Zoho Sign's take on
e-signature legality
in the European Union

Everything you need to know about
e-signature compliance in the EU.

Sign Up for free Request Demo

A quick glance at electronic signatures

Sending electronic documents online has become a common practice, and these documents often require signatures. Electronic signatures, also called e-signatures, provide an efficient way to sign documents online, reducing paperwork and enabling more streamlined transactions.
E-signatures also help protect documents with enhanced security and authentication techniques. As a result, e-signatures have gained popularity worldwide, helping businesses meet their objectives efficiently.

Impact of e-signatures on businesses in the EU

The European Union's vision of going digital has been facilitated by the use of e-signatures. Zoho Sign offers streamlined management and authentication of documents while ensuring compliance with relevant laws and regulations within the region.

Zoho Sign can help EU businesses achieve optimal performance by ticking crucial boxes, such as:

  • Speed
  • Productivity
  • Authentication
  • Security
  • Remote access
  • Improved user experience
  • Cost-effectiveness

Common fields that benefit from e-signatures

The eIDAS regulation

eIDAS, short for electronic Identification, Authentication and Trust Services, came into existence on July 1st, 2016, successor to the outdated eSignature directive of 1999/93/EC. Established under EU regulation 910/2014 and adopted by all EU member states, the eIDAS regulation comprises a fresh set of regulations to administer electronic transactions and trust services in the European Union. The objective of eIDAS is to create a uniform and secure environment for e-signatures and other means of electronic identification.

Prime objectives of eIDAS

  • Cross-border recognition: Facilitates electronic transactions, eliminating barriers and promoting interoperability across the EU.
  • Improved security: Mitigates fraud, unauthorised access, and identity theft with improved security and authentication techniques.
  • Enhanced reliability: Enforces strict electronic transaction policies, which aids businesses, individuals, and public authorities involved in electronic transactions guarantee authenticity and reliability.

Why is eIDAS compliance important?

For public and private sectors operating within the European Union, ensuring compliance with the eIDAS regulation is crucial to carry out secure cross-border transactions with other EU member states. This verifies that the e-signatures are admissible in courts of law in the EU. Zoho Sign can be your trusted platform for meeting the legal standards set forth by the eIDAS.

Trust services in the EU

  • A QTSP is essentially involved in the process of creation, verification, and validation of e-signatures, electronic timestamps, electronic seals, and other electronic registered delivery services.
  • A QTSP also ensures the preservation of electronic signatures and seals.

eIDAS follows a rigorous authentication and audit system to ensure that QTSPs adhere to strict security requirements and lay the foundation for enhanced security. Zoho Sign offers integration with the following QTSPs and other aggregate service providers, and guarantees the highest legal validity across EU:

InfoCert for businesses in the EU Uanataca for businesses in the EU Swisscom for businesses in the EU eID Easy for businesses in the EU

Electronic signatures as defined by eIDAS

The eIDAS regulation classifies Electronic Signatures into three levels: Simple Electronic Signatures, Advanced Electronic Signatures, and Qualified Electronic Signatures. These levels depend on how the signatures are used and who issues or certifies them.

Legal recognition of an E-Signature

  • An Electronic Signature shall not be denied legal admissibility solely for its electronic form or because it does not satisfy the requirements for a Qualified Electronic Signature.
  • A QES shall have the same legal effect as a handwritten or "wet" signature.
  • A QES in one EU member state is recognised as a QES in all other EU member states as well.

Simple Electronic Signature (SES)

The eIDAS defines an Electronic Signature as, “any data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” In other words, it is a signature in electronic form that acts as proof of the signer's consent. This could be an image of the signature, a checked “I accept” box on a website, or a signature signed using trusted digital signature platforms like Zoho Sign.

Advanced Electronic Signature (AES)

An Advanced Electronic Signature is a type of Electronic Signature that has certain conditions to satisfy in order to provide an additional layer of security and ensure tamper-proof documents. To be certified as an Advanced Electronic Signature, it must be:

  • Uniquely linked to the signatory
  • Able to identify the signatory
  • Created in a manner or using a means solely under the control of the signatory
  • Linked to the signed data such that that if the record were changed, the signature would become invalidated

Qualified Electronic Signature (QES)

The most sophisticated signature that enjoys the same legal standing as a physical signature. There are additional requirements to fulfil to be considered a Qualified Electronic Signature:

  • Must be created using a qualified signature creation device (QSCD) that satisfies the requirements specified in Annex II and be certified by a public or private body chosen by the member states for its conformity with the requirements under Annex II.
  • Must have an electronic attestation that confirms the name or pseudonym of a person by linking the electronic signature validation data.
  • Must be created using a qualified signature creation device (QSCD) that satisfies the requirements specified in Annex II and be certified by a public or private body chosen by the member states for its conformity with the requirements under Annex II.
  • Must be backed by a qualified certificate issued by a qualified trust service provider that has been audited and granted a qualified status by the national competent authority, as specified in the EU's Trusted List.
  • Signature validation data must correlate to the data provided to the relying party.
  • Accurate mapping of data representing the signatory to the relying party.
  • The integrity of the signed document must not have been compromised.
  • Must meet the requirements of an Advanced Electronic Signature.

Zoho Sign offers electronic signatures across different levels depending on the configurations and integrated services enabled by administrators of the organisations employing the app to digitally sign their documents.

Electronic Seals

An Electronic Seal, or eSeal, authenticates the identity of the entity, validates the origin of the document, and maintains its integrity. Zoho Sign provides digital seals that serve as alternatives to corporate stamps.

eIDAS specifies two types of seals: advanced and qualified. Similar to e-signatures, they are required to meet eIDAS requirements to be legally admissible in court. However, they differ from e-signatures in the following ways:

  • Can be affixed both manually and automatically.
  • A Qualified Electronic Seal is created using a Qualified Electronic Seal Creation Device (QSCD) that meets the requirements specified in Annex II.
  • A qualified certificate for an Electronic Seal is issued by a QTSP that meets the requirements specified in Annex III.

Electronic Time Stamp

An Electronic Time Stamp, in essence, is data in electronic form that binds a specific date and time to an electronic data, providing proof that the electronic data existed at the said time.

Legal recognition of an Electronic Time Stamp

  • An Electronic Time Stamp should not be denied legal effect and admissibility as an evidence solely because it is in its electronic form and it does not meet the standards of a Qualified Electronic Time Stamp.
  • A Qualified Electronic Time Stamp is presumed to be precise in terms of the date and the time it displays, as well as the integrity of the data associated with the specified date and time.
  • Qualified Electronic Time Stamp in one member state is recognised as a qualified electronic time stamp in all other member states as well.

Requirements of a Qualified Electronic Time Stamp

  • It must bind the date and time to the electronic data in a manner that any alterations to the data would be easily detectable.
  • The time source should be in sync with the Coordinated Universal Time (UTC).
  • It must either be signed using an AES or sealed with an Advanced Electronic Seal. Both of these services should have been provided by a qualified trust service provider.

Navigate compliance using Zoho Sign

For businesses operating in the European Union, ensuring compliance with eIDAS is paramount. Zoho Sign meets the regulations’ requirements by incorporating features that enhance security and privacy, some of which are listed below.

  • Qualified Electronic Signatures (QES):

    The highest level of e-signature recognised by eIDAS, which provides the highest legal backing by ensuring document integrity and non-repudiation.

  • Authentication methods:

    Zoho Sign offers various authentication methods such as email authentication, SMS authentication, dynamic knowledge-based authentication, identity verification via third-party trust service providers, and more importantly, EU eID verification.

  • Audit trails:

    Robust audit trails record all activities related to digital signing and keep track of all changes and work processes.

  • Encryption and security measures:

    Zoho Sign implements a strong encryption protocol, the military-grade AES-256 algorithm at rest and the TLS/SSL standards in transit, to protect documents and data from a data breach.

  • Legal validity:

    Zoho Sign ensures the legal validity of electronic signatures under eIDAS and other relevant regulations in the EU by offering different levels of e-signature standards, tamper-evident seals, and digital signature certificates issued by qualified trust service providers.

  • Document time stamping:

    Zoho Sign effectively offers document timestamping or Qualified Electronic Seals through its partnership with Uanataca, a QTSP recognised in the EU. This helps validate the authenticity of a digital signature and aids in verifying that the signed document existed in the given form at the time of signing and remains unaltered.

    Uanataca for businesses in the EU

Conclusion

As technology continues to evolve, eIDAS serves as a cornerstone for fostering trust and confidence in the digital domain. Countries across the European Union have taken the plunge and adopted digital signatures, opening the door for a more expertly-driven business environment. Zoho Sign can help users meet the requirements of the eIDAS regulation while offering a seamless signing experience and admissibility of digitally signed documents in multiple jurisdictions across the EU.

Resources

Disclaimer

The information provided in this document is for general informational purposes only and shall not be construed as legal, regulatory, or any other form of professional advice. Zoho Sign disclaims any liability for any error in the information provided herein. We recommend that you consult your legal counsel for any questions that you may have in this regard.