The eIDAS Regulation defines three levels of electronic signature: ‘simple’ electronic signature, advanced electronic signature and qualified electronic signature. The requirements of each level are built on the requirements of the level below it, such that a qualified electronic signature meets the most requirements and a ‘simple’ electronic signature the least.
‘Simple’ electronic signatures
An electronic signature is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. Thus, something as simple as writing your name under an e-mail might constitute an electronic signature.
Advanced electronic signatures (AdES)
An advanced electronic signature is an electronic signature which is additionally:
- uniquely linked to and capable of identifying the signatory;
- created in a way that allows the signatory to retain control;
- linked to the document in a way that any subsequent change of the data is detectable.
The most commonly used technology able to provide these requirements relies on the use of a public-key infrastructure (PKI), which involves the use of certificates and cryptographic keys.
Qualified electronic signatures (QES)
A qualified electronic signature is an advanced electronic signature which is additionally:
- created by a qualified signature creation device (QSCD);
- and is based on a qualified certificate for electronic signatures;
- it is equivalent to a handwritten signature.
Legal effects of electronic signatures (Article 25 – Regulation (EU) no. 910/2014 (eIDAS regulation))
1. An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.
3. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States.