What is the eIDAS?
eIDAS, which stands for electronic IDentification, Authentication and trust Services, is a set of regulations for the EU that control what counts as a trusted service for electronic transaction and electronic identification. Specifically related to validity of electronic signatures, Article 8 of the eIDAS defined three levels of electronic identification that increase in the level of “assurance” the electronic signature holds.
Levels of assurance
Here are the three “levels of assurance” as outlined in the eIDAS:
- Technology that provides a low assurance level means that you can have only “a limited degree of confidence” that the person you are identifying is who they say they are.
- Technology that provides a substantial assurance level means that you can have more confidence that the person you are identifying is who they say they are.
- Technology that provides a high assurance level means that you can have “a higher degree of confidence” that the person you are identifying is who they say they are.
These assurance levels then provide the basis for the different types of electronic signature outlined in the eIDAS.
Types of electronic signature according to eIDAS
Let’s take a look at how Simple Electronic Signatures compare to the Advanced Electronic Signature level of assurance that is provided by Nintex AssureSign.
Simple Electronic Signature
Simple Electronic Signature, also known as Basic Electronic Signatures, provide the lowest “level of assurance”, but does still meet the basic definition of an electronic signature under the definition provided in the eIDAS: “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”
With Simple Electronic Signatures, there is no authentication or validation that confirms that the signer is who they say they are, or that links the signature back to a given individual. Because of this, any of the following might count as a Simple Electronic Signature:
- An image of your signature added to a word document
- A typed name at the bottom of an email
- Checking a box that says “I Agree” on a EULA, or website
Because there is no authentication of the signer, or validation that confirms the one “signing” the document is who they say they are, if the validity of the document is brought into question, the burden of proof for its authenticity lies with the party that requested the signature. Simple Electronic Signatures, are often deemed to be unsuitable for documents that may come under legal scrutiny.
Advanced Electronic Signature
When there is a need for a “substantial” level of assurance that the person signing the document is who they say they are, this is when the Advanced Electronic Signature is required.
Signing tools that achieve the AES level of assurance ensure that the signatory had sole control over creating the signature, meaning it was created on their computer, phone or another device, and that no one can change or tamper with the document once the signer has signed it.
This will often include additional levels of authentication for the signer such as multi-factor authentication, or knowledge-based authentication, where the signatory must verify their identity with publicly accessible data.
Examples of documents that may require an AES include:
- Employee contracts and documents
- Tax documentation
- Mortgage contracts
- Sales contracts
- Non-Disclosure agreements
As you can see, by supporting Advanced Electronic Signatures under the eIDAS, Nintex AssureSign can support a much wider range of enterprise use cases as well as those covered by Simple Electronic Signatures.
If you would like to learn more about Nintex AssureSign, check out our newest on-demand training content within the Nintex University, or see if Nintex AssureSign can fit your business needs by trying out a 30 day trial.