What is compliance technology?
HR compliance - 7 issues to watch out for
Any Ideas on What eIDAS Is?
Every so often, a piece of regulation comes out that has an acronym exceptionally hard to figure out. eIDAS is one such acronym. Thankfully, however, we go on to fully explain it below. We do so because we think the idea behind eIDAS is so key, even if it hides behind an otherwise inexplicable five letter abbreviation. For, it is because of eIDAS that we can rely on electronic signatures, which makes signing legal documents and contracts not only easier but far more reliable than previous regulations achieved.
What is eIDAS?
Let’s start off with the basics. What on earth does eIDAS stand for? It is an acronym for electronic IDentification, Authentication and trust Services. It is regulation put in place to help enhance and support electronic transactions in the EU. Through regulating the EU’s ability to provide secure electronic transactions, a predictable environment has been established to help companies, citizens and public authorities do business with one another. As a result, eIDAS is a key piece of regulation that helps achieve the EU’s digital single market ambition. eIDAS has helped create a common digital framework for Europe which in turn helps drive e-commerce across the EU as well as globally.
In practice, that means that a European internal market for electronic trust services has been created. So there is now a common usage of electronic signatures, electronic seals, time stamps, electronic delivery series and website authentication - that is understood and employed across all the countries within the EU. It also means that individuals and companies are able to use their domestic electronic identification schemes (otherwise known as eIDs) to access other public services in other EU countries if eIDs are available there.
What was previously used before eIDAS?
The eIDAS regulation replaced what had previously been used, known as the eSignatures Directive and any other, arguably, ineffective laws concerning digital signatures across Europe.
In fact, it was found that the directive actually hampered the efforts of the digital single market. The reason being is that it was not fit for purpose. It was initially created when hardware was still used to help support trade. Items like smart cards were used, as opposed to electronic payment transfers. Cloud computing was not as widespread and the pace of its development and usage was not anticipated correctly. The eSignatures Directive therefore became outdated far more quickly than could have been foreseen.
Three e-signatures types under eIDAS
The eIDAS regulation has established three types of electronic signatures that can be used. They increase in assurance level. The increased assurance level comes from a deeper authentication procedure by a third party, as well as the level of trustworthiness of that third party increasing too.
Basic Electronic Signatures
These electronic signatures are suitable for general usage where only the most basic level of security is required. That is not to say they are not secure. They are still legally binding, though they are more prone to forgery than other forms of electronic signatures. A basic electronic signature can simply be a scanned copy of a person’s signature or even just checking a tick box on a consent form.
Advanced Electronic Signatures
These types of electronic signature are more trustworthy than basic e signatures as they have an electronic seal included with them. That means that to meet AES conditions, the signatures must be able to identify the signatory, be established by using electronic signature creation data, and be linked only to the signatory themselves. This should all be done by making use of technology called public key infrastructure. It is a form of asymmetric cryptography that allows a digital certificate to verify a digital signature.
Qualified Electronic Signatures
A qualified electronic signature is more difficult to attain as there are more criteria that this level of signature has to meet, above an AES. The main added extra to a qualified electronic signature is the fact that the certificate authority, or third party verifying third party must be a Qualified Trust Service Provider or at least be partnered with such a provider.
Why is it important to understand eIDAS regulation?
eIDAS is an important idea to get to grips with as it materially improves the convenience and security of taking part in electronic transactions across borders. Without it, the bureaucracy surrounding signed documents would increase, and could be in danger of being ineffective. That ineffectiveness could be a reality if documents simply were not signed due to the impractical logistics that a world without eIDAS creates. Or they could be ineffective because documents are signed in a way that is not secure or enforceable in a court of law - thus making a contract almost useless if there is a breach.
Additionally, in understanding eIDAS it means that you can also start to realize the true benefits that this regulation brings. Firstly, let’s talk about security. By introducing eIDAS, cross-border electronic transactions are far more secure. When something is more secure, it is more trustworthy. Any work that stems from those transactions can then be relied upon and the quality of results can therefore be much improved.
Secondly, by having one standard across the entire EU, there is a great deal more transparency and openness that comes from that standardization. It also means that entities have to be fully accountable for what they are signing, but importantly it just makes life a lot more straightforward. There are less hoops to jump through and less hoops to try to get to grips with.
If each EU country had a different standard or regulation, every time businesses in different countries wanted to take part in a cross border transaction, extra administrative work would need to be completed to ensure that all the legalities surrounding digital signatures were carried out. With eIDAS, that is no longer the case.
That then has a big impact on how employees of a company dedicate their time. As opposed to the extra administrative effort that life without eIDAS would be, employees can channel their energies elsewhere to be productive and, ultimately, more profitable.
Finally, having eIDAS in place means that all companies in Europe can take advantage of contract software that helps further reduce the administrative burden of contracts, and instead allows contracts to become the assets they rightfully should be. And we’re not talking about PDFs that can be sent via email ready for signing. While, yes, that will get a document signed, and if done correctly it will align with eIDAS, that does not make the most of what a contract can be.
Through Contractbook’s software, you can automate contracts that are created once an event is triggered. Our software ‘knows’ how to do that as our contracts are in dynamic machine readable format. That means you can harness data in your contract and build automated workflows. The dreaded PDF, in comparison, keeps your business inside tangled up in useless metadata.
How does the US standard compare?
While eIDAS has helped create a common digital framework for Europe, what does the US have? In the US, there is currently an act called the Uniform Electronic Transaction Act (UETA) which is a state law and Electronic Signatures in Global and National Commerce Act (ESIGN) which is Federal law. They both state that for a eSignature to be valid, the signature must hit key four criteria. Firstly, an intent to sign by the signatory. Secondly, there must be consent to partake in business in an electronic way. Thirdly, signatures must be associated with a record. In practice, this means that eSignature software must be able to prove that the signature came from the actual intended signatory. Lastly, a record of US electronic signatures must be retained and an accurate record of the signature.
In terms of comparison to eIDAS, UETA and ESIGN provide scope on what is allowed to qualify as an electronic signature that can be trusted. While a broad standard across such a wide, deep and rich market is helpful, the current problem with the UETA in particular is that not all states have signed up to it. Most have, however, with only New York and Illinois not enacting it. Yet, while those states do have their own e-signature directive, it does take away one of the advantages that eIDAS has provided. A central, trusted piece of regulation that helps make e-commerce more trustworthy and therefore more efficient.
eIDAS helps underline everything we think contracts are capable of. By having a standard for several countries to adhere to, the process of creating and completing a contract is far easier and streamlined. It raises the quality and security of contracts too - meaning that they become the reliable asset that they should be. And, with using Contractbook’s software, those assets can be created in no time at all, leaving companies to leverage the results from the contract they so quickly established.