eIDAS defines 3 different forms of electronic signatures:
- Standard Electronic Signature
- Advanced Electronic Signature
- Qualified Electronic Signature
A digital signature cannot be denied legal effect just because it is digital, but countries may request a specific type of digital signature. In other words, a digital signature may be denied on the basis that it is considered a Standard Electronic Signature, and not an Advanced Electronic Signature.
Here is some further elaboration upon the 3 types of electronic signatures:
1) Standard Electronic Signature
- Is defined as “means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”.
- Examples: 1) Typing the name at the bottom of the document; 2) Drop-signature using the mouse, pre-saved signatures on a PDF, or signing by clicking.
- It does not usually involve a third party to verify the identity of the Signee. Therefore, it can easily be forged/misused, depending on what kind of Standard Electronic Signature is used.
- This form of the signature can easily be used across different countries and it is a time-efficient way of signing contracts.
A one-click signature is a form of Standard Electronic Signature that is one of Contractbook digital signatures.
2) Advanced Electronic Signature
- This is a more “formal/sophisticated” signature, and is defined as “an electronic signature which meets the requirements set out in Article 26”. Article 26 of eIDAS reads as follows:
“An advanced electronic signature shall meet the following requirements:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.“
- As seen, the regulation is “tech-neutral” and it does not state how the above requirements should be met. However, it is commonly agreed that AES is usually achieved by using Public Key Cryptography (PKI) technology
- In simple words, a PKI consists of a key pair. One public key and one private key. Private keys are kept secret, public keys are known to the public. Documents encrypted with a public key can only be opened with the corresponding private key
NemID is a form of Advanced Electronic Signature and constitutes the Danish electronic identification (eID) mechanism. Through NemID, identity validation is conducted through national identity systems. NemID is based upon PKI technology.
Norwegian BankID is also an Advanced Electronic Signature. In order to get BankID in Norway, users must legitimize themselves with a passport in order to get a customer relationship established and get an issued BankID. BankID is also based upon PKI technology.
Our SMS verification is also an Advanced Electronic Signature as it satisfies all the requirements under Article 3(11). Despite this, Norwegian and Danish companies will often opt for BankID and NemID as the identification of the user is validated through national identity systems/banks. BankID and NemID carry a bigger legitimacy because of this (especially in Norway). Our SMS verification is nonetheless an Advanced Electronic Signature.
3) Qualified Electronic Signature
- Is defined as “an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures”
- A “qualified certificate for electronic signature’ means a certificate for electronic signatures that is issued by a qualified trust service provider and meets the requirements laid down in Annex I”. Annex 1 contains 10 further requirements
- A Qualified Electronic Signature is only required in very few specific cases and is not very sought, it is however the most secure electronic signature currently
Contractbook does not offer a Qualified Electronic Signature.
A handwritten signature is signing a document with a pen. This is commonly referred to as “wet signature”. Although it is a simple way of signing documents, it still carries a lot of strength but it requires extra time. Some public agencies do not enable digital signatures or forms to be sent digitally, and a handwritten signature is the only valid type of signature in those cases.