eDiversa Group was created with very clear purposes, one of them was to help our clients in their digitalization processes as a tool to improve productivity as well as reduce their carbon footprint. One of the first advances in this field was the electronic signature. Now, with the imminent entry into force of the mandatory Electronic Invoice for companies and freelancers, the electronic signature plays a crucial role.
Regulation (EU) No. 910/2014 makes a distinction between three categories of electronic signatures, each with varying levels of authority and security, as well as the offer of varied user experiences.
Below, we tell you the details of each of the e-signatures and their respective applications. This way, you can select the one that best suits your needs.
Basic electronic signature
This can be a handwritten signature made on a desktop screen (which is saved digitally) or simply a click on the "I accept" button. However, it is important to note that approval or acceptance is always supported by a certificate.
In general, the basic electronic signature is used in processes of lesser importance, since there is no definite method of confirming the signer's identity. In the event that someone copies someone else's signature and incorporates it into the document, it would be difficult to prove or even discover it.
This type of electronic signature is often suitable for accepting packages, checking a digital box on a desktop screen, or scanning a hand-signed document. In such cases, the basic electronic signature is sufficient. Advanced electronic signature
The advanced electronic signature vastly surpasses the basic one in terms of reliability. It should comply with four specific requirements:
- First, it should be uniquely linked to the signer.
- Second, it should identify the signer.
- Third, the signature should be made through a high-security mechanism that guarantees that only – and exclusively – can the signer sign the document.
- Finally, once the document is signed, any later change in the data can be traced.
By identifying the signer, a large amount of technical information is obtained that complicates forgery or impersonation, such as the address of origin of the request, the place where the signature was made or the time of signing. In addition, the prohibition of subsequent changes without notification, guarantees the applicant and the signer the veracity of the signature.
Although this signature is totally compatible with the eIDAS (European regulation for digital identification), which offers a high level of reliability and is resistant to manipulation, there is always a risk that the identity controls do not comply with the strictest reliance requirements.
Advanced electronic signatures represent the perfect balance between user experience and risk management. Examples of advanced e-signatures are biometric signatures or signatures via SMS identification, iDIN, iSignatures and iSignatures via SMS, iDIN.
Qualified electronic signature
The qualified electronic signature links the signer’s identity to their signature through a certified, personal certificate issued by a Qualified Trust Service Provider (QTSP). This signature is considered the digital equivalent to a hand-written signature on paper.
This certificate assures that the signature is not only valid in the EU country where it was emitted but also in any member of the European Union. The special legal status of European State allows the use for high-risk documents such as life insurance or loan requests.
In addition to the four requirements already stipulated for advanced electronic signatures, this digital signature must meet additional standards. The user's signature password must be managed with a Qualified Electronic Signature Device (QSCD), defined by eIDAS as a protected and approved hardware device for the creation of signature and seal data. This means that only the signer can access and use their personal key. This way, the signature creation data is unique, confidential and protected against forgery.
These requirements provide the highest level of reliability to qualified electronic signatures. It is the only type of electronic signature capable of fully identifying the signer, as it requires an initial face-to-face verification or equivalent procedure. Some of the most secure signature types are the electronic ID or eIDAS Qualified Digital Certifications.
Types of qualified signatures:
- Locally qualified electronic signature
The locally qualified electronic signature is the one made through an electronic certificate hosted on the signer's device. These certificates can be created in various formats, such as cryptographic cards, USB tokens or cryptographic seals with specific software.
This electronic signature is very versatile, because it can operate on different operating systems and browsers. The signature is installed on the device in advance, which guarantees its functionality regardless of the technological environment.
- Centralized electronic signature
In contrast, the centralized electronic signature is hosted on a secure server and is usually the option chosen by companies. It allows the signer to access the signature from any device or mobile device with Internet access.
All the Electronic Invoices and documents that are transmitted through eDiversa Group's platforms have the qualified signature by means of the electronic certificate. This certifies the authenticity, integrity and confidentiality. For any doubts you may have, please contact us at firstname.lastname@example.org or call us at 931 833 790.