What type of electronic signature do I need? Simple, advanced and qualified signature

How many digital signatures are there? What level of security do I need depending on my activity? What does a qualified signature consist of? Every day we receive thousands of queries about which type of signature is most suitable for each company depending on the level of legal and juridical protection required or desired in their internal and external management.

Today we tell you in a very visual and simple way the 3 types of signature recognised by the eIDAS regulation and the degree of security offered by each of them.

Electronic signature: a must for companies

The eIDAS regulation (EU) 910/2014 regulates electronic transactions and communications, establishing the 3 types of electronic signature accepted by all European Union countries: simple signature, advanced signature and qualified signature.

As stated in article 3 of the eIDAS regulation, an electronic signature refers to “data in electronic form that is unrelated or logically associated with other electronic data and is used by the signatory to sign”.

Thus, there are 2 key elements to be taken into account in electronic signature:

• Data in electronic format
• Identification of the signatory

As we mentioned, one of the benefits of using electronic signature is that it allows you to sign documents and carry out all kinds of transactions with full legal validity within the EU. Let us now see what types of electronic signature are suitable for us depending on the situation we are in and the activity of our company.

The 3 types of electronic signature recognised by eIDAS

Simple signature

The signatory accepts or rejects the information received by responding to an on-screen dialogue box, which is generally based on an “Accept/Reject” of the document sent. In other words, it does not require a trace as such, but only a click is enough to show the conformity of the information.

This is the easiest type of electronic signature for the signatory, as it does not require additional technology and allows to accept an agreement quickly and easily. However, it is the least legally robust type of electronic signature, as the identity of the signatory cannot be indisputably assured.

For this reason, the simple signature is valid for very basic day-to-day communications such as changes in the privacy policy or communications to employees that do not require a high level of security on the part of the company.

Advanced signature

The advanced electronic signature has a higher level of security than the simple signature. According to article 26 of eIDAS, in order to have an advanced signature, the following requirements must be complied with:

a) be uniquely linked to the signatory
b) allow identification of the signatory
c) created using electronic signature creation data that the signatory can use, with a high level of confidence, under his exclusive control, and
d) be linked to the data signed by it in such a way that any subsequent modification of the data is detectable

The advanced electronic signature can be used by 2 methods:

I. Advanced OTP signature (SMS)

The signatory receives a code by SMS – valid for a period of time and for one-time use only – which must be entered at the time of signing. This type of electronic signature is very common when making online purchases or signing contracts in the recruitment process.

In this case, the signatory’s identity is guaranteed by the use of a personal element at the time of signing: his or her mobile phone.

II. Advanced biometric signature

This electronic signature requires the physical presence of the signatory, as he/she needs to sign on a specific tool (usually a tablet). Biometric data is collected that identifies the signatory, such as the pressure, inclination and position of the pen used at the time of signing.

This type of electronic signature is commonly used in sectors such as banking and insurance, as it allows them to speed up the closing of transactions in person.

Qualified signature

The qualified signature is the most legally robust type of signature that provides greater security in the event of a dispute. It must meet three essential requirements:

• The signatory must be uniquely linked and identified to the signature.
• The data used to create the signature must be under the exclusive control of the signatory.
• It must have the ability to ensure that the data has not been modified after signature.

The digital certificate is defined as “an digital signature certificate that has been issued by a Qualified Trust Service Provider“. The certificate must be issued by a Certification Authority, an officially recognised entity that endorses the signatory’s identity.

All types of electronic signatures in a unique tool

At Ivnosys we have the IvCert electronic signature platform, making available to our customers all types of electronic signatures recognised by eIDAS. The tool allows the signing and sending of documents, collecting them signed in minutes and with full legal certainty.

In addition, Ivnosys is recognised as a Qualified Trust Service Provider and Certification Authority, complying with the security standards of its signature and digital identity solutions.