eIDAS Regulation

Making e-business easier and more trustworthy across Europe

Overview

The eIDAS Regulation aims to make e-business easier and more trustworthy across Europe. It provides rules for legal certainty and technical interoperability for eIDs and eSignatures and the Trust Service Providers (TSPs) that offer these services.

  1. It defines three signatures levels: basic, advanced and qualified eSignatures
  2. It recognises that both natural persons and legal entities can sign documents (eSignatures and eSeals)
  3. It sets the rules for Trust Service Providers (TSPs)

SigningHub meets both the eIDAS Regulation and the ETSI/CEN standards for creating and verifying eSignatures and eSeals, as well as for certificate issuance, validation and timestamping.

Advanced Electronic Signatures (AES)

SigningHub closely adheres to the eIDAS requirements for Advanced Electronic Signatures (AES):

  • Users are provided with individual digital signature keys OR can alternatively use unique keys sourced from a third party provider.
  • User signing keys can be held in a cloud Hardware Security Module (HSM) or locally by the user on a secure smartcard, USB token or smartphone.
  • SigningHub creates long-term advanced signatures which contain all the embedded evidence to prove who signed, why they signed, when they signed and what they signed.

SigningHub meets the eIDAS AES requirements:

  1. It is uniquely linked to the signer
  2. It is capable of identifying the signer
  3. It is created using electronic signature creation data that the signer can, with a high level of confidence, use under his or her sole control
  4. It is linked to the signed data in such a way that any subsequent change in the data is detectable

 

Qualified Electronic Signatures (QES)

A QES is a secure form of signature which provides the highest level of assurance and non-repudiation – it in fact reverses the burden of proof in case of disputes, i.e. with a QES the signer has to prove that they did not create the signature! Technically QES are the same as AES but required the use of a qualified signature creation device and a qualified digital certificate issued by a trusted Qualified Certificate Authority (CA). SigningHub meets the eIDAS QES requirements.

SigningHub remote qualified signature capability provides the best user experience since there is no need for users to handle smartcards/tokens and can sign from anywhere on any device – all with high degree of security and legal acceptance across Europe.  Remote qualified signatures are considerably more cost-effective as there is no need to provide secure smartcards/tokens to users. However, where a user already holds an eID card with a signing key and qualified certificate these can be easily used with SigningHub’s local signing capability.

Advanced & Qualified eSeals (Bulk Signing)

An eSeal is a digital signature created by a legal entity. eIDAS compliant eSeals have the same properties as eSignatures and are possible at both advanced or qualified levels. The main difference is that eSeals can be created automatically using a corporate key i.e. without human intervention. This is beneficial when signing huge number of documents, e.g. millions of e-invoices, e-statements or e-bills on a daily basis.

eIDAS Qualified Trust Service Provider (TSP)

SigningHub meets all technical requirements of eIDAS for advanced and qualified eSignatures and eSeals. To operate as an eIDAS compliant qualified TSP however requires more than just technology, but also physical, procedural and personnel security countermeasures, as well as a secure enrolment process to verify the identity of users and issue qualified certificates.

Ascertia works through its network of Qualified TSP partners in a number of European countries to offer SigningHub as a qualified signature creation and verification service. Our Qualified TSPs partners are responsible for vetting the identity of users, issuing qualified certificates and also operating SigningHub in their secure facilities. This ensures highest levels of physical, procedure and personnel security and adherence to eIDAS requirements for TSPs, particularly:

EN 319 401 – General policy requirements for Trust Service Providers

EN 319 411 – Policy and security requirements for Trust Service Providers issuing Qualified Certificates

EN 319 421 – Policy and security requirements for Trust Service Providers issuing time-stamps
Download E-Book

Share this page: