In July the European Union introduced eIDAS, changing its handling of e-signatures. Now directly enforceable within the UK and across the EU, it has replaced the existing e-signatures Directive (in force since July 2001).
eIDAS is designed to ensure a more harmonised approach to the recognition and enforceability of e-signatures. It's already having a significant positive impact, with eIDAS providing a consistent framework for secure electronic identification and verification across Europe, delivering the necessary protection from risk for many businesses to start embracing secure electronic signature platforms.
Previously, electronic signatures took the form of a simple digital signature with no authenticating meta-data or, in other words, indicators of reliability. Now a common legal framework gives e-transactions and other e-signed documents (seals, timestamps and other forms of proof) the same legal status as those that are performed on paper, plus a way to securely identify the owner of the signature.
But amid all the confusion about its implications among expected early adopters, including wealth management practices and corporate banking and their security experts, what do you need to know to get up to speed on the new legislation?
Electronic Signatures - can now only be used by individuals. Previously, under the Electronic Signatures Directive, both individuals and corporate organisations could use an electronic signature. The eIDAS Regulation makes a distinction between natural and legal persons.
Advanced Electronic Signatures - Another change is the re-definition of the Advanced Electronic Signature, which allows unique identification and authentication of the signer of a document and enables the verification of the integrity of the signed agreement. A Certificate Authority typically accomplishes this authentication through the issuance of a digital certificate. These certificates have existed for many years and now, under eIDAS, users are able to utilise mobile technology for this activity.
Qualified Electronic Signatures - while both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are Advanced Electronic Signatures created by qualified electronic signature creation devices, based on Qualified Certificates. Qualified Certificates can only be issued by a qualified trust service provider, which has been granted its qualified status by the Supervisory Body. The electronic signature creation data must also be stored on a qualified signature creation device such as a smart card, a USB token, or a cloud based trust service.
Security implications to worry about?
Some commentators are worried that not all of the national assurance schemes across the EU are sufficiently robust, and with some of the enrollment processes not overly rigorous. The worry is that it can potentially undermine the credibility of authenticating identities online, especially when the person is in an unsupervised environment.
This raises further concerns about liability models and legal frameworks to protect organisations that are deceived by false identities. So making sure your organisation is up to speed on the protection mechanisms and burden of accountability is essential should you be relying on the signature of someone with a falsified identity.
The immediate benefits
What the eIDAS does do is enable e-signatures to exist in just one format where every movement, amendment and the security can be tracked reliably.
In addition, organisations also benefit from a set of compliance tools which are both valid across Europe and fully interoperable, giving the same legal protection for electronically signed documents as is afforded to paper and ink-signed documents.
Now, the option to use eSignatures - including digital signatures, certificates and even deploying biometric signature verification - is a credible one for businesses and the opportunities are wide-ranging.
- Reducing fraud in high value transactions
This is possibly the most abundant and critical signature application with substantial agreements affirmed by someone's signature; large financial or property transactions can pose a significant prize for career fraudsters. This makes automation a critical part of fraud prevention and using biometric eSignature verification can enable vendors to be certain of the identity of the person they are dealing with. Not only does this prevent identity fraud at a distance, it also counteracts misrepresentation when face-to-face. The unique characteristics of a signature can be analysed against pre-enrolled profiles to give a biometric assurance of identity.
- Remove the pain of long-distance contract signing
Multiple signatories in multiple locations may be required to endorse contract or other legal documentation. Traditionally, this would mean the document being posted around various locations to collect original signatures. The eSignature can eradicate this inefficiency by allowing the document to remain digital throughout the whole process. Clients can complete transactions from a compatible device anywhere in the world rather than having to wait to receive documents in the post and the information captured during the on-boarding process can be shared with multiple systems.
- Improve efficiency in gaining commitment
Save time and money by getting customer signatures on orders and contracts quickly using mobile devices. You can also replace posted and ‘print-sign-scan'' papers with electronically signed documents, which will speed up processes and integrate directly into your document management workflows. eIDAS has the potential to transform the operational efficiencies of many organisations.
Contributed by David Alexander, co-founder and executive chairman, My Wealth Cloud