The right signature solution for every business transaction
It still exists - the signature folder. But in the course of digitalization, it too will become an artefact of analogue work in the near future. Electronic signatures are already available today at different levels, which can be used depending on the occasion. In this blog post, we look at all the important questions surrounding this topic.
Why do we need electronic signatures?
The legal requirements were standardized and improved throughout Europe with the eIDAS Regulation (see source). Since then, qualified electronic signatures and seals have been recognized across borders in Europe and are also increasingly finding their way into everyday working life in public administrations in Germany.
As electronic documents and data do not inherently have any integrity and authenticity this is created by digital signatures and/or seals. They are based on a cryptographic process that uses key pairs to prove the undeniable authorship and non-alterability of a document or data record. Users can use these key pairs at different levels of trust, which in turn - and this is where the circle closes - depend on the quality of the identity.
One option for applying electronic signatures or seals is Governikus DATA Sign - our signature and seal platform. This can be used as a web application or it can be integrated into the desired specialist procedure. As part of the IT Planning Council application, DATA Sign is available to all institutions from the (German) Federal Government, federal states and municipalities, which makes integration simple and straightforward.
Which signature level is the right one?
Signature or seal?
An electronic seal can replace the conventional authority/company stamp. In conjunction with the recently passed OZG Amendment Act, it simplifies further and secure digitization in the administration (see source). It is therefore very frequently used at a qualified level. A qualified electronic seal is designed to guarantee the integrity and origin of an electronic document. It differs from a qualified electronic signature, which is used to confirm the identity of a natural person and is therefore issued to an authority or a company, for example.
An electronic signature replaces the conventional signature of a natural person and is therefore always linked to an individual person. The signature is used to ensure the authenticity and integrity of a document and to confirm the identity of the signatory. Qualified electronic signatures have a special legal effect: they are legally equivalent to handwritten signatures and must be recognized as such in all EU member states. Their legal validity and probative value are recognized from the outset. This is the highest level of signature, but signatures at simple and advanced levels can also be used.
What does this mean in practice?
Simple signature
In theory, no signature solution is required for a simple signature. Each of us can, for example, attach a signature to the end of an e-mail in our e-mail inbox or insert an image of our analog signature as an image in a document and would therefore simply sign at this level. This is not much more than an "optical image" and does not generate any security guarantees, as the cryptographic processes mentioned above are not used. This also harbors many risks because the person receiving the message cannot check whether it really comes from the person in question. This signature is not considered legally secure, but we all use it in "everyday office communication".
Advanced signature
The situation is different with advanced signatures. Here, an individual, digital certificate is assigned to a person (whose identity is verified), which is stored with a trust service provider. It is created using electronic cryptographic means and linked to the data to be signed so that any changes to the data can be identified. This ensures the integrity of a document. In addition, the recipient is able to validate the identity. In practice, it can be used to sign documents that are not subject to legal formal requirements, i.e. they can also be concluded verbally and with a handshake.
Qualified signature
The qualified signature has the highest level of security and the strongest legal effect. Even if the advanced signature can confirm the integrity of a document and the identity of the signatory has been verified in advance and can be validated by third parties, it still does not meet the requirements to replace the written form on paper and fulfill the highest level of trust. This is because the identity of the person signing must have been confirmed by a qualified trust service provider (QVDA). This is then recorded by means of a qualified certificate. Qualified signatures therefore fulfill all the requirements of an advanced signature, but must also be created with a qualified certificate and using an authentication procedure. Users notice this immediately, as a two-factorauthentication, e.g. by tapping on a telephone/mobile phone as a second factor, is essential for a qualified signature. In practice, this means that All documents that require the written form must be signed with an electronically qualified signature in order to be legally valid.