Since its approval last year, a lot has been said and written about eIDAS.
Many doubts have arisen as a result of its approval: What does this regulation establish? How can my organisation comply with it? Moreover, the million-dollar question: is any digital signature valid in this new legal context?
If you have all these doubts within your company, do not worry. Here we give you 5 keys so you can solve them, and we explain how nebulaSUITE by vintegrisTECH can help your organization to comply with these regulations.
1. What is eIDAS?
eIDAS refers to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23rd July 2014 on electronic identification and trust services for electronic transactions in the internal market.
Its origin lies in the directive on electronic signature 1999/93 / EC, which was replaced for not being mandatory. This prevented to reach the aim of a Digital Single Market in the European Union since each member state had its own rules in this regard. The unintended consequence was a lack of mutual recognition of electronic signatures issued by other states, which could even lead to the rejection of electronic signatures between countries.
To avoid this problem, and as part of the aim to finally achieve a Digital Single Market, in 2016 the eIDAS Regulation was approved, which aims to set up and regulate all digital signature issues in the EU.
In this way, from now on it will be much simpler and flexible to do business, sign agreements and close transactions within the EU.
2. To what extent does this regulation affect companies?
From the moment of its approval, European organisations that use digital signature and certificates are obliged to comply with these regulations. As we have explained before, the aim is to create a Digital Single Market.
3. What are qualified digital signatures and how can they help me meet eIDAS?
eIDAS establishes 3 types of valid digital signature:
Digital signature: according to Article 3 of eIDAS, are “data in the electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”
Advanced Digital signatures: according to Article 26 of the eIDAS, it must meet the following requirements:
- It is uniquely linked to the signatory;
- It is capable of identifying the signatory;
- It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Qualified digital signature: in addition to complying with the characteristics of the advanced digital signature, it is distinguished because:
- It has the legal equivalence of handwritten signature.
- It has the guarantee of mutual recognition within the EU.
- Can be issued by a Certification Authority (CA), accredited by the relevant authorities of the European Union.
- It is based on qualified certificates, issued by such Certification Authorities (CA), which in turn must be stored in a qualified signature creation device, such as a smart card, USB token or trusted service on the cloud.
- It offers higher levels of security.
4. So can nebulaSUITE help me meet eIDAS thanks to their qualified digital signatures?
Yes. nebulaSUITE, through nebulaSIGN, offers signature through qualified digital certificates issued by its own Certification Authority (CA) or handwritten signature; encryption technology protects both options.
Clients and employees of organisations can sign documents digitally anywhere, both from their work or mobile and with the maximum legal guarantee. vinCAsign, nebulaSUITE guarantees compliance with eIDAS for user convenience by allowing qualified digital certificates to be issued by its CA.
nebulaSUITE Digital Certificate Signing Option
nebulaSUITE provides all the types of signature available in the eIDAS to be able to cover the business needs regarding the quality of the digital signature:
- OTP revision STEP: covers the signature by OTP. An OTP is sent to the user for confirmation of the document.
- External Signature STEP: Advanced Signature. It allows a user to sign with advanced digital certificates on their workstation or nebulaSUITE.
- Qualified signature STEP: Covers qualified digital signature. The user must be registered in the system, with an activated 2-factor token, with a certifi
cate recognised and qualified within nebulaSUITE.
Geographical dispersion has ceased to be a problem, becoming an opportunity to make transactions within the EU in an agile and convenient way.
5. How can I arrange a nebulaSUITE demo?
In all likelihood, this is the most straightforward question to solve.
We hope we didn’t leave anything out about eIDAS, but if you want to know more about the regulation and the benefits that nebulaSUITE can bring to your organisation, please contact us or request a demo here.
Source: ©European Union, 1998-2017