eIDAS defines three different forms of electronic signatures:
- Standard Electronic Signature
- Advanced Electronic Signature
- Qualified Electronic Signature
A digital signature cannot be denied legal effect just because it is digital, but countries may request a specific digital signature. In other words, a digital signature may be denied on the basis that it is considered a Standard Electronic Signature and not an Advanced Electronic Signature.
Here is some further elaboration on the three types of electronic signatures:
1) Standard Electronic Signature
- It is defined as “means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”
- Examples: 1) Typing the name at the bottom of the document; 2) Drop-signature using the mouse, pre-saved signatures on a PDF, or signing by clicking.
- It does not usually involve a third party to verify the identity of the Signee. Therefore, it can easily be forged/misused, depending on what kind of Standard Electronic Signature is used.
- This form of signature can easily be used across different countries, and it is a time-efficient way of signing contracts.
A one-click signature is a form of Standard Electronic Signature that is one of Contractbook digital signatures.
2) Advanced Electronic Signature
- This is a more “formal/sophisticated” signature and is defined as “an electronic signature which meets the requirements in Article 26”. Article 26 of eIDAS reads as follows:
“An advanced electronic signature shall meet the following requirements:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control, and
- it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.“
- The regulation is “tech-neutral,” and it does not state how the above requirements should be met. However, it is commonly agreed that AES is usually achieved by using Public Key Cryptography (PKI) technology
- In simple words, a PKI consists of a key pair.
- One public key and one private key. Private keys are kept secret, and public keys are known.
- Documents encrypted with a public key can only be opened with the corresponding private key.
BankID is also an Advanced Electronic Signature. In order to get BankID, users must legitimize themselves with a passport in order to get a customer relationship established and get an issued BankID. BankID is also based on PKI technology.
In Contractbook, we support BankID from Finland, Norway, and Sweden.
Our SMS verification is also an Advanced Electronic Signature as it satisfies all the requirements under Article 3(11). Despite this, Finnish, Norwegian, Swedish, and Danish companies will often opt for BankID and MitID as the identification of the user is validated through national identity systems/banks. BankID and MitID carry a bigger legitimacy (especially in Finland, Norway, and Sweden).
Our SMS verification is nonetheless an Advanced Electronic Signature.
3) Qualified Electronic Signature
- It is defined as “an advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures.”
- A “qualified certificate for electronic signature’ means a certificate for electronic signatures that is issued by a qualified trust service provider and meets the requirements laid down in Annex I.” Annex 1 contains ten further requirements.
- A Qualified Electronic Signature is only required in very few specific cases and is not very sought after, and it is, however, the most secure electronic signature currently.
A handwritten signature is signing a document with a pen. This is commonly referred to as a “wet signature.” Although it is a simple way of signing documents, it still carries a lot of strength, but it requires extra time. Some public agencies do not enable digital signatures or forms to be sent digitally, and a handwritten signature is the only valid type of signature in those cases.