The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) adopted by the co-legislators on 23 July 2014 is a milestone to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
In this regard, the eIDAS Regulation ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU countries where eIDs are available.
creates an European internal market for eTS – namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication – by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.
With eIDAS, the EU has managed to lay down the right foundations and a predictable legal framework for people, companies (in particular SMEs) and public administrations to safely access to services and do transactions online and across border in just “one click”. Indeed, rolling out eIDAS means higher security and more convenience for any online activity such submitting tax declarations, enrolling in a foreign university, remotely opening a bank account, setting up a business in another Member State, authenticating for internet payments, bidding to on line call for tender, etc.
As a regulation eIDAS will enter in force directly, without the need of a national legislation. The regulation will automatically replace any inconsistent national laws in Europe. The framework is based on the Member States’ reciprocal obligation to recognise trust services if those services are based on a qualified certificate issued in one Member State. The opportunities lie in the leveraging of electronic trust services as a key enabler of the e-signature market by making electronic transactions more secure, convenient, and trustworthy. European businesses will be able to contract online (e.g. both “onboarding” new customers, as well as offering new products to existing clients).
One of the major benefits of eIDAS is that qualified digital signatures can now be generated using server-side signatures (where the signer’s key is held securely on a trusted server), which are far more efficient and cost-effective than the smartcard-based systems in use today.
How SIGNificant Complies with eIDAS
The power of SIGNificants’s flexible and open architecture is that it can incorporate multiple external e-Identity Providers (IdPs).
- Server-side signing: the user’s keys are held securely inside a Hardware Security Module (HSM) or cloud-based service attached to the SIGNificant Server.
- Local signing: the user’s keys are held on a smartcards or USB tokens
Furthermore server-side qualified signatures can be combined with capturing forensically identifiable signatures on signature pads or mobile devices. SIGNificant records the handwritten signature of a person by parameters of pressure, acceleration, speed, and rhythm. These parameters are unique to every individual and cannot be easily reproduced by a forger. Once a signature, including all the biometric parameters, has been embedded into a document, it is turned into a signed and sealed PDF. Based on the embedded signature the identity of the signer can be proved anytime via a forensic expert like today on paper.