Distinction between the different types of signature (simple, advanced, qualified)
Simple, advanced and qualified electronic signatures are regulated in Regulation (EU) No 910/2014 of the European Parliament and of the Council of July 23rd, 2014, which deals with electronic identification and trust services for electronic transactions in the internal market.
The new Regulation (EU) No 910/2014, known as eIDAS, has the same objective as the previous Directive: to create a climate of trust that enables and strengthens e-commerce and digital transactions in the EU.
In other words, what is intended is to eliminate all the barriers to electronic transactions that exist between member states. To this end, eIDAS establishes common systems for the identification of citizens and the validity of their electronic signatures, so that online transactions can be carried out with greater security, agility and efficiency at European level.
The three types of electronic signatures
The new Regulation maintains the distinction between three types of electronic signatures already established in the previous Directive: simple, advanced and qualified electronic signature.
Something as simple as signing a document and sending it scanned via email, a username and password, or accepting the terms and conditions of a website would be a simple signature.
There is a logical association between the source account of the message (our email address) and the signature, for example. However, there is no real evidence of who the signatory actually is.
This is why this electronic signature, commonly referred to as simple, is the one with the lowest level of security.
An advanced electronic signature is an e-signature that meets the following requirements:
a) uniquely bind the signatory;
b) allow identification of the signatory;
c) created in a way that enables the signatory to retain control;
d) be linked to the signed data in such a way that any subsequent changes to the data are detectable.
The advanced electronic signature has a higher level of security than the simple signature.
A qualified electronic signature is an advanced electronic signature that, in addition:
- is created by a qualified signature-creation device;
• and is based on a qualified certificate for electronic signatures.
Some examples of this type of electronic signature are those generated with the electronic ID card or electronic signature certificates hosted on cryptographic cards.
Qualified certificates for electronic signatures are issued by providers (public and private) that have been granted a qualified status by a competent national authority as indicated in the EU Member State's national "trusted lists"
Many qualified certificate providers will deliver the corresponding private key to a qualified signature-creation device.