Legality

nebulaSUITE Helps You Comply with

eIDAS

What Is eIDAS and What Does It Regulate?

Regulation (EU) N°910/2014, on electronic identification and trust services for electronic transactions in the internal market, aims to establish a common legal framework regarding electronic signatures for EU member states through standardization, and thus contribute to the EU’s goal of achieving a digital single market.

By taking effect on July 1, 2016, it replaces the first electronic signatures directive, 1999/93/EC, as it did not serve the purpose of a common market. Being a directive and not a regulation, it created a fragmented scenario where each EU country had its own laws regarding electronic signatures. Consequently, there was a lack of mutual recognition of electronic signatures among the EU member states.

By complying with eIDAS, EU member states can do business with the guarantee of having their electronic signatures legally recognized.

What Are Qualified Electronic Signatures?

Qualified Electronic Signatures are the only type that act as a legal equivalent of a handwritten “wet ink” signature. Thus, they ensure mutual recognition of their validity across the EU. The other electronic signatures approved by eIDAS are Electronic Signatures and Advanced Electronic Signatures.

What makes Qualified Electronic Signatures distinctive is the fact that they can only be issued by a Certificate Authority (CA) accredited by the pertinent authorities in the EU.

Víntegris as a Qualified Trust Service Provider

eIDAS Regulation 910/2014 defines a Trust Service Provider as ‘a natural or a legal person who provides one or more trust services either as a qualified or as a non- qualified trust service provider’, and a Qualified Trust Service Provider as ‘a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body’.

vintegrisTECH is the technology division for the proprietary software of Víntegris, an established Qualified Trust Service Provider under eIDAS Regulation.¹

In addition, nebulaSUITE incorporates features that ensure legal compliance with eIDAS Regulation in the EU, facilitating transactions and businesses with the EU.

ESIGN & UETA

What Are ESIGN & UETA, and What Do They Regulate?

The Electronic Signatures in Global and National Commerce Act (ESIGN) 2000 and the Uniform Electronic Transactions Act (UETA) 1999, are regulations passed by the US Government with the aim of providing legal guidelines for both electronic records and signatures for transactions.

They cover commercial transactions, so they don’t apply to documents for property transfers, wills, codicils, divorces or adoptions, among others.

ESIGN states in the very first section (101.a), that a contract or signature “may not be denied legal effect, validity, or enforceability solely because it is in electronic form”, thus considering a digital signature as valid as a ‘wet signature’, its equivalent on paper. This guarantees that digital signatures are legally binding in the US.

UETA likens the legal equivalence of electronic records and signatures with paper writings and ‘wet signatures’, facilitating electronic commerce. UETA has been adopted by 47 states, the District of Columbia, Puerto Rico and the US Virgin Islands —Illinois, New York, and Washington have their own laws regarding digital signatures, but they cannot contradict ESIGN, since it’s a federal law.
In summary, both laws regulate and validate digital signatures in the US.

nebulaSUITE complies with both ESIGN and UETA, and its digital signature is therefore legally-compliant in the US.

What are the Requirements to Comply with ESIGN and UETA?

ESIGN Act defines an electronic signature as “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record”.

In addition, it states that:

“(1) A record or signature may not be denied legal effect or enforceability solely because it is in electronic form.

(2) A contract relating to such transaction may not be denied legal effect or enforceability solely because an electronic record was used in its formation”

The requirements that a digital signature must meet in order to be legally binding in the US are:

    • Intent: users must be able to accept the agreement.
    • Consent: users must be able to give their consent though a customized agreement.
    • Authentication: the solution used to sign a document must ensure that a signature can be attributed to its user — for example through digital certificates.
    • Record retention: copies of signed documents must be available for reproduction as required.

UETA, being a national law, must be in line with ESIGN.

How Does nebulaSUITE by vintegrisTECH Help You Comply with ESIGN and UETA?

In accordance with ESIGN, nebulaSUITE provides:

1. Authentication of the signer: multi-factor authentication adds value to the digital signature.

2. Agreement from the user to digitally sign the contract or document through a check-box.

3. An explanation regarding how the signature is created and its conditions of application (sign agreement). This document can be customized depending on the state and client, and must be signed and stored for later consultation or download.

4. Availabilty of both the signed document and the sign agreement for consultation and printing.

nebulaSUITE complies with both ESIGN and UETA, and its digital signature is therefore legally-compliant in the US.

Frequently Asked Questions – FAQs

1. Are Digital Signatures the Same as Electronic Signatures?

Although both terms are used interchangeably, they are not synonymous:

      • Electronic signatures are the ones required to sign a document.
      • Digital signatures, in addition, encrypt the document through an algorithm, guaranteeing that the signatory is really who they claim to be, and thus offering a higher level of security.

2. Are All Digital Signatures Legally Binding?

Short answer: no.

eIDAS establishes 3 types of digital signature:

Digital signatures: Article 3 of eIDAS defines them as:

“data in the electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

Advanced Digital Signatures: according to Article 26 of the eIDAS, they must meet the following criteria:

      • They are uniquely linked to the signatory.
      • They are capable of identifying the signatory.
      • They are created using electronic signature creation data that the signatory can use under his sole control.
      • They are linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

Qualified digital signatures: in addition to complying with the characteristics of advanced digital signatures:

      • They have the legal equivalence of handwritten signatures.
      • They have the guarantee of mutual recognition within the EU.
      • They can be issued by a Certification Authority (CA), accredited by the authorities of the European Union.
      • They are base don qualified digital certificates, issued by such Certification Authorities (CA), which in turn must be stored in a qualified signature creation device, such as a smart card, USB token or trusted service on the cloud.
      • They offer higher levels of security.

3. What Are the Benefits of Using Legally-Compliant Digital Signatures?

Legally-compliant digital signatures are based on qualified digital certificates issued by a recognized Certification Authority (CA).

Qualified digital certificates protect the document through encryption, securing the information contained therein. These digital certificates —which contain data such as the expiration date of the certificate, a copy of the public key and the digital signature of the CA—  are used to generate digital identities to identity users and electronic devices, thus avoiding risks such as identity theft or forgery, or repudiation.

Need More Information?

Contact Us