By: Bob Larrivee on November 28th, 2016
EU Regulation eIDAS: What It Means for Your Business in Europe
Today the use of E-Signatures is an acceptable business practice that is admissible in times of litigation and audit. The key to success is to identify and understand regulations based on particular business processes for E-Signing. In Europe, one regulation is changing the game.
Effective July 2016, the new EU regulation on electronic identification and trust services 910/2014 – typically referred to as eIDAS - went into force. It is designed to propel digital transformation as a major cornerstone for a single European Market. One of its major goals is to fuel E-Signature adoption in Europe by largely replacing 28 nation laws on E-Signatures. eIDAS comes with new options to go digital with both identification and signing processes.
Businesses should familiarize themselves with these new options to stay competitive. Industries with broad potential to benefit from eIDAS are, for example, banking, insurance, telco, and services, in particular, if they run multi-channel and multi-national operations. They ought to assess their signing process whether they have already embarked on E-Signing or still stick with wet ink signatures.
Barriers around E-Signing in identification, signing execution, and user acceptance, which have been identified at past attempts to go paperless and mobile in signing processes, may have become, at least partially, obsolete. Requirements to stick with wet ink signatures on paper are gradually disappearing. The overwhelming majority of business processes where wet ink signatures are captured today might be executed with E-Signatures. Start exploring your (new) options now.
Know your Purposes
In order to assess the particular relevance of eIDAS regulation to your business and identify corresponding laws the first step should be to understand the intended purposes for signing, which is either one purpose or multiple purposes of the following:
- Associate the signer with a document
- Prove involvement in the act of signing
- Provide proof of the signer’s involvement with the content of the signed document
- Provide endorsement of authorship
- Provide endorsement of the contents of a document authored by someone else, e.g., witnessing.
- Prove a person was at a given place at a given time
- Meet a statutory requirement that a document be signed to make it valid
This kind of assessment is required to understand the use case(s) of a wet ink signature on paper and to identify the corresponding requirements of an E-Signature associated with an electronic document. Note that there may be several signature fields in a particular document fulfilling different purposes. A good example of documents with multiple purposes are account opening documents of banks and telecommunication companies, where customers are typically requested to sign multiple times throughout the on-boarding process.
Considerations
Questions you may ask when trying to identify and understand related to the role of signatures in your business process and their associated risk may include:
- Why is something (e.g., contract) signed and by whom (e.g., customer)? Potential answers: Legal Requirement; Operational Reasons – e.g,. evidence; Sales Reasons – e.g., confident experience of a conclusion
- Which operational risks do you need to consider?
- How many and to what extent did your organization experience claims or challenges related to signatures in the paper-based process?
- What are realistic attack scenarios for the electronic signing process?
- How likely and how often is a dispute to occur in relation to the signature?
Wet ink signatures on paper are visual acknowledgments and validation of intent. When it comes to E-Signatures, requirement sets and levels of functionality were created to ensure trustworthiness. In many business cases, wet ink signatures hold a certain acceptance and comfort level, as the traditional signing ceremony is tried, tested, and trusted procedure for centuries. eIDAS also recognizes methods where this traditional way of signing is transferred to the digital world, and handwritten signatures are captured throughout the writing process, including their biometric characteristics also on smartphones and tablets.
Conclusion
In my view, signatures executed in a trustworthy manner may occur in various ways and is also true of E-Signatures. There is no one-size-fits-all approach or a checklist for the perfect E-Signature solution. I encourage you to use the information presented here, to find new for E-Signature opportunities based on eIDAS. Take time to identify an understand ongoing changes in legal, technical, and process requirements that matter to your business. An E-Signing process in general and the signature ceremony, in particular, may be considered trustworthy if the process is capable of fulfilling the requirements of a signature process.
For example, these requirements for Germany, are outlined in the definition in a written form in German Civil law. They are relevant for the signing process in general: “The quality of proof - the evidential weight - is based on functions that cater to:
- Conclusiveness (non-repudiation as much as it is possible).
- Integrity (resistance against manipulation).
- Warning (protection against haste, time to recognize content to be signed).
- Identity (validation and verification of the signee).
Selecting the appropriate E-Signing method is important and requires an understanding of the characteristics and best practices supporting a trustworthy E-Signature. Organizations wishing to implement E-Signatures must align their technology, culture, and processes to meet the challenges of E-Signature use.
About Bob Larrivee
Bob is the President and Founder of Bob Larrivee Consultancy. An internationally recognized Subject Matter Expert and thought leader with over thirty years of experience in the fields of information and process management, Bob is an avid techie with a focus on the application of advanced technologies to enhance business operations.