If you want to use digital identification and signatures in Europe, you best operate within a set legal framework. A digital signature should comply with certain guidelines, which can differ per EU member state. The rules can be as dazzling as the options, and it might be difficult to see the forest for the trees. In this article, we will provide some clarity by answering the most pressing questions: which three types of electronic signatures (as defined by eIDAS) can you choose from, and what are the pros and cons of each?
Basic electronic signature
Do you need to accept a delivery package? Check a digital box on a desktop screen? Scan a manually signed document? Then the basic electronic signature will suffice. This may either be a signature that’s manually put on a desktop screen (after which it’s digitally saved) or a click on an ‘I accept’ button. Approval or acceptance is always proved through a certificate.
Generally, this type of signature is mainly used in lower-value processes, as there is no foolproof way to confirm the identity of the signer. If someone would copy another person’s signature and put it on the document, it would be difficult to prove (or even discover) that. Using the basic electronic signature in legally valid documents could obviously pose an issue, depending on the process in place. Therefore, a signature on insurance, financial, or real estate documents, for example, should meet stricter requirements so it can be connected to the signer with (more) certainty.
Advanced electronic signature
Exceeding the basic electronic signature by far, this type of signature meets four specific legal requirements. First, it is uniquely linked to the signer. Second, the signer can be identified. Third, the signature is placed using an ultra-secure mechanism that ensures the signer is the only person who can sign the document. If, for example, a bank card is linked to a married couple’s joint bank account, it can’t be used to identify the signer. After all, two people are legally associated with said account, which eliminates the uniqueness factor. The final requirement is that after signing a document, any subsequent data change is traceable.
Compared to its basic counterpart, the advanced electronic signature clearly ups the level of security. Yet its reliability is not one hundred percent, because these four requirements can be interpreted rather freely. So, while this signature is fully eIDAS compliant, provides a high level of trust and is tamper proof, the identity checks would still risk not meeting the strictest reliability prerequisites. It all depends on the process that has been put in place. This signature can be seen as the perfectly balanced signature between user experience and risk management. A example of an Advanced Electronic Signatures is a biometric signature using a Wacom tablet.
Qualified electronic signature
If you believe a paper-version ‘wet’ signature is the only safe option for your type of document, consider its digital equivalent: The Qualified Electronic Signature. A qualified electronic signature binds the signer’s identity to its signature by means of a personal, qualified certificate issued by a Qualified Trust Service Provider (QTSP). This ensures that the signature is not only valid in the EU-country where it has been assigned, but is recognized as a valid, legally binding signature in every other member state of the European Union. Having this special legal status in Europe, it can be used for the most crucial high-risk documents – from life insurances to credit applications – depending on the local legislation. In addition to the four previously discussed requirements, this non-repudiation digital signature must meet a range of other measures. For example, that the user’s signature key is managed by a Qualified electronic Signature Creation Device (QSCD), which entitles that only the signer should be able to access and use their personal key, and the signature creation data is unique, confidential and protected from forgery.
These additional requirements pay off: the reliability level of the qualified electronic signature is top notch. It is the only type of electronic signature that is one hundred percent capable of identifying the signer, as initial face-to-face verification or an equivalent process is required. Should a party dispute the signature at some point, the burden of proof lies with the signatory. By way of comparison: with the basic and advanced electronic signatures, the burden of proof lies with the party that initiated the signature. Examples of this most secure type of signature are eID and itsme® sign, which Connective uses and offers in Belgium.
What’s the difference?
As we’ve explained above, electronic signatures are classified by the level of assurance they offer. Each of the three types of electronic signatures can be legally effective under eIDAS. A basic level of integrity is always guaranteed in the sense that content can’t be altered after signing the document. But the levels of security differ significantly, and if you ever need to prove to a court a signature is genuine and was intentionally put on a particular document, there’s a difference in the evidence you must provide.
The good, the better & the best
Of course, as a company you want a solution that is easy-to-use, accessible whenever and wherever you want while remaining trustworthy and compliant. Below you’ll find a brief overview and explanation of what might best suit your needs.
|The good||The better||The best|
|What?||Basic Electronic Signature||Advanced Electronic Signature||Qualified Electronic Signature|
|Why?||- Quick & easy|
- Easy to use on mobile
- Visually the same as on paper
|- Linked to signer|
- Provides more legally binding proof
- More thrustworthy than basic signature
|- Highest level of security|
- Personal link to signer
- Digital equivalent of wet signature
- Legal obligation
|Use cases||- Signing when receiving a package|
- Simple approval
- Client onboarding*
- Credit loan*
*depending on local legislation or risk
|- Client onboarding*|
- Credit loan*
*depending on local legislation or risk
|- Signing insurance documents|
- Public administration procedures
|Connective solution||- SMS OTP|
- Mail OTP
- Manual signature
|- SMS OTP|
- Mail OTP
- Biometric signature
- itsme® sign
Do you have any questions about the different types of electronic signatures, or are you interested in using one of the three electronic signatures we described in this blog?
Please don’t hesitate to contact us. We offer all options and are happy to discuss which one best suits your needs.