Do you need to sign contracts digitally that will be valid throughout Europe? The European Parliament’s 2016 eIDAS Regulation makes it possible. It serves as the basis for the technical implementation of the Smart eID, which citizens in Germany have been able to use on a smartphone since the end of 2021. But why is the regulation so important? How does it contribute to the digital internal market? And how do the advantages manifest themselves? Nevis provides an overview of the legal perspectives of the eID.
eIDAS – This is the abbreviation of EU Regulation No. 910/2014 of the European Parliament and it is derived from the title ‘electronic IDentification, Authentication and trust Services’.
eIDAS makes it possible: digital transactions are finally secure
The regulation applies to the electronic identity (eID) and aims to establish a legal basis for electronic transactions that is equivalent to the one that already applies, for example, to paper-based transactions. The standardised rules are designed to ensure that contracts can then be concluded and sent in a legally compliant and consistent manner entirely in the digital domain. Accordingly, the eIDAS defines technical processes and standards for electronic certificates, electronic seals, time stamps and e-signatures.
The EU regulation has been in force in Europe since 1 July 2016 and is valid in the 28 EU member states and in the European Economic Area. It is substantiated by what are known as implementing acts – as has been the case in Germany since 28 July 2017. This is the mechanism by which the EU regulation is transposed into national law. The legislation became mandatory one year later – which means that European countries have since then been obliged to mutually recognize their electronic identities (eID). The one exception is Switzerland, which did not adopt the eIDAS because the country is neither a member of the European Economic Area nor of the European Union. Instead, the country has its own signature legislation, which nevertheless does incorporate the main provisions of eIDAS.
Poor compatibility has hindered the digital internal market
The eIDAS Regulation symbolises the EU’s renewed focus on the development of the digital internal market. The regulation replaces not only the old signature directive 1999/93/EC governing e-signatures but also Germany’s signature legislation, which was widely criticised for its excessively strict security requirements.
The problem prior to the introduction of the eIDAS Regulation involved the existence of numerous parallel national signature laws in the EU – these failing to consider the compatibility and recognition of regulations in other European states. This impeded the provision of secure communication as well as the conclusion of contracts in the European internal market.
The new eIDAS Regulation is set to change this situation. By selectively removing barriers to digital transactions, the regulation now aims to facilitate seamless trade flows in the EU through transparency, security, technological neutrality, cooperation and interoperability.
To make this possible, eIDAS has:
- standardised the use of electronic identification (eID)
- defined a new class of ‘electronic trust services’ (eTS)
- clarified and safeguarded the legal validity of e-signatures
- created a European internal market for electronic trust services within the EU
What does the eIDAS Regulation contain?
Broadly speaking, the regulation contains binding rules for Europe that cover all aspects of electronic trust services and electronic identification. For instance, it defines the three security levels of e-signatures. This refers to data in electronic form that is used by the signatory to sign documents and which verifies the signatory beyond doubt as part of an identity check.
Electronic signature types
- The simple electronic signature (SES) is the most basic security level and is not subject to additional requirements. It is used for signing GTCs or documentation.
- The advanced electronic signature (AES) is used to conclude offers, purchasing contracts or applications. It is uniquely assigned to the contract signatory and identifies them. In this case, the signature is also created with the help of electronic signature-creation data, which explicitly links the signatory to the signed data. Any subsequent amendments to this data are also recorded electronically.
- The qualified electronic signature (QES) is the final security level. It is used for sureties or fixed-term employment contracts. In technical terms, it is based on the AES. However, it is created by a qualified e-signature-creation device and is underpinned by a qualified certificate for e-signatures. This guarantees the highest degree of security for the signature.
What’s more, the eIDAS Regulation lists conditions and requirements for storing certificates, electronic seals, time stamps and signatures. In the area of contract management, in particular, this has resulted in a range of application areas: from simple signing of contracts to cross-border property transactions and certified electronic documents all the way to secure electronic authentication on websites. Thanks to the eIDAS Regulation, the use of tablets or smartphones to perform electronic registration and create electronic signatures is now also possible and clearly defined.
How the eIDAS Regulation benefits security checks
The eIDAS Regulation provides a range of advantages that go beyond the creation of consistent, binding standards for electronic signing and identification that are valid throughout Europe. The added benefits are as follows:
- Creation of clear policies for creating, checking and storing e-signatures
- Possibility of digital remote signatures via mobile devices
- Establishing legal certainty for cross-border electronic transactions
- Less need to exchange paper documents
- Protection of digital processes and the streamlining of various procedures
- Reduced bureaucratic workload and service requirements for authorities
- Optimised transparency throughout the EU internal market
- Clear liability regulations
- Elimination of the compulsory physical presence of contract partners
- Elimination of the risk of losing paper documents sent by post
- Uniform application areas for the eIDAS Regulation