Levels of signature under the eIDAS regulation

Within eIDAS regulation, there are 2 different electronic signature levels.

Digital signature is a technology that allows to identify individuals or entities and ensure the veracity of the information that those persons or entities exchange with third parties. The digital signature is used in different fields, it is used in communications, it is used to encrypt confidential information, and it is also used for signing documents. Within this scope, the signing of documents, the digital signature what allows us to identify the identity of the signatories and ensure the integrity of the document that has been signed. Therefore, it cannot be modified without us being aware of it.

The digital signature also allows those signatures to be made without the physical presence of the signatories. Since 2014, within the scope of the European Union, there is a regulation called eIDAS Regulation, which is applicable in all EU member countries and which regulates, among other things, the types of digital signature and gives full legal validity to this technology in all countries of the Union.

Within eIDAS, among other things, the different electronic signature levels are defined, which are 3: simple, advanced or qualified signature.

  • The level of simple signature is defined as the electronic data attached to a document and that the signer has used to make the digital signature.
  • The advanced signature has additional requirements, which are associated with the unique identification of the signatory to the requirement that the signature means must be for the exclusive use of the signatory and also ensure the integrity of the document. In other words, the document cannot be modified once it has been signed.
  • Finally, the highest level of signature defined within the scope of eIDAS is called qualified signature. A signature that is achieved using qualified digital certificates through a secure signature creation device.

Docuten supports all types of signature described in eIDAS and it is interesting to stand out four of the most commonly used.

  • Signing using an OTP code, which is a one-time password, is typically sent to a mobile phone, or via email to the person who is going to sign so that he can perform the digital signature.

  • The biometric signature is a type of signature in which we can use a tablet or mobile device to review the document sent to us and make a signature on it. The biometric signature not only registers the strokes made, but also stores information regarding the signers biometric features: the pressure generated by performing the signature, speed, direction changes, etc. that uniquely identify the signer.

  • The signature using qualified digital certificates, such as software certificates, in Spain its use is fairly widespread. We are one of the EU countries where digital certificates are most widely used. The specific characteristic of these certificates requires that the identity of the person or entity for which they are to be issued be accredited. Therefore, it has a very high level of security, insofar as it is necessary to have the physical presence and documentary accreditation of the identity of the person or, even, in company representatives, of the powers accrediting representation that this company representative has of different companies within the group of companies.
    We, as a registration authority, can also help our clients to prove the identity of these company representatives without moving from their premises.

  • And specifically, using digital certificates, the latest addition to the signature types in Docuten is also interesting to mention: the qualified centralized signature. It is a type of signature that generates the highest level of security, the highest level of signature within eIDAs and it uses qualified digital certificates that are generated and stored centrally in a registration authority, in a secure signature creation device, so that they cannot be exported, cannot be copied, cannot be accessed in any way. A single copy is always stored on that device, and the owner of that certificate has the means to use it exclusively. It can be used anywhere and also ensures and facilitates the management of certificates, since there are never multiple copies that may be distributed or out of the control of those certificates.

At Docuten we are specialists in digital signature, electronic invoicing and payment management, and we are here to help you with what you need. Do not hesitate to contact us if you have any question.

Mónica Fustes
Mónica Fustes