eIDAS makes electronic signatures legal in Europe.
If you do business in Europe, then eIDAS is big news. This regulation simplifies and standardizes digital IDs and signatures across Europe to help create a “Digital Single Market.” Now, it’s much easier for you and your customers to conduct secure digital transactions in your own country and across European Union (EU) member states.
What, exactly, is eIDAS?
The Electronic Identification and Trust Services Regulation (eIDAS Regulation 910/2014/EC) is a single, standardized regulation that applies across all EU member states — finally providing a consistent legal framework for accepting electronic identities and signatures. It also introduces digital seals for business entities. With the arrival of eIDAS, European organizations are racing to fully digitize their business processes. And with good reason. A recent Forrester study* found that e-signatures provided by Adobe Sign help organizations save significant time and money.
eIDAS recognizes three e-signature types.
With eIDAS, your business gains the flexibility to choose from a variety of electronic signature approaches. The most rigorous requirements set strict compliance standards for verifying the identity of signers and the authenticity of the documents they sign. It also introduces electronic seals that let a legal entity, such as a business, seal a document instead of signing with the identity of a specific person.
1. Electronic signatureseIDAS sets a foundation for all electronic signatures by asserting that no signature can be denied legal admissibility solely because it's in electronic form. This requirement can be met with typical e-signatures.
2. Advanced Electronic Signatures (AdES)With AdES, signatures must be uniquely linked to, and capable of identifying, the signer. Signers create their signature using data solely under their control and the final document is tamper-evident. This requirement can be met with digital signatures.
3. Qualified Electronic Signatures (QES)QES is a stricter form of AdES and the only signature type given the same legal value as handwritten signatures. It requires signers to use certificate-based digital ID issued by a qualified EU Trust Service Provider (TSP), along with a qualified signature creation device (QSCD), such as a smart card, USB token, or mobile app that creates a one-time passcode.
With 6 billion transactions a year, we know signature compliance.
Adobe is uniquely qualified to help you comply with eIDAS. As the undisputed leader in secure digital documents, we invented PDF, contributed to open standards for digital signatures, and continue to advance those standards as part of the Cloud Signature Consortium.
Ultimate compliance.Our signature solution is the only one to support every accredited trust service provider in Europe and gives you freedom of choice when it comes to advanced and qualified signatures.
Security device support.We support the broadest range of secure signature creation devices (SSCD), including smart cards, USB tokens, and mobile authentication apps.
eIDAS and Adobe Sign FAQ
Are e-signatures in the EU admissible and legal?
Yes. Article 25 of the eIDAS regulation maintains the fundamental legal rule that all electronic signatures and verification services shall be admissible as evidence in legal proceedings. Read more about how to make electronic signatures legal.
What are Trust Service Providers (TSPs)?
Trust Service Providers offer a wide range of secure identity and transaction services, including registration authority, certificate authority, and time stamp authority. TSPs are responsible for issuing digital identities and providing the infrastructure needed to create and validate Advanced and Qualified Electronic Signatures. Adobe Sign lets you work with your choice of TSPs to sign and time stamp documents, so you can comply with laws or regulations governing your specific country or industry. During the validation process, Adobe also confirms that the authorities being used in the document are trusted providers — approved through global, regional, or industry-specific accreditation. Trust lists, such as the Adobe Approved Trust List (AATL) and the European Union Trusted Lists (EUTL), are fully supported in Adobe solutions.
Does eIDAS let me work with a TSP based outside my country?
Yes. For Advanced Electronic Signature (AdES) compliance, you can work with any TSP. For Qualified Electronic Signature (QES) compliance, you need to select your solution from accredited providers on the EUTL. Each EU member state supervises providers in its own country, but once a TSP is EUTL-approved in one country, their services can be sold in other countries with the same level of compliance.
What is EUTL?
European Union Trusted Lists (EUTL) is a public list of over 170 active and 40 legacy Trust Service Providers (TSPs) that are specifically accredited to provide the highest level of compliance with the EU eIDAS regulation. These providers offer certificate-based digital IDs for individuals, digital seals for businesses, time stamping, and other services that can be used to meet Qualified Electronic Signatures (QES) requirements. In eIDAS, only qualified signatures are legally and automatically equivalent to handwritten signatures. And, they are the only type of signature automatically recognized in cross-border transactions among EU member states.
Is Adobe on the EUTL list?
Yes. Adobe offers a qualified time stamp service that is EUTL certified. In addition, Adobe Sign automatically works with every certificate-based digital ID published on the list and can be configured to work with other time stamps as well. Adobe Sign implementations in Europe automatically add qualified time stamps to each document signed with digital signatures. The Adobe time stamp ensures long-term validity for up to 10 years.
Does Adobe sell certificate-based digital IDs?
No. Adobe partners with more than 200 TSPs around the world and works with every provider on the EUTL so that you have the flexibility to meet your own unique compliance requirements. Our TSP partners are experts in security and meet the most stringent requirements for pre-checking and securing identities. They are also at the forefront of security technology, so as stronger and stronger security methods evolve, we expect the leaders to evolve their solutions quickly, giving our customers access to the state-of-the-art solutions today and in the future.
What are cloud-based digital signatures?
Cloud-based digital signatures, or “cloud signatures,” are a new generation of digital signatures using an open, standards-based approach championed by Adobe and other industry leaders in the Cloud Signature Consortium. “Traditional” digital signatures are designed for use with desktop software and typically require the signer to insert a USB token or smart card containing the certificate, then type in a personal PIN to verify their identity when signing. By contrast, cloud-based digital signatures are designed to be used easily across desktop, web, and mobile. Certificates are stored securely in the cloud by accredited Trust Service Providers (TSPs)/Certificate Authorities (CAs), and signers use their personal PIN plus additional authentication methods (for example, a mobile one-time passcode) to verify their identity while signing. Read the brief.
What is the Cloud Signature Consortium?
The Cloud Signature Consortium (CSC) is a group of industry and academic organizations committed to building new standards for cloud-based digital signatures that will support web and mobile applications and comply with the most demanding electronic signature regulations in the world. CSC has created a common technical specification that will make solutions interoperable and suitable for uniform adoption in the global market. This effort was inspired by the need to meet the remote-signature requirements of the European Union's Electronic Identification and Trust Services Regulation (eIDAS), but its impact is expected to be global.
How are cloud-based digital signatures enabling eIDAS?
Standards-based digital signatures in the cloud remove the barriers that have hampered adoption of electronic signatures in Europe and around the world. They do the following:
- Meet market demand for simple-to-use, simple-to-deploy solutions.
- Eliminate the hassle of installing desktop software, downloading documents, and plugging in USB tokens or smart cards.
- Bring the highest levels of eIDAS compliance to web apps and mobile devices — for example, Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES).
- Provide a consistent, interoperable framework for working with digital IDs and signing solutions, so companies can invest in technology confidently, knowing they won't be limited to working with just a few proprietary applications.
*The Total Economic Impact of Adobe Sign, a commissioned study conducted by Forrester Consulting, on behalf of Adobe.