The eIDAS Regulation, or Regulation (EU) No 910/2014, is a regulation of the European Union that establishes a legal framework for electronic identification and trust services for electronic transactions within the Single Market. In simpler terms, it aims to create a system where electronic signatures are recognized and accepted across all EU member states. Prior to eIDAS, electronic signatures existed in a fragmented landscape. Each country had its own regulations and standards.
The eIDAS Regulation was adopted in 2014 and became effective across the EU in 2016. It established a harmonized legal framework for:
Electronic Identification (eID): Securely authenticating individuals online.
Electronic Signatures: Guaranteeing the integrity and authenticity of electronically signed documents across the EU.
Trust Services: Including electronic seals, time stamps, and registered delivery services, supporting secure online transactions.
The eIDAS Regulation recognizes that not all electronic signatures are created equal. Depending on the level of security and legal weight required, eIDAS defines three distinct signature types:
Simple Electronic Signature (SES) | Advanced Electronic Signature (AES) | Qualified Electronic Signature (QES) |
The broadest category of electronic signatures. It includes any electronic data that is attached to or logically associated with other electronic data and used by the signatory to sign. | Must be uniquely linked to the signatory, capable of identifying the signatory, and linked to the data signed with it in such a way that any subsequent change in the data is detectable. | Provides the same guarantees as AES, but is based on a qualified certificate issued by a trusted provider. |
It involves associating data with a signatory, but offers no guarantees about the signer’s identity | Can be linked to the signer's identity | This ensures the strongest link between the signature and the signatory, similar to a handwritten signature with a notary stamp. |
No obligation regarding data integrity | Data integrity is guaranteed | Data integrity is guaranteed |
Low-risk scenarios | Moderate-risk scenarios | High-risk scenarios |
Transactions without substantial dispute risk or legal requirement for a higher level of signature. | Documents requiring a higher level of identity verification and data integrity but not necessarily carrying the legal equivalence of a handwritten signature. | High-value or legally sensitive documents that require the highest level of assurance and legal recognition, such as legal contracts, government forms, and documents in cross-border transactions within the EU. |
Examples: routine internal business documents not requiring high responsibility, non-legal agreements. | Examples: internal documents, contracts, and agreements with suppliers where enhanced trust is desired, NDAs, SLAs. | Examples: Partnership agreements, public procurement, public tender. |
Applicability of eIDAS in France
Here are specific French national laws and regulations that complement and implement the eIDAS framework:
All electronic transactions within the French Market, regardless of size or nature, fall under eIDAS regulations.
French national laws, such as the Digital Trust Act (LDC) and Decree No. 2016-1321, provide additional specifics and requirements for the application of eIDAS in France.
ANSSI is responsible for enforcing eIDAS, they perform several key functions:
Granting and withdrawing qualified status: ANSSI verifies and grants the "qualified" status to Trust Service Providers (TSPs) offering qualified electronic signatures and related services within France.
Ensuring security of identification means: ANSSI sets the national security requirements for electronic identification means used within France, ensuring their compliance with eIDAS standards.
Promoting eIDAS adoption: ANSSI provides information and guidance to businesses and citizens about eIDAS and its benefits.
For more information on the specifics of eIDAS applicability and ANSSI's role in France, please refer to the official ANSSI page.
Stay compliant with Tomorro
In addition to our comprehensive contract management services, Tomorro offers you the capability to natively sign all your contracts within one solution. Our electronic signature is fully compliant with the eIDAS regulation.