In this follow-up blog we’ll be reviewing the latest webinar, co-hosted by ZealiD, DocuSign and Cederquist on Qualified Electronic Signatures (QeS) and QeS role in remote signing.
Here are the key takeaways on qualified electronic signatures in Europe.
When enforcing any signed agreement, it is necessary to present evidence of the signature and of the will expressed. This means that when it is challenged, a contractual party should be able to prove both who the natural person is (signature) and that the natural person has agreed to what is in the agreement (tying the signature to the actual document viewed and signed).
eSignatures constitute a much better method of performing this job than wet-ink signature. When we sign with wet-ink, we typically see a signature and a date. In comparison, an advanced and qualified signature can display a custom signature, time stamp, email address, IP address for all devices with access, tamper-proofing and more. This information is readily available for use as evidence. It constitutes a Digital Audit Trail available for both senders and signers in the form of a pdf with DocuSign.
Thanks to eIDAS legislation and detailed ETSI standards, the contracting parties in the EU can today enjoy the qualified signature. It creates the strongest possible link to the signer and link between what is signed and the signature. It also benefits from a central validation function (EU Trusted List).
Historically, qualified signing meant that a signer had to go through a rigorous process of in-person identity checks and then use a combination of smart cards and hardware. This was time consuming, tedious and costly for all parties involved. As a result, qualified electronic signatures have typically been the least adopted digital signature across Europe despite offering the highest signing assurance.
Today, ZealiD has made the proliferation of qualified certificates and signatures far easier by enabling natural persons to obtain it with their smartphones in less than 10 minutes and entirely free. This removes the lengthy processes from the user-experience, making qualified digital signatures far more accessible than in previous years.
There are two major reasons why a qualified signature is required:
Digital signature use cases vary across European countries due to differences in both culture and legislation but they are on the rise with Docusign quoting as much as 30% of eSignatures in Germany being qualified.
Both drivers suggest that regulated industries such as finance, insurance, real estate, healthcare and pharma will have increasing legal requirements and need to adopt the qualified signatures quickly. All organizations may want to adopt them for risk reasons.
There are three different types of electronic signatures; simple, advanced and qualified. All three types are legally considered a signature. However, only a qualified signature is deemed to have the same legal effect as a wet-ink signature - something that is law in all member states.
According to leading Swedish law firm Cederquist, both simple and advanced signatures suffer from a grey area of unknown. The parties involved in the signing must make a discretionary assessment of what the actual reliability of the signature is (let alone how it will be validated).
On the other hand, a qualified electronic signature uses third party validation; there is a certificate, a license and the EU Trusted List - all of which help verify the validity of the signature. This also means that the burden of proof lies with the challenging party to disprove a qualified electronic signature, whereas the burden of proof for a simple and advanced electronic signature lies with the signer.
This stems not from eIDAS but from authorities in the field such as ENISA stating that “the person that owns the private key matching the public key (i.e. the signatory) cannot deny to be at the origin of such signature; this non-repudiation feature is the foundation of any signature (electronic or paper-based).
The policies and requirements governing qualified trust services is daunting. In many ways this has prevented user friendly applications. The only real remote method in the past years has been video conferencing. Suffering typically from less than 50% conversion, a price tag of >€20 per signature, and no means of recurring signatures (so one video conference per signature) it is doomed.
Instead, the future solutions lie in computing and innovation. Firstly, video conferencing is often the method used to verify liveness and identity of an individual - this process may take 20-30 minutes. Verification of an ID card or document is often incredibly difficult to successfully complete remotely; signature providers often struggle to verify ID documentation remotely to the high legal requirements that are designed to prevent fraud.
And finally, a qualified signature creation device is required to deploy the signature and act as a key. This can only be done with special hardware and software which constitute major barriers to entry (of course with good reason).
The future of a qualified electronic signature is within a more user-friendly, time efficient, accessible and cost effective solution. ZealiD offers a solution that is tailored to solve these problems and introduce a more streamlined, but equally compliant, qualified electronic signing experience.