key for creating digital signatures - as well as an encrypted numerical code, the so-called hash value. The hash value is generated from the content of the document to be signed and is unique for each document.
The process of a digital signature begins by performing a hash operation on the document to be signed. This generates a compact string of characters, i.e. the hash value, which represents the data of the document. The hash value is then encrypted with the signatory's private key, creating the digital signature.
The recipient of the document can verify the signature with the signatory's public key. The hash value is then decrypted and compared with a recalculated hash value of the received document. If both values match, the document is considered authentic and unchanged.
Use Cases for Electronic Signatures
- Financial Sector: Banks, insurance companies and other financial institutions use electronic signatures for loan applications, policy changes and general customer contracts.
- Healthcare: In the healthcare sector, electronic signatures are used to sign insurance policies, for example.
- Public Administration: Authorities use electronic signatures to apply for funding, approve construction projects, and issue official documents, to name a few. The electronic use of ID cards, such as eIDAS-compliant remote signatures via eID, is another example.
- Legal sector: In the legal sector, digital signatures are used for the electronic signing of contracts, deeds and court documents. Law firms and notary's offices use digital signatures to check the authenticity of legal documents and verify the identity of the signatories.
Benefits of Electronic Signature
E-signatures have many advantages. According to the German Federal Office for Information Security (BSI), for example, they “will make a significant contribution to the development of electronic business correspondence in e-government and e-business and electronic legal correspondence”.
The three most notable benefits are:
- Increased efficiency: Electronic signatures increase efficiency and accelerate business processes, as the entire signing process is digitized and automated.
- Reduced expenses: Documents no longer need to be printed, signed and sent by mail. This allows companies to save money, as they will need less paper and personnel.
- Improved customer experience: Customers appreciate the possibility to sign contracts conveniently from anywhere and at any time without having to go to a physical business location.
Legality of Electronic Signatures
Generally, electronic signatures are legally binding, but there are certain requirements that must be met. For example, if a document is legally subject to the written form, it is only fully legally binding with a qualified electronic signature. A simple electronic signature or a scanned handwritten signature is not sufficient in such cases.
Likewise, the scan of a signature applied to a modifiable document is not considered secure, as it could be forged easily. Scanned handwritten signatures do not meet the requirements of the eIDAS Regulation.
The eIDAS Regulation, short for “electronic Identification, Authentication and Trust Services”, refers to EU Regulation No. 910/2014, which came into effect on July 1, 2016. It is a crucial legislation for all member states of the European Union, intended to enable secure electronic transactions across EU borders.
The eIDAS Regulation establishes the legal parameters for electronic signatures and a standardized legal framework across all EU countries. It defines the different types of electronic signatures, their legal equivalences and the requirements for secure use.
Conclusion
E-signatures have already been established across various industries. They are an essential part of the modern business world and will continue to play an important role in the future. The EU's eIDAS Regulation provides a standardized legal framework for electronic signatures.
With our PXL Ident you can easily create a simple electronic signature. We have also recently started to offer qualified e-signatures, PXL eSign.
Would you like to integrate the QES, or are you looking for a reliable identification provider for your QES? Contact us now for a consultation.
A digital signature is a type of electronic signature that is generated by means of cryptographic processes, verifies the identity of the signatory and guarantees the integrity of the signed document.
An advanced electronic signature meets higher security standards than a simple electronic signature and offers some certainty about the identity of the signatory. Whereas, a qualified electronic signature meets the strictest legal requirements and is legally equivalent to a handwritten signature.
The eIDAS Regulation is an EU regulation that provides the legal framework for electronic signatures and other trust services in the European Union by creating a standardized legal framework for their recognition and use.
The difference between a digital signature and an electronic signature is rather simple: The digital signature is one specific form of electronic signature. “Electronic signature” is an umbrella term that covers all types of e-signatures, including digital signatures, as well as simple and advanced electronic signatures.