eIDAS

In 2016, a new European regulation came into effect, officially known as Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. In practice, this complex legislation is referred to as eIDAS. Among various matters, this legislation harmonizes the use and value of electronic signatures throughout the entire European Union.

The Dutch Civil Code was amended due to eIDAS. Similar to the previous situation, three types of electronic signatures continue to exist.

The "simple" electronic signature (SES),

The "advanced" electronic signature (AES), and

The "qualified" electronic signature (QES).


The simple electronic signature (SES):

An electronic signature has the same legal effect as a handwritten signature if the method used for signing is sufficiently reliable, considering the purpose for which the electronic signature is used and all other circumstances of the case.

In other words, you should assess whether the electronic signature used for the purpose is sufficiently reliable. It's quite an open standard, in our opinion.

Sufficient reliability is related to the purpose (or significance) of the agreement. The higher the significance, the more reliable the signature must be, and the sender must be more certain about the identity of the signatory.

Hence, we can conclude that with a sufficiently reliable electronic signature, your signed agreement becomes compelling evidence.

Ensuring the identity of the signatory is a crucial element in establishing the reliability of the electronic signature. The more certain you are about the signatory's identity, the stronger the electronic mark. In Stiply's case, the recipient receives an email with a unique link to sign. The signatory's email address is typically only accessible to the signatory. This means the contract sender can be reasonably sure that the intended person is signing. (Others do not receive the email or know the unique link.) This adds a certain degree of authenticity: only the email recipient can sign the document.

Stiply also logs several other signatory details during the signing process, including IP address, browser data, and location (with permission). These details further contribute to the reliability of authenticity.

The reliability of authenticity is thus adequately ensured for simple contracts. However, as mentioned, the more significant the contract, the greater the authentication's reliability should be.

For this reason, Stiply offers an additional authentication option in the form of SMS authentication. The recipient receives a unique code via SMS that must be entered before accessing or signing the document. Along with the unique link and log data, this provides additional assurance of the signatory's authenticity.

Stiply also generates a unique code from the signed document. If any letter in the signed document is altered, it can be detected afterward using that code. This safeguards the document's integrity.


The advanced electronic signature (AES):

The main advantage of the advanced electronic signature over the simple electronic signature is that with an advanced electronic signature, there is a presumption of sufficient reliability. The law assumes that you have met the requirement of sufficient reliability for these electronic signatures unless proven otherwise. This is a procedural advantage over the simple electronic signature, where you have to demonstrate that the authentication method is sufficiently reliable. The advanced electronic signature also provides compelling evidence.

The law sets four requirements for the advanced electronic signature:

It is uniquely linked to the signatory;

It enables the identification of the signatory;

It is created using electronic signature creation data that the signatory, under their sole control, can use with a high level of confidence;

It is linked to the signed data in such a way that any subsequent change to the data can be detected.

As described earlier, identification is crucial in assessing the reliability of the electronic signature. The more certain you are about the signatory's identity, the stronger the electronic mark. Unlike the simple electronic signature, the advanced electronic signature requires an identification means with a high level of confidence.

Additionally, Stiply offers the option to identify the signatory through their bank. This method, called IDIN, is a highly robust form of online identification, enabling a reliable identification method for important contracts.

Through Stiply, an advanced electronic signature can be placed using IDIN, ensuring compelling evidence. It's important to note that even with a simple electronic signature, compelling evidence can be obtained as long as the reliability matches the contract's significance.

Similar to the simple electronic signature, Stiply uses a code to ensure document integrity. Moreover, Stiply collaborates with Swisscom, a Swiss company acting as a trusted third party (TSP), which can provide signed Stiply contracts with a timestamp and digital signing certificate. This adds an electronic seal to the signed PDF document. In Adobe Acrobat, you can see that the document is validly digitally signed. If anyone tampered with the document's content, the seal would break, and changes could be detected afterward. These AES signing certificates are standard for requests that use IDIN.

 

The qualified electronic signature (QES):

Finally, there is a third type of signature: the qualified electronic signature (QES). This is established by linking a unique personal code of a signatory to the document (via a cryptographic technique). The qualified electronic signature (QES) is even more secure because the personal code is provided by a specialized certification authority to the signatory, often on a smart card, personal token, or USB stick. To meet this requirement, each signatory must identify themselves with a specific company and then use a smart card or USB token to apply their electronic signature from then on. An important difference between QES and SES or AES is that a qualified electronic signature (QES) can only be issued after an official audit. There are special regulations and a set of requirements that must be met before a provider can claim to offer or allow the use of a qualified electronic signature. One of the additional requirements is the inclusion of a qualified certificate issued by a qualified Trust Service Provider (QTSP).

The qualified electronic signature is an excellent means to facilitate online transactions at the highest level, but due to the still low coverage of qualified identification means, this solution is currently quite limited in practical use. Stiply offers a digital signing solution where broad adoption is crucial. We are, of course, closely monitoring developments in this field, and our system is designed to easily incorporate new identification methods. As soon as a widely accepted identification method for qualified signing becomes available, Stiply will incorporate it into the signing solution.

Digital signatures placed with Stiply are at least simple electronic signatures. These are legally valid. However, ensure that the more important the contract, the more you verify the signatory's identity. For more significant contracts, consider additional authentication methods such as SMS authentication, or IDIN. By using IDIN, the signatures placed with Stiply may meet the requirements of the advanced electronic signature (AES).

Furthermore, digital signatures placed with Stiply can always be considered as strong evidence. Due to all the extra safeguards, Stiply provides robust evidence (much stronger than, for instance, an email with a few agreements).