eIDAS is a regulation that established a new system for secure electronic interactions between businesses, citizens and public authorities across the entire EU. Despite the scope of the introduced legal regulations being very wide, from the business point of view, the records regarding electronic signatures, including qualified signatures, are of key importance.
What is eIDAS?
The abbreviation eIDAS (electronic IDentification, Authentication and trust Services) is Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market. From July 1, 2016, the document has been valid throughout the European Union and is applied directly into the Polish legal system. The purpose of the eIDAS regulation is to increase trust in electronic transactions through a legal framework that guarantees their security at the European level.
What is the eIDAS regulation about?
The eIDAS regulation addresses two general issues:
Electronic identification systems;
In this first instance, it primarily concerns defining the conditions of electronic identification by EU countries for the recognition of natural and legal persons used in other Member States. Among others, this has facilitated the transactions between companies and public entities (e.g. a Portuguese company can now easily submit a tender as part of an order for a public service contract in Sweden and have it settled completely online). This part of the regulation was taken into effect later, from September 28, 2018.
The eIDAS regulation had also previously introduced a new legal framework for a number of trust services. In addition to electronic signatures, including qualified signatures, they include:
Electronic seals (unlike electronic signatures, are created by legal entities and ensure the authenticity of the document’s origin and the integrity of the data that has been stamped);
Electronic time stamps (electronic data that binds other electronic data to a specific time, providing evidence that this other data existed at that time);
Registered Electronic Delivery Services (making it possible to receive and send official correspondence by electronic means so as to provide proof of sending and receiving data, while at the same time protecting it against the risk of loss, theft, damage or unauthorised changes);
Website Authentication Certificates.
eIDAS regulation and electronic signature
In the eIDAS Regulation, „electronic signature is defined as data in electronic form that is attached or logically linked to other data in electronic form and that is used by the signatory as a signature" (article 3, point 10).
The signatory must also be a natural person (Art. 3, point 9). In other words, the document allows various types of data as an electronic signature, as long as it has been consciously used to sign some form of content in electronic form and can prove that it is related to the signed content.
Additionally, "an electronic signature may not be denied legal effect and admissibility as evidence in legal proceedings solely on the ground that it is in electronic form or that it does not meet the requirements for qualified electronic signatures" (Article 25, point 1 of eIDAS). In practice, this means that in the case of most contracts occurring in the course of trade, any type of electronic signature can be used, including one that does not meet additional requirements apart from those listed above.
What is the definition of a qualified signature under the eIDAS regulation? Also defined in the eIDAS regulation is the so-called qualified signature, a specific form of advanced electronic signature. Article 26 of the document states that „an advanced electronic signature must meet the following requirements:
Is uniquely assigned to the signatory;
Verifies the identification of the signatory;
is submitted using the data used to create an electronic signature, which the signatory can, with a high degree of certainty, use under their sole control; and
is linked to the signed data in such a way that any subsequent change of the data is recognisable. "
Additionally, a qualified electronic signature is submitted using a qualified electronic signature creation device and is based on a qualified electronic signature certificate (Article 13, point 12). The certificate is issued for a limited period of time, only to qualified trust providers – such as cooperating qualified Autenti partners – and after verifying the identity of the person applying for it. Similar to the „standard” electronic signature on the Autenti platform, qualified signatures can also be obtained completely online - thanks to video verification.
Due to the additional requirements that must be met, the qualified signature, however, has a wider range of applications than the other electronic signatures. According to eIDAS, „a qualified electronic signature has a legal effect equivalent to a handwritten signature” (Article 25, point 2).
This means that you can also sign documents that require a written form under pain of nullity (e.g. an employment contract, all contracts with the transfer of proprietary copyrights, a bank account agreement, leasing agreement or general power of attorney). A qualified signature is also often required by state and local government administration bodies.
In turn, point 3, article 25 of eIDAS states that „a qualified electronic signature based on a qualified certificate issued in one Member State is considered a qualified electronic signature in all other Member States”. A qualified signature issued in Poland is therefore valid throughout the entire European Union.