top of page
  • Writer's pictureLukas Pelcman

Electronic Signatures 101: Boring Definitions and Confusing Categories

Updated: Feb 14

What are electronic signatures? Let's align ourselves on all those boring definitions and confusing categories.



Electronic signature as (broadest) category


According to the EU eIDAS regulation1, an electronic signature means

  1. data in electronic form which

  2. is attached to or logically associated with other data in electronic form, and which

  3. is used by the signatory to sign.2


Such a definition covers everything from a scanned handwritten signature on a paper, to a digitally created graphic entry of a name (scribble or perhaps just a digitally typed name, e.g. in Word doc or in an email), a biometric signature, or a file created using a sophisticated method based on asymmetric cryptography.


Advanced vs Qualified e-signature, and others


Essentially, there are two types of e-signatures that are recognised under the current laws.


Advanced electronic signature (AES)


AES is an e-signature which

  1. is uniquely linked to the signatory,

  2. is capable of identifying the signatory,

  3. is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control, and

  4. is linked to the data signed therewith in such a way that any subsequent change in the data is detectable (i.e. it ensures immutability).3


As of today, only e-signatures based on asymmetric cryptography fulfil all the above requirements.


Qualified electronic signature (QES)


QES means AES that

  1. is created by a qualified electronic signature creation device, and

  2. which is based on a qualified certificate for electronic signatures.4


So if we put all the above definitions together, we get that:

  1. QES is a subcategory of AES; essentially, the only difference is that QES is created using a qualified electronic signature creation device (QES-CD) – token or a chip card.5

  2. AES is itself a subcategory of e-signatures.


Simple e-signature


Further on, for anything that falls into the category of e-signatures, but not so in the category of AES, a term “simple e-signature” is being used.


Those are, for example, already mentioned biometric signatures, digital scribbles made in Word docs, or scanned “wet ink” signatures.


Mr. “Recognised e-signature”, it’s nice to meet you!


To make things not too simple, the Czech laws further work with the term “recognised electronic signature” (in Czech “uznávaný elektronický podpis”).


This is a hybrid that includes all AESs based on qualified certificates, which is, apart from QES, also any AES based on a qualified certificate, though not created by QES-CD.

Is this clear? More on the technical aspect of guaranteed e-signatures next time.



 

1 See here

2 Art. 3(10) eIDAS

3 Art. 26 eIDAS

4 Art. 3(12) eIDAS

5 For example, Gemalto SafeNet eToken (see here)

4 views0 comments

コメント


bottom of page