What Is eIDAS? Definition & Best Practices for E-Signature Compliance

Helpful Summary

  • Overview: We give you an in-depth overview of eIDAS—the EU’s electronic identification and trust services regulation.
  • Why trust us: We offer e-signature services that are fully compliant with eIDAS, along with many other standards worldwide.
  • Why this is important: Non-compliance can put your contracts and legal documents at risk of being deemed invalid.
  • Action points: Understand the requirements, decide what kind(s) of e-signatures you need, and find a tool that’s compliant.
  • Further research: Check out the SignWell blog for more resources on e-signatures and compliance.

Wondering About eIDAS and How to Comply?

If you do business electronically in the EU or with an EU person or entity, eIDAS is a regulation you need to be thinking about. At the very least, you need to make sure that the tools and methods you’re using for e-signatures are compliant with this regulation.

Otherwise, you risk facing legal consequences and jeopardizing your contacts.

But don’t worry—in this Signwell guide, we’re breaking down everything you need to know about eIDAS compliance and how to ensure your e-signatures are valid.

But first…

Why Listen To Us? 

At SignWell, we offer an e-signature solution that’s fully compliant with eIDAS, UETA, ESIGN, HIPAA, SOC 2 Type 2, and more. The point? We’re serious about compliance, and we’re well-versed in the regulations and requirements for e-signatures.

What Is eIDAS?

Regulation (EU) No 910/2014 (or eIDAS) is an important e-signature law in the EU.

It replaced the weaker eSignature Directive (1999/93/EC), which was a suggestion for EU countries rather than a binding law. The eIDAS Regulation is not just for EU citizens—any company conducting business with the EU must also comply.

eIDAS was ratified on the 1st of July 2016, and from that moment on, it has been the over-arching legal framework for “electronic identification and trust services” for all EU member states. What are electronic identification and trust services?

Here are some quick definitions:

  • Electronic Identification (eID): These are electronic methods used to confirm the identity of individuals or legal entities. This can include digital signatures, biometric data, or other secure electronic methods.
  • Electronic Trust Services (eTS): These are electronic services used to establish trust between parties in online transactions. They can include e-signatures, e-seals, time stamping, and other authentication methods.

Overall, it’s one of the world’s most comprehensive regulations for digital identification and trust services.

What Is eIDAS Trying to Do?

eIDAS was passed to achieve three key aims:

Facilitating Cross-Border Transactions

eIDAS aims to remove barriers to cross-border electronic transactions by ensuring that electronic identification, signatures, seals, and timestamps are recognized and accepted across all EU member states.

Enhance Trust and Security

By establishing uniform standards for electronic trust services, eIDAS enhances trust and confidence in electronic transactions. It provides a legal framework to ensure the integrity and authenticity of electronic documents and communications.

Promote Innovation and Digital Transformation

eIDAS fosters innovation by providing a predictable and consistent legal environment for electronic transactions. It encourages trust and adoption of secure electronic identification and trust services, driving digital transformation across various sectors.

Who Does eIDAS Apply to?

eIDAS applies to any transaction that involves electronic communication between businesses, citizens, or public authorities within the European Union. It also applies to transactions between individuals and public authorities in EU member states.

So, if you are located in or do business with someone located in the following countries, eIDAS applies to your transitions:

  • Austria
  • Belgium
  • Bulgaria
  • Croatia
  • Cyprus
  • Czech Republic
  • Denmark
  • Estonia
  • Finland
  • France
  • Germany
  • Greece
  • Hungary
  • Ireland
  • Italy
  • Latvia
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden

How Does eIDAS Define E-Signatures?

eIDAS covers a lot of ground, but e-signatures are definitely a focus. The regulation makes it clear that all forms of electronic signatures are admissible and legally binding. That means EU courts can’t dismiss them as evidence simply because they’re electronic.

However, not all e-signatures hold equal weight in the EU. eIDAS defines three types of electronic signatures, each with varying degrees of legal validity:

Simple Electronic Signatures (SES)

Simple Electronic Signatures (SES) are the most common type of electronic signature. They’re defined as “any data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

What does this actually mean?

In practice, it means that just about any action a person takes to indicate their intent to sign a document can be considered an SES. This could include clicking an “I Accept” button, typing their name, or using an e-signature tool like SignWell.

SignWell

SES is by far the most convenient type of e-signature. You can use a tool like SignWell to set up documents for e-signing in just a few clicks, and they’re legally binding in the EU in almost all circumstances, including:

  • Concluding or amending a contract
  • Accepting an offer
  • Giving consent or approval
  • Requesting information

But, there are certain circumstances where you need more security measures in place.

Advanced Electronic Signatures (AES)

Advanced Electonic Signatures (AES) are e-signatures with additional security requirements. eIDAS lists a few criteria that need to be met for an AES, including:

  • It is uniquely linked to the signatory.
  • It is capable of identifying the signatory.
  • It is created using data under the full control of the signatory.
  • It is signed in such a way that any subsequent change in the data is detectable.

Simply put, AES is a more secure type of e-signature that requires more verification to ensure the signer’s identity. This can include biometric identifiers, digital certificates, and multi-factor authentication.

Want to learn more? We have a whole article explaining Advanced Electronic Signatures (and when to use them).

Qualified Electronic Signatures (QES)

Qualified Electronic Signatures (QES) are the highest level of e-signature in the EU. They are beyond the realm of what most people or businesses need, and are typically reserved for highly regulated industries like finance or healthcare.

How do they work?

To sign using a QES, you need to go through a pretty rigorous ID verification process (like getting a passport) with a qualified trust service provider (QTSP). They’ll then issue a digital certificate, which is stored on a device that you own.

Then, whenever you need to sign a document, the digital certificate creates a unique digital signature that only you can produce. Anyone who needs to verify the signature can use the certificate to authenticate it.

How to Comply with eIDAS When E-Signing

1. Understand What Kind of E-Signature You Need

The types of e-signatures we covered above are all legally binding in the EU. 

But they aren’t equally legally binding. An SES is perfect for most situations, but there are also situations where it’s not enough. For example, an SES likely won’t cut it if you’re dealing with patient medical records in the EU.

On the flip side, while AES and QES will always hold more legal weight than SES, they aren’t always necessary. For example, if you’re just e-signing a non-disclosure agreement with a colleague in the same company, an AES or QES would be needlessly slow and expensive. 

So, carefully research what kind of e-signature you need to comply with eIDAS.

2. Find a Secure, Compliant E-Signature Tool

Next, find a secure, compliant e-signature tool that supports the kind of e-signatures you’ll need to be collecting.

For example, SignWell is a fast, affordable Simple Electronic Signature (SES) tool that’s fully compliant with eIDAS. You can use SignWell to collect legally binding signatures on all kinds of agreements, contracts, and documents.

Plus, we offer a bunch of features that make our SES especially legally binding, like:

  • Audit Trails: Receive detailed records of all actions taken during the signature process, including when documents were opened, signed, and finalized. We also track signer details like names, emails, and IPs, so you have a complete record of who signed what and when.
  • Rest and Transit Encryption: All documents are encrypted on our secure servers. That means only authorized parties can access them, keeping your sensitive information safe.
  • Tamper-Proof Documents: Once a document has been sent for signing, it can’t be edited. That keeps you safe from any changes being made without your knowledge or consent.

3. Keep Careful Records

With any kind of regulation, it isn’t always enough to simply comply with the requirements. You may also need to be able to prove that you followed the correct procedures. 

That’s why record-keeping is so important to maintaining compliance. Keep records of every electronic signature you gather in an organized folder with labels or naming conventions that will help you find it if needed.

SignWell makes this easy through our e-signature dashboard. We give you search tools to quickly find agreements and documents using:

  • Dates
  • Status
  • Document Name
  • Signatory Name
  • Email
  • Label
  • Team
  • Source

Conclusion

In summary, eIDAS is a comprehensive set of rules, regulations, and definitions that govern e-signing (and a range of other e-activities) in the EU. 

As a business owner or individual conducting electronic transactions within the EU, you need to understand and comply with eIDAS to ensure legal compliance and protection against fraud, disputes, and other potential issues.

Looking for an affordable, secure way to collect e-signatures? SignWell makes e-signing quick and easy with full eIDAS compliance and a robust set of features. 

Get started for free today.