European Union: eIDAS Regulation
Is Portant compliant: Yes.
Portant's eSignatures meet the requirements of the EU's eIDAS Regulation (Electronic Identification, Authentication and Trust Services) at the Simple Electronic Signature (SES) level, with several Advanced Electronic Signature (AES) features also supported. This page covers when eIDAS applies, the three signature levels, and how Portant lines up.
Overview of the eIDAS Regulation
The eIDAS Regulation (EU Regulation No. 910/2014) provides the framework for secure electronic identification and trust services across all EU member states. It sets the legal standards for electronic signatures, electronic seals, and other trust services so that electronic transactions can move freely within the EU.
- Location: Applies to all European Union member states.
- Purpose: Gives electronic signatures the same legal recognition as handwritten signatures when they meet the right criteria.
- Key components: Categorises electronic signatures into three levels: Simple Electronic Signature (SES), Advanced Electronic Signature (AES), and Qualified Electronic Signature (QES).
When and where eIDAS applies
- Type of transactions: Most commercial, governmental, and personal transactions that traditionally need a written signature, including contracts, agreements, and acknowledgments.
- Jurisdictions: All EU member states. Electronic signatures that meet eIDAS criteria are legally binding across the EU.
- Consent: All parties must agree to use electronic signatures.
Compliance requirements and how Portant meets them
| Compliance requirement | Description | Portant's compliance features |
|---|---|---|
| User consent | Parties must consent to use electronic signatures. | Portant prompts users to confirm consent before signing. |
| Document integrity | Documents must remain secure and unaltered after signing. | Signed documents are locked and cannot be modified. |
| Audit trails | Records of the signing process provide evidence of validity. | Portant maintains logs of every stage in the signing process, with timestamps. |
| Time stamping | Verifiable timestamps support legal authenticity. | Every signed document is timestamped. |
| Data protection | Data handling must align with EU GDPR. | Portant uses encryption and secure storage to comply with GDPR. |
| Role-based access control | Access must be limited to authorised individuals. | Viewing, signing, and management permissions are restricted to designated users. |
eIDAS signature levels
Under eIDAS, electronic signatures fall into three levels of assurance. Portant fully supports SES and includes several features compatible with AES, covering most everyday business use cases.
| Signature level | Description | Portant's compliance |
|---|---|---|
| Simple Electronic Signature (SES) | Basic level, suitable for most business transactions. | Compliant. Portant provides SES functionality with consent, integrity, and audit trails. |
| Advanced Electronic Signature (AES) | Higher security level. Requires strict identification and control criteria to uniquely identify the signer. | Partial compliance. Portant supports audit trails, integrity verification, and timestamping, but does not include biometric verification or advanced signer identification, which are needed for full AES compliance. |
| Qualified Electronic Signature (QES) | Highest level. Legally equivalent to a handwritten signature in court. Requires a qualified certificate from a trust service provider. | Not compliant. Portant does not currently provide QES, which requires certificates from a qualified trust service provider. |
Note: Portant's eSignatures primarily sit at the SES level, which covers most transactions. For higher-assurance use cases that require AES or QES, you may need additional verification methods or an external qualified provider.
Practical considerations
- Get clear consent. All parties must agree to use electronic means. Portant's interface includes consent prompts to support this.
- Lock signed documents. Portant's document integrity feature seals signed documents to preserve their authenticity.
- Keep comprehensive audit trails. See Audit trail for how to enable a full signing audit on a workflow.
- Pick the right signature level. SES suits most transactions and is fully supported. AES is partially supported. QES requires an external qualified trust service provider.
- Watch for exceptions. Certain legal documents (wills, property transfers, notarised documents) may still need a handwritten signature.
Conclusion
Portant's eSignatures meet the EU's eIDAS Regulation at the SES level, with partial support for AES. That covers the legal requirements for most business transactions across the EU. For high-assurance transactions that require AES or QES, additional verification or an external qualified provider may be necessary.
If you have questions about compliance, get in touch.