What is a digital signature, and is it as valid as a traditional paper signature? Are there different types of digital signatures? Anyone considering a digital signature solution faces many questions.
So how should you think about ensuring that the solution you choose is legally sustainable? Torbjörn Lindkvist, Business and Product Development Manager at Storegate, explains.
"It is not easy to determine whether the solution you are looking at meets the legal requirements for signing. In fact, many signing solutions available on the market do not hold up legally under close scrutiny. Above all, it is important to check is what level of signing is actually being offered. To get a legally sound signing solution, you need to make sure that you are getting advanced or qualified signing."
Different levels of signatures
Digital signatures are usually divided into three levels. Briefly, it can be said that it is the validity that distinguishes a so-called simple signature from an advanced or qualified signature.
A simple digital signature, for example, involves authorising by clicking a button on a web browser. This type of signature has no background verification system, which means that the signature itself cannot be linked to the signatory. There is also a risk that it could be manipulated afterwards.
An advanced signature has higher security, the signature is linked to the signer and it is possible to identify the signer. For advanced signatures, there are security requirements regulated by the eIDAS Regulation.
Qualified signatures are a stricter form of advanced signatures and have the same legal validity as a traditional paper signature. A qualified signature requires, in addition to the security requirements of eIDAS, certificate-based digital IDs issued by a TSP (Trust Service Provider) and multi-factor authentication such as BankID.
In order to have a legally sustainable solution that can be used for signing contracts containing confidential information and, for example, for submitting the annual report digitally, an advanced signing service is needed. Torbjörn Lindkvist explains further:
"What determines whether a signature can really be classified as advanced is that all the requirements of eIDAS are met. This is a pitfall if you fail to check that what is promised is actually true. There are services where only a few requirements are met and this means that the signature is not advanced".
All eIDAS requirements must be met
eIDAS is an EU regulation and has the force of law. The requirements of eIDAS Article 26 for advanced digital signatures are as follows:
- It must be uniquely linked to the signatory.
- The signatory must be identifiable through it.
- It must be created on the basis of electronic signature creation data that the signatory can use with a high degree of reliability exclusively under his/her own control.
- It must be linked to the data it is used to sign in such a way that any subsequent changes to the data can be detected.
In this case, all requirements are met for an advanced signature. In addition to the points above, qualified signing requires certificates and timestamps from a TSP (Trust Service Provider) on the EUTL list and multi-factor authentication for verification and signing, such as BankID.
A regular and secure signing solution at Storegate
Storegate's signing service meets all eIDAS requirements and offers advanced and qualified signatures. We use certificates and timestamps from an EUTL-listed TSP (Trust Service Provider) and multi-factor authentication for verification and signing with BankID. This allows Storegate's signing solution to be used by public sector organisations, for signing contracts containing confidential information and for submitting annual reports digitally. Contracts signed via Storegate are legally valid throughout the EU.
Book a free demo
Are you curious to know more about our signing solution? We'll be happy to tell you more about how Storegate provides you with a secure solution for storing, collaborating and signing documents. All in one Swedish cloud.