Rationalized structure for electronic signature standardization - Best practices for SMEs

This Technical Report aims to be the entry point in relation to electronic signatures for any SME that is considering to dematerialize paper-based workflow(s) and seeks a sound legal and technical basis in order to integrate e-Signatures in this process. It is not intended to be a guide for SMEs active in the development of electronic signatures products and services - they should rather rely on the series EN 319 x00 for building their offer - but it is a guide for SMEs CONSUMING e-Signature products and services.
This document builds on FprCEN/TR 419040, "Guidelines for citizens", explaining the concept and use of electronic signatures, to further help SMEs to understand the relevance of using e-Signatures within their business processes. It guides SMEs in discovering the level of electronic Signatures which is appropriate for their needs, extends the work to specific use-case scenarios, paying special attention to technologies and solutions, and addresses other typical concrete questions that SMEs need to answer before any making any decisions (such as the question of recognition of their e-Signature by third parties, within their sector, country or even internationally).
Once the decision is taken to deploy e-Signatures in support of their business, SMEs will then typically collaborate with their chosen providers of e-Signature products or services, which can be done on the basis of ETSI 19 100, "Business driven process for implementing generation and validation of electronic signatures in electronic business", that helps enterprises fulfil their business requirements.  The present document presents the concept and use of the standards relevant for SMEs developed under the Rationalised Framework to SMEs.

Cadre pour la normalisation de la signature électronique - Meilleures pratiques pour les PME

Racionalizirana struktura za standardiziran elektronski podpis - Dobre prakse za MSP

Cilj tega tehničnega poročila je biti vstopna točka v zvezi z elektronskimi podpisi za vsa mala in srednje velika podjetja (SME), ki razmišljajo o ukinitvi potekov dela na osnovi papirja ter iščejo preudarno pravno in tehnično osnovo, da bi v tem postopku integrirali elektronske podpise. Njegov namen ni biti smernica za mala in srednje velika podjetja, aktivna pri razvoju izdelkov in storitev za elektronske podpise – te bi se morale za pripravo ponudbe zanašati na skupino standardov EN 319 x00 – temveč je smernica za mala in srednje velika podjetja, ki UPORABLJAJO izdelke in storitve za elektronske podpise.
Ta dokument nadgrajuje FprCEN/TR 419040, »Smernice za državljane«, z razlago koncepta in uporabe elektronskih podpisov, da bi dodatno pomagal malim in srednje velikim podjetjem razumeti pomembnost uporabe elektronskih podpisov v njihovih poslovnih postopkih. Mala in srednje velika podjetja usmerja v odkrivanje ravni elektronskih podpisov, ki je primerna za njihove potrebe, razširja delo na posebne scenarije primerov uporabe, pri čemer se zlasti posveča tehnologijam in rešitvam, ter obravnava druga tipična konkretna vprašanja, na katera morajo mala in srednje velika podjetja odgovoriti pred kakršnim koli odločanjem (kot je vprašanje priznavanja njihovega elektronskega podpisa s strani tretjih oseb, znotraj njihovega sektorja, države ali celo mednarodno).
Ko je sprejeta odločitev za uvedbo elektronskih podpisov v podporo njihovemu poslovanju, mala in srednje velika podjetja potem tipično sodelujejo z izbranimi ponudniki izdelkov ali storitev elektronskih podpisov, kar se lahko izvaja na osnovi standarda ETSI 19 100, »Poslovno voden postopek za izvedbo ustvarjanja in potrjevanja elektronskih podpisov v elektronskem poslovanju«, ki podjetjem pomaga izpolniti njihove poslovne zahteve.  Ta dokument malim in srednje velikim podjetjem predstavlja koncept in uporabo standardov, razvitih v racionaliziranem okviru, ki so pomembni za mala in srednje velika podjetja.

General Information

Status
Published
Publication Date
16-Jul-2018
Technical Committee
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
03-Jul-2018
Due Date
07-Sep-2018
Completion Date
17-Jul-2018

Buy Standard

Technical report
SIST-TP CEN/TR 419030:2018 - BARVE na PDF-str 17,20,30
English language
30 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TP CEN/TR 419030:2018
01-september-2018
Racionalizirana struktura za standardiziran elektronski podpis - Dobre prakse za
MSP

Rationalized structure for electronic signature standardization - Best practices for SMEs

Cadre pour la normalisation de la signature électronique - Meilleures pratiques pour les

PME
Ta slovenski standard je istoveten z: CEN/TR 419030:2018
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
SIST-TP CEN/TR 419030:2018 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TP CEN/TR 419030:2018
---------------------- Page: 2 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030
TECHNICAL REPORT
RAPPORT TECHNIQUE
May 2018
TECHNISCHER BERICHT
ICS 35.030
English Version
Rationalized structure for electronic signature
standardization - Best practices for SMEs
Cadre pour la normalisation de la signature
électronique - Meilleures pratiques pour les PME

This Technical Report was approved by CEN on 9 March 2018. It has been drawn up by the Technical Committee CEN/TC 224.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,

Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 419030:2018 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
Contents Page

European foreword ....................................................................................................................................................... 3

Introduction .................................................................................................................................................................... 4

1 Scope .................................................................................................................................................................... 5

2 Terms and definitions ................................................................................................................................... 5

3 Abbreviations ................................................................................................................................................... 7

4 Electronic seals as per EU Regulation 910/2014................................................................................. 9

5 SME’s perspective ......................................................................................................................................... 10

5.1 Reasons for signing or sealing ................................................................................................................. 10

5.1.1 General ............................................................................................................................................................. 10

5.1.2 Electronic signing as a way to confirm a legal commitment or because of a legal

requirement ................................................................................................................................................... 11

5.1.3 Electronic signing as a matter of diligence / risk management .................................................. 12

5.1.4 Electronic seals as a way to comply with an explicit legal requirement to apply a seal,

stamp or comparable formal requirement ......................................................................................... 13

5.1.5 Electronic seals as a way to ensure the integrity and authenticity of a document ............... 13

5.2 Who signs or seals? ...................................................................................................................................... 13

6 Solutions .......................................................................................................................................................... 14

6.1 General ............................................................................................................................................................. 14

6.2 Signature creation ....................................................................................................................................... 14

6.2.1 General ............................................................................................................................................................. 14

6.2.2 Remotely managed signature creation application and signature creation device ............ 16

6.2.3 Remotely managed signature creation device .................................................................................. 17

6.2.4 Remotely managed signature creation ................................................................................................ 17

6.2.5 Signature creation application and signature creation device in the hand of the

signatory .......................................................................................................................................................... 18

6.2.6 Responsibilities of parties ........................................................................................................................ 19

6.2.7 Level of security and assurance on the issued signatures ............................................................ 20

6.3 Signature validation .................................................................................................................................... 21

6.4 Signature preservation .............................................................................................................................. 21

7 I’m a TSP? ........................................................................................................................................................ 22

8 Use-cases ......................................................................................................................................................... 23

8.1 Use-cases where the SME is signing ....................................................................................................... 23

8.1.1 eInvoicing ........................................................................................................................................................ 23

8.1.2 eProcurement Directive ............................................................................................................................ 23

8.1.3 Accessing markets across the EU and the impact of the Services Directive ........................... 24

8.2 Use-cases where the SME and the SME’s customers / partners are co-signing or co-

sealing .............................................................................................................................................................. 25

9 Annex Digital signatures standardization .......................................................................................... 26

Bibliography ................................................................................................................................................................. 30

---------------------- Page: 4 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
European foreword

This document (CEN/TR 419030:2018) has been prepared by Technical Committee CEN/TC 224

“Personal identification and related personal devices with secure element, systems, operations and

privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

---------------------- Page: 5 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
Introduction

Today, it is possible to electronically sign data to achieve the same effects as when using a hand-written

signature. Such electronic signatures benefit from full legal recognition due to the EU Regulation N°

910/2014 of the European Parliament and of the Council on electronic identification and trust services

for electronic transactions in the internal market [1] (hereafter referred to as Regulation (EU) N°

910/2014) which addresses various services that can be used to support different types of electronic

transactions and electronic signatures in particular.

The use of secure electronic signatures should help the development of online businesses and services in

Europe. The European Commission standards initiative aims at answering immediate market needs by:

— securing online transactions and services in Europe in many sectors: e-business, e-administration, e-

banking, online games, e-services, online contract, etc.;
— contributing to a single digital market;

— creating the conditions for achieving the interoperability of electronic signatures at a European level.

Besides the legal framework, the technical framework at the present time is very mature. Citizens

routinely sign data electronically by using cryptographic mechanisms such as, e.g. when they use a credit

card or debit card to make a payment. Electronic signatures implemented by such cryptographic

mechanisms are called “digital signatures”. Appropriate technical methods for digital signature creation,

validation and preservation, as well as ancillary tools and services provided by trust service providers

(TSPs), are specified in a series of document developed along with the present document.

The present document is part of a rationalized framework of standards (see ETSI TR 119 000 [6])

realized under the Standardization Mandate 460 issued by the European Commission to CEN, CENELEC

and ETSI for updating the existing standardization deliverables.

Further support is provided to the emerging cross-border use of eSignatures through other legal and

policy instruments that affect electronic processes being used in the market today (e.g. eInvoicing

Directive [3], Public Procurement Directive [4] and Services Directive [5]).

In this framework, CEN is in charge of issuing Guidelines for electronic signatures implementation. These

guidelines are provided through two documents:

— CEN/TR 419030, “Rationalized structure for electronic signature standardization - Best practices for

SMEs”, aligned with standards developed under the Rationalised Framework as described by

ETSI SR 001 604, and

— CEN/TR 419040, “Rationalized structure for electronic signature standardization - Guidelines for

citizens”, explaining the concept and use of electronic signatures.
The present document builds on CEN/TR 419040.

These two documents differ slightly from the other documents in the Technical Framework since they go

beyond the technical concept of “digital signature” and deal also with the legal concepts of electronic

signatures and electronic seals.
---------------------- Page: 6 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
1 Scope

This Technical Report aims to be the entry point in relation to electronic signatures for any SME that is

considering to dematerialize paper-based workflow(s) and seeks a sound legal and technical basis in

order to integrate electronic signatures or electronic seals in this process. It is not intended to be a guide

for SMEs active in the development of electronic signatures products and services - they should rather

rely on the series ETSI EN 319 for building their offer - but it is a guide for SMEs CONSUMING e-Signature

products and services.

This document builds on CEN/TR 419040, “Guidelines for citizens”, explaining the concept and use of

electronic signatures, to further help SMEs to understand the relevance of using e-Signatures within their

business processes. It guides SMEs in discovering the level of electronic Signatures which is appropriate

for their needs, extends the work to specific use-case scenarios, paying special attention to technologies

and solutions, and addresses other typical concrete questions that SMEs need to answer before any

making any decisions (such as the question of recognition of their e-Signature by third parties, within

their sector, country or even internationally).

Once the decision is taken to deploy electronic signatures or electronic seals in support of their business,

SMEs will then typically collaborate with their chosen providers of e electronic signatures or electronic

seals products or services, which can be done on the basis of ETSI TR 119 100 “Guidance on the use of

standards for signature creation and validation”, that helps enterprises fulfil their business requirements.

The present document presents the concepts and use of the standards relevant for SMEs developed under

the Rationalised Framework to SMEs.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
2.1
advanced electronic signature

electronic signature which meets the requirements set out in Article 26 of Regulation (EU)

N° 910/2014 [1]

Note 1 to entry: Article 26: An advanced electronic signature shall meet the following requirements:

(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;

(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use

under his sole control; and

(d) it is linked to the data signed therewith in such a way that any subsequent change in the data are detectable.

[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (11)]
2.2
electronic signature (from the regulation)

data in electronic form which is attached to or logically associated with other data in electronic form and

which is used by the signatory to sign
---------------------- Page: 7 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (10)]
2.3
digital signature

data appended to, or a cryptographic transformation (see cryptography) of a data unit that allows a

recipient of the data unit to prove the source and integrity of the data unit and protect against forgery,

e.g. by the recipient
[SOURCE: ISO/IEC 7498 / ITU-T/Recommendation X.800 [i.x]]
2.4
trust service provider

natural or legal person who provides one or more trust services either as a qualified or as a non-qualified

trust service provider
[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (19)]
2.5
trust service
electronic service normally provided for remuneration which consists of:

(a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time

stamps, electronic registered delivery services and certificates related to those services, or

(b) the creation, verification and validation of certificates for website authentication; or

(c) the preservation of electronic signatures, seals or certificates related to those services

[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (16)]
2.6
qualified trust service

trust service that meets the applicable requirements laid down in this Regulation

[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (17)]
2.7
qualified trust service provider

trust service provider who provides one or more qualified trust services and is granted the qualified

status by the supervisory body
[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (20)]
2.8
signature creation device
configured software or hardware used to create an electronic signature
[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (22)]
2.9
qualified electronic signature

advanced electronic signature that is created by a qualified electronic signature creation device, and

which is based on a qualified certificate for electronic signatures
[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (12)]
---------------------- Page: 8 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
2.10
certificate for electronic signature

electronic attestation which links electronic signature validation data to a natural person and confirms

at least the name or the pseudonym of that person
[SOURCE: Regulation (EU) N° 910/2014 [1], Article 3 (14)]
2.11
signatory
natural person who creates an electronic signature
[SOURCE: Regulation (EU) N° 910/2014 [1] Article 3 (9)]
2.12
certificate

public key of a user, together with some other information, rendered un-forgeable by encipherment with

the private key of the certification authority which issued it

Note 1 to entry: The term certificate is used for public key certificate within the present document.

[SOURCE: ISO/IEC 9594-8 / ITU-T Recommendation X.509]
2.13
entity authentication

means the corroboration of the claimed identity of an entity and a set of its observed attributes

[SOURCE: Modinis Study on Identity Management in eGovernment – Common terminological framework

for interoperable electronic identity management, v2.01, November 23, 2005.]
2.14
data authentication
means the corroboration that the origin and the integrity of data are as claimed

[SOURCE: Modinis Study on Identity Management in eGovernment – Common terminological framework

for interoperable electronic identity management, v2.01, November 23, 2005.]
2.15
data authentication data

means data in electronic form which are attached to or logically associated with other electronic data and

which corroborates the identity of the entity at the origin of the associated data and the integrity of the

associated data

[SOURCE: Feasibility study on an electronic identification, authentication and signature policy

(IAS) carried out for the European Commission by DLA Piper, SEALED, time.lex, Price Waterhouse

Coopers and Studio Genghini & Associati, 2013]
3 Abbreviations
For the purposes of this document, the following abbreviations apply.
AdESig/AdESeal QC An AdESig/AdESeal supported by a QC
---------------------- Page: 9 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
AdESig/AdESeal advanced electronic signature / seal as defined in the Regulation
(EU) N° 910/2014 [1]
CA Certification Authority
CAdES CMS Advanced Electronic Signatures
CMS Cryptographic Message Syntax
CRL Certificate Revocation List
CSP Certification Service Provider
DA Driving Application
DTBS Data To Be Signed
EU European Union
HSM Hardware Security Module
ISO International Organization for Standardization
LoA Level of Assurance
LT Long Term
LTA Long Term Archive Validation Data
OCSP Online Certificate Status Protocol
OID Object IDentifier
PAdES PDF Advanced Electronic Signatures
PDF Portable Document Format
PIN Personal Identification Number
PK Public Key
PKI Public Key Infrastructure
QC Qualified Certificate
QES qualified electronic signature or seal
QSCD Qualified Signature Creation Device
---------------------- Page: 10 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)
QTSP Qualified Trust Service(s) Provider
RA Registration Authority
SCA Signature Creation Application
SCD Signature Creation data
SCDev Signature Creation Device
SME Small and medium size enterprise
SVA Signature Validation Application
TSA Time-Stamping Authority
TSP Trust Service(s) Provider
VAT Value Added Tax
XAdES XML Advanced Electronic Signatures
4 Electronic seals as per Regulation (EU) N° 910/2014

The concepts relating to electronic signature and its legal validity are presented in CEN/TR 419040,

“Guidelines for citizens”. In addition, in the framework of SMEs it is important to introduce a companion

concept, the electronic seal, which is defined by the Regulation as “data in electronic form, which is

attached to or logically associated with other data in electronic form to ensure the latter’s origin and

integrity”.

The electronic seal can be seen as the equivalent to a stamp on a paper document, i.e. attributed to a legal

entity (such as a company or public administration) but not necessarily to an identified natural person

(i.e. it is not necessarily possible to identify a specific person who applied the seal).

There are two major differences between an electronic seal and an electronic signature:

— the nature of the creator, which must be a legal person for an electronic seal and a natural person for

an electronic signature; and

— the intended legal effect, which is the presumption of integrity of the data and of correctness of the

origin of that data to which the seal is linked for the seal, and the equivalence to a handwritten

signature for the electronic signature.

It shall also be noted that no pseudonym is allowed for an electronic seal certificate, while pseudonyms

are allowed for electronic signature certificates.
However, the two concepts are similar conceptually and also technically:

— the definitions of advanced electronic seal and advanced electronic signature (AdESig/AdESealig and

AdESig/AdESealeal) are quasi identical. A small difference is the requirement on the control of the

electronic signature creation data that must be under the sole control of the signatory for the seal

and under control of the creator of the seal for the seal. This is to reflect the fact that a seal belongs

---------------------- Page: 11 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)

to a legal person and contrarily to a natural person, the legal person can frequently be represented /

controlled by more than one person.
— the definitions of validation and validation data are the same.

— the QSCD, qualified electronic seal creation device, is required to meet mutatis mutandis the Annex II

requirements for qualified electronic signature creation device.

Technically speaking, the same technology will support equally (advanced) electronic seals and

(advanced) electronic signatures. In particular, PKI such as presented in CEN/TR 419040, is well suited

for AdESig/AdESeal.

For SMEs, electronic seals can be particularly important. Signatures are used by natural persons with the

intent to sign, i.e. they are conceptually closely linked to the concept of hand written signatures. It is

nevertheless still possible to issue a signature that contains also the name of the organization the

signatory is associated with or the signatory’s quality or function in the organization. This would

be similar to the current practice of applying a hand written signature on a paper document and

mentioning the signatory’s name and title within a company: the signature in this case affirms the

involvement of the specific natural person, but also emphasizes their role within the company.

NOTE The Regulation Recital 58 states “When a transaction requires a qualified electronic seal from a legal

person, a qualified electronic signature from the authorised representative of the legal person should be equally

acceptable”. It means that, according to national legislation and / or for backward compliance or any other reasons,

it is still possible for a natural person who is entitled to represent a legal person (such as a CEO) to sign a data rather

than sealing it, provided there is an entitled natural person to do so.

Electronic seals on the other hand are defined in the Regulation as ‘data in electronic form, which is

attached to or logically associated with other data in electronic form to ensure the latter’s origin and

integrity’. In other words, they do not contain an intent to sign, but only an intent to ensure the origin

and integrity. Seals emanate from legal entities, not natural persons. This makes them very useful for

administrative processes where the responsible organization is relevant, but not necessarily the identity

of the person (e.g. employee) involved (if there is any human intervention to begin with). It is

nevertheless still possible to issue a seal that contains the name of the person that has affixed it

on behalf of the organization, for information. This would be similar to the current practice of

applying a stamp that identifies an organization and the person in charge of that organization (e.g. ‘John

Johnson - Secretary of company X’): the stamp in this case affirms the legal person from which the

document emanates, but also stresses the involvement of the specific natural person who is in control of

the issuance of such documents.

Finally, like for electronic signatures, the regulation distinguished between basic, advanced and

qualified electronic seals. Here too, the distinction is intended to reflect the trustworthiness, level of

assurance and legal reliability of the solution being used.
5 SME’s perspective
5.1 Reasons for signing or sealing
5.1.1 General

The first most important step for a SME that intends to use electronic seals or signatures is to assess the

business cases for signatures or seals, i.e. determining which documents will be sealed or signed (or even

both), and why. There are different reasons that an SME might have for signing or sealing, which will

impact their choice of technology. The paragraphs hereunder present a broad overview of potential

reasons and the implications.
---------------------- Page: 12 ----------------------
SIST-TP CEN/TR 419030:2018
CEN/TR 419030:2018 (E)

5.1.2 Electronic signing as a way to confirm a legal commitment or because of a legal

requirement

Electronic signing can be used as a way to confirm a legal commitment, such as a contract, or because

there is an explicit legal requirement to sign a document. This includes forms/complaint forms sent to

the SME by a customer, or also documents which the law requires to be signed by an employee or a SME’s

formal representative (see also Clause 8 illustrating the eInvoicing, eProcurement and services Directives

related use-cases).

One of the most recognizable business cases of electronic signatures is to confirm the acceptance of a

legally binding commitment. As the examples below will demonstrate, confirming a legal commitment is

far from the only situation in which a document is signed, but it is a frequently encountered business case.

For most types of legal commitments, depending on national laws, a signature (electronic or otherwise)

may not be a legal requirement for the validity of the legal commitment, but usually it is a legal or practical

prerequisite to be able to prove the existence and nature of the commitment. From a practical

perspective, this implies that signatures are virtually mandatory to express legal commitments, as

informal commitments (e.g. verbally agreed between two parties or written down without any form of

signature) may be legally valid, but would face significant challenges in terms of enforceability and

accountability.

Examples include the signing of contracts, orders, and similar acts in which a natural person expresses a

legal commitment, either on behalf of themselves or on behalf of a third party (another natural person, a

legal entity or an organization) to be bound by the obligations in the signed document.

As a general principle, and subject to national laws which can impose specific requirements for specific

document types, basic electronic signatures, advanced electronic signatures and qualified electronic

signatures are all permissible. Seals however are not typically appropriate for this business case: it must

be possible to identify the natural person who created the electronic signature, which a seal doesn’t

necessarily do. If the person creating the signature cannot be identified, the result will not qualify as a

signature, and evidentiary challenges may arise since the competence of person to represent the SME

cannot be verified.

If the legal context (e.g. national law) requires an equivalence to handwritten signature, only the QES will

be certain to achieve this objective. In the absence of any other legal framework than the Regulation (EU)

N° 910/2014, the most comfortable situation is therefore to require signatures at the qualified level.

Nothing prevents the use of other AdESig/AdESeal that benefit from a non-deniable legal value, but the

qualified signature benefits from the automatic recognition and are considered as equivalent to hand-

written signature across the entire EU; this is an assurance that no other type of electronic signature can

provide, which may be important for an SME.

Basic signatures – like non-qualified AdESig/AdESeal can benefit from a non-discrimination rule. This

means that no judge in the EU can reject them automatically as being invalid simply because they are

electronic. However, their dependability is still lower than that of a QES because the signatory may be

required to prove the security of the technology being used if the validity of the signature is disputed

before a court. This requires significant costs and efforts that could be avoided with rel

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.