Signing Around the World With Digital Signatures
Written by Liliya Apostolova, Director of Product Marketing, DocuSign
Electronic signatures are broadly accepted throughout the industrialised world as equivalent to a written "wet” signature. For most use cases, customers, and locations, an electronic signature is sufficient. However, transactions in heavily regulated industries, in foreign countries or with governmental entities may require or prefer digital signatures, which offer a heightened level of identity assurance compared to electronic signatures.
A digital signature is a type of electronic signature that offers additional verification of the identities of the parties involved in a transaction compared to simple electronic signatures.
Digital signatures are based on a technology standard called Public Key Infrastructure (PKI). PKI is used to create a unique, tamper-evident “digital certificate” that associates a signer with a document and guarantees that the electronic document is authentic. Digital certificates indicate that the signers have completed extra steps to confirm their identities. A signer’s digital certificate is used to create the signature and then attach it to the signed document.
Around the world, there are international standards that specify requirements for digital signatures and the methods used to authenticate a signer. In Europe , it’s European Union’s Electronic Identification, Authentication and Trust Services regulation (eIDAS).
You can learn more about current e-signature laws, local laws, and electronic signature technology preferences for different countries in the DocuSign E-Signature Legality Guide.
How does DocuSign support signing around the world with digital signatures?
DocuSign’s digital certificate-based signatures (digital signatures) support your efforts to comply with these regulations. Around the world, the local regulation defines tiers of signatures and the terms Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) are often used. There may be different naming around the world but in general:
Advanced electronic signature (AES) includes a digital certificate that links the signature to a verified ID with some fundamental rules as to how this ID has been verified. These digital certificates are usually issued by a Trust Service Provider (TSP) also known as a Certificate Authority (CA).
Qualified electronic signature (QES) includes a qualified digital certificate that indicates that identity verification has been completed face to face. The qualified certificates can only be issued by a Qualified Trust Service Provider (QTSP) authorized by regulatory bodies who assess the QTSP security standards.
DocuSign is a QTSP in Europe, which means DocuSign is authorised to issue Advanced and Qualified signatures across the European Union. Beyond Europe, the DocuSign platform accepts certificates from leading TSPs and CAs across the world through API integrations with our Trust Service Provider partners, other third-party integrations, and directly from signers.
A closer look at compliance with eIDAS in the EU
In the European Union, the Electronic Identification, Authentication and Trust Services (eIDAS) regulation defines the technical standard for electronic signature in three levels: electronic signature and two digital signature levels called advanced electronic signature (AES) and qualified electronic signature (QES). Under eIDAS, both AES and QES include signer identity verification, with QES meeting the strictest requirements.
Let’s look at the difference between the three levels of signatures under eIDAS in more detail:
- Electronic signature: According to Article 3 in eIDAS, an electronic signature is data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. Article 25 of the same law makes clear that electronic signatures shall not be denied legal effect simply because they are electronic.
DocuSign eSignature meets the eIDAS requirement for electronic signature along with additional benefits such as powerful workflows, a comprehensive audit trail, and integrations across hundreds of business systems and support for 44 signing languages.
- Advanced Electronic Signatures (AES): According to eIDAS, an AES must meet the following requirements:
- Be uniquely linked to the signatory
- Be capable of identifying the signatory
- Be created using electronic signature creation data that the signatory can, with a high level of confidence, use under his or her sole control.
- Be linked to the data signed in such a way that any subsequent change in the data is detectable.
DocuSign issues AES PKI digital signatures to satisfy the above requirements and provide flexible options to verify the identity of signers using DocuSign ID Verification or using your established identification processes. Alternatively, DocuSign connects to other TSPs you already work with.
Take Swedish law firm Cederquist, for example. Under Swedish law, certain transactions or processes require an advanced level of electronic signature in compliance with Europe’s eIDAS regulation. This level of signature can be achieved when combining a digital signature with the online Swedish Bank Verification. Integrating DocuSign eSignature with online ID verification from the DocuSign Agreement Cloud has given Cederquist an edge in the legal sector.
- Qualified Electronic Signatures (QES): are an even more secure version of an advanced electronic signature. Each QES includes a qualified digital certificate issued by a qualified trust service provider (QTSP) via a Qualified Signature Creation Device. And since this requires a face-to-face identity verification of the signatory, QES is the only signature type in the EU that’s deemed legally identical to a wet signature. As a result, there are a few instances where a QES is required by national law for certain agreements.
As a qualified TSP on the EU Trust List, DocuSign offers multiple options for QES with face to face identity verification options. DocuSign accepts all qualified certificates issued by TSPs on the EU Trust List that your signer already possesses. Alternatively, DocuSign integrates with several qualified TSPs of choice.
While eIDAS and other regulations across the world clearly articulate the definition for electronic signatures, AES and QES, they don’t prescribe when to use each signature type. That’s why DocuSign maintains a DocuSign Legality Guide to highlight common use cases for 60+ countries.