eIDAS 2.0: Evolution of trust services
Read more
Reading time:
Date of publication:
Updated:
Electronic signature is a tool that accelerates document workflow and makes it easier to carry out remote contracting. However, many people are concerned about signing documents this way. This is why we are going to explain why electronic signatures are actually a safe solution.
Is an electronic document as „legitimate” as a paper document? How can I verify the identity of the person who submits an electronic signature on a document? Is there a risk that the other party could change the content of the electronic document? These are the most common questions asked by customers who are thinking about using electronic signatures, and also why we’re certain we can get rid of these doubts.
Regarding documents and electronic signatures, the national and European law quickly adapted to the changing reality. This area is mainly regulated by Regulation (EU) No 910/2014 of the European Parliament and Council of the 23 July 2014 on electronic identification and trust services for electronic transactions on the internal market, in short – eIDAS. Inside this act is the definition of an electronic signature - „an electronic signature is data in electronic form that is attached or logically linked to other data in electronic form, which is then used by the signatory in the form of a signature”. eIDAS, which became active throughout the EU in 2016, also defines an electronic document as „any content stored in electronic form, in particular a text or an audio, visual or audiovisual or recording”. Even an e-mail containing the sender's name and surname meets the requirements of an electronic signature, but in order to benefit from legal effects, the signature should be issued by a trust service.
A very important provision is found in Article 43 of this regulation ‒„The legal effect of an electronic document or its admissibility as evidence in court proceedings is not questioned solely on the grounds that the document is in an electronic form [...]”. The fact that a given document is in electronic form does not affect whether it is valid and binding. Above all, its content and the type of signature submitted on it are of great importance. Most documents can be signed with a standard electronic signature – it is an electronic signature consciously used by an individual, attached or linked to the signed content. The electronic signature can consist of a name and surname combined with an e-mail address and IP address. More importantly, the provisions of eIDAS state that the court cannot refuse to use this type of signature in evidence proceedings just because it is in electronic form.
Documents that require a written form (e.g. an employment contract, a contract for specific work with the transfer of copyright) can also be signed electronically, but in this case with only a qualified electronic signature, which has the same legal effects as a handwritten signature.
Many questions revolve around whether the electronic document sent for signature will be signed by an authorized person. When concluding a contract in-person, the identity verification usually means comparing the person’s information (e.g. PESEL number, name and surname) in the contract with that of a valid document confirming their identity (e.g. ID card or passport). Signing documents remotely definitely raises some security concerns. Is it even possible to effectively verify the identity of the person signing with an electronic signature?
A user who sends a document via the Autenti platform can be more than certain that the document will go to the correct recipient and that they will sign it using an electronic signature. Autenti uses several methods to verify the signer.
The most popular and easiest way to verify a signer is to use the email address assigned to them. The user who is using the Autenti platform to send the document for signature provides the recipient’s address. A secure link is sent to this address, which then directs the recipient to the signature panel. Once there, they confirm their identity and at the same time submit their electronic signature. From this moment, the email address is linked to the name of the signer and the IP address of the device that was used to sign. This information is then attached to the document and lets you determine who signed.
The second method for verifying a person that submits an electronic signature on the sent document is by using a one-time code sent to their e-mail address as well as an SMS code. So in addition to a link sent via e-mail, the recipient also receives an SMS code, which is sent to their telephone number. The code is only known to the person using this number and it is necessary for signing. In this way, the telephone number’s information is also added along with the first name, last name, e-mail address and IP address.
Another method is to use a qualified electronic signature that provides information about the signer outright. Companies that provide qualified certificates carry out scrupulous verification of the customer's identity. Before issuing a certificate, the employee compares the information provided by the client to the information on their ID card or passport – this type of verification is done in-person or remotely via a webcam. Thanks to this, a qualified signature is very much connected to the person who uses it. A qualified signature is also equivalent to a handwritten signature, which is why it can be used to sign documents that require a written form. Today, on the Autenti platform you can also use mobile versions of qualified electronic signatures for signing documents that must meet these requirements.
An electronic signature is electronic data or string of bits that is attached to an electronic document. The signature in this form can be read and verified by a computer, but not by the people who have received the signed document. Autenti has developed a solution to counter this inconvenience, which is that each electronic document sent via the platform is accompanied by a Signature Card. This is a page added to the document along with the submitted electronic signatures and the information specifying the verification method used for the people who signed.
The use of electronic documents raises concerns whether or not the document’s content will change „along the way,” either resulting from indiscretion or deliberate action. Autenti users don't have to worry about document security at all. Each document that has been sent and signed via the platform is secured with an electronic seal, which is based off of the qualified certificate. This guarantees the integrity of the document and prevents the introduction of changes from the moment the sender submits their signature. The seal also confirms the authenticity of the document, meaning that it was sent via a trusted platform. Additionally, each Autenti document is secured with a qualified time stamp, which guarantees that the document has not changed since it was secured. Autenti also makes sure that documents always remain accessible, in other words, each party has the ability to retrieve information at any time without the other parties needing to participate. Accessibility combined with integrity means that each document signed via the Autenti platform is a legally durable medium that makes it possible to have access to unchanged information in the future. Thanks to this, the electronic document can be presented, if necessary, during proceedings before a court or other state authority.
Katarzyna Domagalska
Visit author's profile
Agata Kolorz
Read more
Wojciech Kosmala
Read more
Monika Głowacka
Read more