EU: eIDAS Regulation for Electronic Signatures ✅

Portant's Compliance with the EU eIDAS Regulation for Electronic Signatures

Is Portant compliant: Yes ✅

In the European Union, electronic signatures and transactions are governed by the eIDAS Regulation (Electronic Identification, Authentication and Trust Services), which provides a legal framework for secure electronic transactions across EU member states. The regulation establishes the legal validity of electronic signatures and categorizes them into different levels of assurance. This article explains when and where the eIDAS Regulation applies and details Portant’s compliance features, ensuring that our eSignature solution meets the required standards for secure electronic transactions within the EU.


Overview of the eIDAS Regulation

The eIDAS Regulation (EU Regulation No. 910/2014) provides a framework for secure electronic identification and trust services across all EU member states. It establishes legal standards for electronic signatures, electronic seals, and other trust services to promote seamless electronic transactions within the EU.

  • Location: Applies to all European Union member states.

  • Purpose: To ensure the legal recognition of electronic signatures and trust services across the EU, making them legally equivalent to handwritten signatures when meeting specific criteria.

  • Key Components: The eIDAS Regulation categorizes electronic signatures into three levels: Simple Electronic Signature (SES), Advanced Electronic Signature (AES), and Qualified Electronic Signature (QES).


When and Where the eIDAS Regulation Applies

The eIDAS Regulation applies to a broad range of electronic transactions within the EU, including:

  • Type of Transactions: Covers most commercial, governmental, and personal transactions that traditionally require written signatures, such as contracts, agreements, and acknowledgments.

  • Jurisdictions: The eIDAS Regulation applies across the European Union, ensuring that electronic signatures are legally binding and enforceable in all member states.

  • Consent to Use Electronic Signatures: All parties involved in the transaction must agree to the use of electronic signatures.


Key Compliance Requirements and Portant’s Approach

Portant’s eSignature solution includes several essential features to ensure compliance with the eIDAS Regulation. These features enable secure, legally binding electronic transactions at the SES level and include some AES-compatible functionalities.

Compliance Requirement
Description
Portant’s Compliance Features

User Consent

Parties must consent to the use of electronic signatures.

User Consent Mechanisms: Portant requires users to confirm consent before signing electronically.

Document Integrity

Documents must remain secure and unaltered post-signature.

Document Integrity Verification: Ensures documents cannot be modified after signing.

Audit Trails

Records of the signing process provide evidence of the signature’s validity.

Audit Trails: Portant maintains logs of each stage in the signing process, including timestamps.

Time Stamping

Verifiable timestamps provide legal authenticity.

Time Stamping: Portant provides a verifiable date and time on each signature.

Data Protection Compliance

Data handling must align with EU GDPR standards to protect personal information.

Data Protection: Portant uses encryption and secure storage to comply with GDPR requirements.

Role-Based Access Control

Limits access to authorized individuals, supporting document security.

Role-Based Access: Portant restricts access to view, sign, and manage documents to designated users.


Compliance with eIDAS Signature Levels

Under the eIDAS Regulation, electronic signatures are categorized into three levels, each offering different security and legal assurances. Portant’s eSignature solution fully supports the SES level and includes features compatible with AES, which meets the needs of most business transactions. Below is a breakdown of Portant’s compliance with each level:

Signature Level
Description
Portant’s Compliance

Simple Electronic Signature (SES)

Basic level, suitable for most business transactions.

Compliant: Portant provides SES functionality for everyday business transactions, including user consent, document integrity, and audit trails.

Advanced Electronic Signature (AES)

Higher security level, requiring strict identification and control criteria to uniquely identify the signer.

Partial Compliance: Portant supports some AES features (such as audit trails, integrity verification, and timestamping) but does not provide biometric verification or advanced signer identification, which may be required for full AES compliance.

Qualified Electronic Signature (QES)

Highest level, legally equivalent to handwritten signatures in court, requires a qualified certificate from a trust service provider.

Not Compliant: Portant currently does not provide QES, as it requires certificates from a qualified trust service provider under eIDAS.

Note: Portant’s solution primarily supports SES, which is suitable for most transactions. Users needing higher assurance transactions requiring AES or QES should consider additional verification methods or an external qualified provider.


Practical Considerations for Using eSignatures in the EU

While Portant’s eSignature solution meets SES requirements and includes features compatible with AES, here are a few best practices to ensure compliance:

  1. Obtaining Clear Consent

    • Under eIDAS, all parties must agree to use electronic means. Portant’s interface includes clear consent prompts to facilitate compliance with this requirement.

  2. Maintaining Document Security

    • Signed documents should remain tamper-proof. Portant’s Document Integrity Verification feature locks the document after signing, ensuring its authenticity.

  3. Keeping Comprehensive Audit Trails

    • Audit logs provide an evidentiary record of the signing process. Portant’s audit trail feature securely records each stage, creating a verifiable log of the transaction.

  4. Selecting the Appropriate Signature Level

    • Simple Electronic Signature (SES): Suitable for most transactions and fully supported by Portant.

    • Advanced Electronic Signature (AES): Some higher-assurance features supported, but may require additional identification steps for full compliance.

    • Qualified Electronic Signature (QES): Requires a certificate from a qualified trust service provider and is not currently supported by Portant. Users needing QES for high-value transactions may consider external trust providers.

  5. Understanding Document Exceptions

    • Certain legal documents, such as wills, property transfers, or notarized documents, may still require a handwritten signature. Users should verify if their document type falls under these exceptions.


Conclusion

Portant’s eSignature solution complies with the EU’s eIDAS Regulation, supporting SES and partially compatible with AES requirements. This ensures secure, legally binding electronic signatures for most business transactions across the EU. For high-assurance requirements under AES or QES, additional verification methods or external providers may be necessary.

If you have further questions about Portant’s compliance or need assistance with eSignatures in the EU, our support team is here to help.

Last updated