In an earlier eIDAS post, Richard Oliphant, explained both the shortcomings and innovations of the original 1999 EU Directive on Electronic Signatures. So how exactly did the European Commission address those shortcomings and build upon those innovations? And what can businesses operating cross-border in the EU do to capitalise on this opportunity?
How does eIDAS build upon the original EU Directive?
eIDAS borrows key innovations from the original EU Directive, including:
- Re-establishing the three types of electronic signatures recognised in the EU: Electronic signature, Advanced Electronic Signature and Qualified Electronic Signature.
- Reinforcing that electronic signatures should not be denied legal effect or admissibility in legal proceedings just because they are in electronic form. Note that national law can still require the use of an Advanced or Qualified Electronic Signature.
And eIDAS builds on these innovations by:
- Promoting cloud and mobile electronic signature solutions by explicitly allowing for “remote electronic signatures” and the use of third-party trust service providers to create any type of Electronic Signature . Previously, many interpreted the use of terms like the EU Directive’s ‘Secure Signature Creation Device’ and ‘sole control’ to require the use of physical smartcards or USB hardware-based solutions.
- Preventing member states from creating additional electronic signature types with higher legal value than Qualified Electronic Signatures. Qualified Electronic Signatures automatically have the equivalent legal effect of a handwritten signature.
- Requiring local government-regulated, Qualified Electronic Signature providers to be accepted across the EU. eIDAS now makes it explicit that any Qualified Electronic Signature in the EU enjoys mutual recognition in every Member State and makes cross-border inter-operability a reality.
Put together, these extensions and innovations take the best of the original Directive and give them real promise to fulfill the European Commission’s longtime goal to promote cross-border digital commerce in the EU.
However, the real promise of eIDAS comes out when you combine these changes with the fact that eIDAS is an EU Regulation, rather than a Directive.
EU Regulation, EU Directive, what’s the difference?
While seeming like a small change on the surface, the fact that eIDAS is an EU Regulation, instead of an EU Directive, is a significant change. In the EU, an EU Regulation differs from a Directive in that:
- A Regulation is wholly and automatically implemented into national law without changes, and has direct effect in each Member State. eIDAS automatically came into force on 1st July, 2016.
- Local law cannot conflict with EU Regulations. In the event of a conflict, the Regulation takes precedent.
EU Directives give Member States flexibility on both implementation as well as the timing of its inclusion in local law. There is no such flexibility with a Regulation, giving eIDAS the teeth to effect real change where the EU Directive did not.
What does this all mean for business?
In the end, eIDAS gives businesses the freedom to focus less on compliance in local Member States, and more on the best overall solution for their business and customers. A few key takeaways on how to thrive in the new, post-July 1st digital EU with electronic signature.
- Partner with an eIDAS-compliant expert: Select an electronic signature provider that provides all the different electronic signature types defined by eIDAS (Electronic, Advanced and Qualified) to enable all different types of transactions you use in your business. Ideally, your provider should follow European Commission-recommended technical standards from standards bodies such as ETSI, CEN and ISO.
- Choose global over local: Your business is increasingly, if not already, global, and your solution provider should be no different. Look to partner with a global provider with the experience, partners, reach and most polished products for your customers to succeed in a cross-border, multi-lingual global market.
- Choose local over global: While a global partner is key, you should also pick an electronic signature provider with expertise, people and certifications in the EU. Ask about local offices, local partnerships, local EU data centers, and EU-specific investments, including EU certifications, signified by the EU trust mark (as recorded in the EU Trusted List).
Be Boundless: Drive Global Business with eSignatures
If this has piqued your interest, watch our webinar to see how DocuSign is helping companies take full advantage of the potential benefits of the introduction of eIDAS.
By Pascal Colin, Managing Director, DocuSign France