So what are the options for electronic signatures?
The basis for the classification within the EU is the eIDAS VO, which defines electronic identifications, trust services and the legal framework as well as the individual requirements for the different types. The electronic signatures can be divided into:
- the simple electronic signature (EES)
- the advanced electronic signature (FES)
- the qualified electronic signature (QES)
The respective form of signatures are suitable for the various use cases in which contracts, certificates and other documents require a signature. Which e-signature solution is suitable for which type of contract will now be discussed further in this article.
The simple electronic signature (EES)
This is primarily understood to mean data in electronic form that is linked to further electronic data that the signatory uses for his signature and that identifies him. The least stringent requirements apply to EES, since there is no defined catalog of requirements for it. There are many applications for this type of signature: orders/order confirmations, cost estimates, data protection declarations, general terms and conditions, purchase contracts for movable goods, self-disclosure, handover protocols, etc.
Overall, the electronic signature thus fulfills the same function, even in the narrower sense, as a signature on paper documents that was executed analogously or by hand. Even though the EES is not governed by any major specifications, this form of signature is legally binding, but is based on the validity requirement of the consent of all parties.
Of particular advantage is the traceability of the electronic signatures of the documents through the very detailed workflow and thus the overview of all parties involved in the signature process. This alone is a major advantage over paper-based contracting, where progress is very clear and identifiable.
The advanced electronic signature (FES)
In the case of the advanced electronic signature, the requirements are already higher, since this must meet stricter criteria for identity verification, because the FES is created by means of a unique signature key, as regulated in §2 No. 2 SigG, which is uniquely assigned to the employee/signatory and thus enables electronic identification. However, this is also accompanied by a higher probative value.
The FES must therefore be linked to the signatory in a clear and unambiguous manner, in addition to enabling the identification of the signatory, ensuring that any subsequent modification of the data is detected, as well as the signed legal act being unalterable, and finally being carried out at interfaces under the sole control of the signatory, such as PC, smartphone, tablet.
The FES is used, for example, for partnership agreements (GbR, OHG, KG), resolutions of managing directors of a limited liability company, patent, trademark or copyright agreements, social insurance/ pension insurance documents and other documents.
The qualified electronic signature (QES)
The qualified electronic signature must meet the highest requirements, because the QES must be able to replace the legally required written form on paper for digital documents according to §2 No. 3 SigG. Accordingly, the QES is the only e-signature that is equivalent to the handwritten signature according to §126 BGB, written form requirement. In addition, the eIDAS Regulation defines concrete requirements regarding the verification of the signatory's identity and the safekeeping of the signature key.
The QES is created using a qualified electronic signature creation device, whereby the QES is based on a qualified certificate for electronic signatures. Overall, it is the responsibility of the QES provider to meet certain requirements of the operated data center and to have a certificate confirming that the data center complies with the legal framework and security requirements.
According to this, an electronic signature procedure is considered qualified as soon as it uses a QES issued by a certification authority. In Germany, this is the BSI (Federal Office for Information Security)
The qualified signature process uses the same security criteria as the advanced signature, but the QES requires prior verification of the signer's identity. In addition, the signature key must be present in a qualified electronic signature creation device (QSCD). Nowadays, this identity check can also be performed "remotely", i.e. without physical verification or even presence.
Examples of use can be found in official transactions, receipts, fixed-term employment contracts, broker power of attorney, post-contractual non-compete agreements, consumer loan agreements, banking transactions, e-prescriptions, etc.
Summary of the types of electronic signatures
As we have seen, there are different requirements and legal framework conditions for each area in which signatures are needed, each of which is linked to the evidential value of the signatures. With this, the first difficulties of understanding are out of the way and the first hurdles could be taken. If you still have difficulties in finding your way around, please contact us. As specialists, we will be happy to help you so that you can find your way around without any problems.