1 Introduction
Establishing digital trust has been challenging enough, but the unambiguous rise in remote interactions – distanced onboarding of customers and employees, exchanging contracts, and cross-border transactions – has made electronic signing a necessity of doing business today. No sacrifices can be made for security, which means that in order to fulfill the stringent requirements of eIDAS and other regulations for electronic signatures, solutions are often multi-step and multi-channel that take time and disrupt the user experience. However, solutions are on the market that consolidate identity verification and ability to provide qualified electronic signatures into a self-service digital flow.
The eIDAS Regulation, which came into full force in 2016, stipulates the requirements for electronic identification and trust services within the European Union. Vendors that issue advanced or qualified electronic signatures (AES/QES) must fulfill particular technology requirements. For AES, the signatory must be uniquely identified and linked to their electronic signature, the signatory must have sole control of their private key, and the electronic signature should signal if the document has been tampered by becoming invalid. A QES has the highest level of assurance according to eIDAS, and has the same legal standing as a signature made by hand on a physical document. A QES is an AES with more safeguards in place, such as requiring that the electronic signature use a digital certificate that is stored on a qualified signature creation device (QSCD) . Qualified trust service providers, vetted and publicly listed on the EU Trust List, are the only vendors that may issue a qualified electronic certificate.
Electronic signatures, despite their strict requirements, fulfill many needs in today's world of digital and remote interactions. Particularly in the European Union or with countries that often collaborate with EU member states, electronically-signed documents must have legal standing that is recognized across borders, even with multiple signatories stand in different countries. And especially if the signatories are in different countries, it becomes necessary to handle a document signing process remotely, as the time of sending the document multiple times to both parties, or the monetary and time costs of travelling to sign the document in the same room are not aligned with modern business practices. But regardless of distance, parties to a contract need fully digital methods to sign documents securely. Electronic signatures are capable of verifying and displaying the authenticity of the sender and the signer, display the integrity of the document, and facilitate digital workflows.
eIDAS' dual goals – of enabling electronic transactions and signatures across the EU, and upholding the highest levels of assurance that the identities of transacting parties and their signatures are valid – pose challenges to rolling out user-friendly solutions. Signatories are often required to carry a physical security token like a smart card, have access to dedicated smart card readers, use video identification products, or wait hours or days to complete the initial identity proofing required before they may proceed with signing. While electronic signing solutions exist, there is often a delay between registration and the ability to sign a document – something that puts unnecessary delays on business processes.
However, technology solutions are on the market that fulfill the highest levels of assurance for electronic signatures while consolidating the process into a single digital flow. By combining remote identity verification with a virtual smart card, signatories to a document can complete the necessary steps on their mobile device themselves and immediately sign a document. Digidentity's eSGN onboarding uses remote identity verification and a virtual smart card to facilitate advanced and qualified electronic signatures in an all-digital workflow.