The eIDAS Regulation is a regulation adopted on 1 July 2016, which entered into force in 28 EU countries, replacing the previously applicable Directive on a Community framework for electronic signatures. This document, which is relevant to both private individuals and businesses, defines the concepts of electronic signatures and other trust services and the procedures for their use in the EU countries.
Electronic signatures – a means of identifying natural persons
The possibility for natural persons to sign with an electronic signature is one of the biggest changes in the provision of trust services that has been implemented with the adoption of the eIDAS Regulation. Until then, e-signatures were also used as a means of identifying legal persons under the Directive on a Community framework for electronic signatures. Since the eIDAS Regulation came into force, legal persons are not issued electronic signature certificates, but electronic seal certificates, which are not intended for signing but for ensuring the origin and integrity of data.
What additional trust services are defined in the eIDAS Regulation?
As we have already mentioned, electronic seals are not equivalent to electronic signatures confirming the identity of a legal person. It is a tool to ensure the origin and integrity of documents or data. However, if you decide to start using an electronic seal, it is essential to ensure that it is only available to those persons who are authorised to act on behalf of a particular legal entity. This is usually the head of the company or his/her authorised persons.
Electronic timestamps are used to ensure the correctness of the time associated with a particular document or data.
Verification and validation service
In order to validate a qualified electronic signature or electronic seal, it must be verified that it meets all the requirements listed in the Regulation. This is one of our services that is relevant to natural and legal persons.
What are advanced and qualified electronic signatures?
The eIDAS Regulation defines an electronic signature as data in electronic form, logically associated with other electronic data, used by a person for signing purposes. In practical terms, the signature on the courier’s tablet, for example, which is affixed when a person collects a parcel addressed to him or her, also fits the definition of this concept. Obviously, this method of signing would create a number of problems if the identity of the signatory had to be proven.
It is for this reason that the eIDAS Regulation also defines advanced and qualified signatures that provide a higher level of security which fulfil all the requirements set out in the Regulation. Advanced electronic signature is an electronic signature which, in accordance with the requirements approved in Article 26 of the eIDAS Regulation:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data/information that the signatory can maintain under his sole control;
- it is linked to the signed documents in such a manner that any subsequent change of the data is detectable.
A qualified electronic signature is essentially the same as an advanced electronic signature, however, in order to meet even higher security requirements, it is created using a qualified signature creation device (i.e., configured software) and validated by a qualified electronic signature certificate, which can only be issued by a qualified trust service provider (TSP).
The eIDAS Regulation does not oblige parties to use a specific type of electronic signature (smart or electronic), thus allowing individual discretion. Although the most widely used in Lithuania are qualified e-signatures that ensure the highest level of security (Mobile-ID (mobile signature), Smart-ID app, ID card), advanced e-signatures are also used in certain cases. One of its applications is the signing of internal and short-term corporate documents. The institutions that decide to use advanced electronic signatures are responsible for their reliability and suitability.
Do electronic documents have legal standing?
Probably one of the main issues, or even fears, that hinders the transition from the era of paper documents and handwritten signatures to a more modern, convenient and efficient world where documents are signed at the click of a button, is the uncertainty of whether electronic documents have the force of law? The eIDAS Regulation makes it clear that electronic documents signed with an electronic signature or authenticated by an electronic seal and/or an electronic timestamp are subject to the principle of non-discrimination and admissibility in legal proceedings in any EU country.
NEVDA UAB is now part of the trusted lists defined by the eIDAS Regulation
In accordance with the eIDAS Regulation, trusted lists are lists established, maintained and published by each Member State, which include qualified trust service providers.
On 30 June 2022, the Communications Regulatory Authority of the Republic of Lithuania (CRA) has adopted a resolution granting our company, i.e., NEVDA UAB, a qualified status from 1 July 2022 allowing it to provide qualified electronic signatures and validation of validity of qualified electronic seals, which are becoming increasingly more popular among both private and legal entities.
This decision was taken by the CRA after objectively assessing that qualified trust services we plan to provide fully comply not only with the already discussed eIDAS Regulation but also the Law of the Republic of Lithuania on Electronic Identification and Trust Services for Electronic Transactions, as well as the requirements of the legal acts for implementing it.
Thus, since the adoption of the above mentioned CRA resolution, we are only the second service provider of this type to be included in the trusted list set forth in Article 22(1) of the eIDAS Regulation.
We can provide more information about eIDAS and how it applies to work processes privately: contact details