FAQ: Frequently asked questions about electronic signature

Article content

#1 What is an electronic signature and what are its levels?

In relation to European legislation, electronic signature is a legal concept that has different levels. They differ from each other primarily in the legal certainty they provide.

1. Simple electronic signature

A simple electronic signature (SES) refers to data in electronic form that is connected or logically associated with other data in electronic form and that the signer uses for signing.

This type of signature is used to identify the signing natural person (guarantees that the document was signed by a specific person at a specific time). A simple electronic signature does not have a qualified status and its legal certainty depends on the quality of its execution. It is used in internal company processes or for signing documents of lower importance (for example, it can be a signature in an e-mail, a signature scan, a digital signature, etc.). It is suitable for transactions worth tens to hundreds of euros.

2. Advanced electronic signature

An advanced electronic signature (AdES) is an electronic signature that meets the requirements set out in Article 26 of the eIDAS Regulation (it is uniquely linked to the signer, enables the identity of the signer to be determined, is created using data for electronic signature generation that the signatory may use under their exclusive control with a high level of confidence. It is also linked to the data it signs, so that any subsequent changes to the data can be detected).

This type of signature is used, for example, when signing business contracts, insurance contracts, leasing contracts, etc. However, it is not suitable for communication with state authorities, where the use of a qualified electronic signature is required.

We recognize two types of advanced electronic signatures:

• advanced electronic signature without qualified status – suitable for financial transactions worth thousands of euros,

• advanced electronic signature with qualified status – suitable for transactions worth tens to hundreds of thousands of euros.

3. Qualified electronic signature

A qualified electronic signature (QES) is an advanced electronic signature created using a qualified device for creating an electronic signature and based on a qualified certificate for electronic signatures and is considered the equivalent of a handwritten signature.

A qualified electronic signature with a qualified timestamp is at the level of a notarized signature and cannot be rejected as evidence in court. It is used not only in B2B and B2C relationships, but also in communication with public authorities (commercial or trade registry services, communication with financial administration, courts, etc.). It is suitable for transactions without a value limit.

#2 What legislation regulates the electronic signature?

The legal framework for the European signature is defined at the regional level and is perceived with partial differences in individual jurisdictions.

European Union (EU) legislation

Within the EU, the electronic signature is governed by Regulation of the European Union no. 910/2014 on electronic identification and trusted services for electronic transactions in the internal European market (known by the abbreviation eIDAS), which created standards for electronic signatures, qualified digital certificates, electronic seals, electronic time stamps and other types of authentication mechanisms.

This regulation ensures legal binding and mutual recognition within all countries of the European Union. The regulation is transposed to Slovak conditions through Act No. 272/2016 Coll. on trusted services for electronic transactions in the internal market (hereinafter referred to as the Trust Services Act).

United Kingdom (UK) legislation

The eIDAS regulation is also included in the legislation of the United Kingdom, but with slight modifications resulting from the country’s withdrawal from the European Union. The UK eIDAS legislation retains many aspects of the EU regulation but is also adapted for use in the UK.

UK eIDAS sets out the rules for UK trust services and creates the legal framework for the provision and effectiveness of electronic signatures, electronic seals, electronic timestamps, electronic documents, electronic registered delivery services and website verification certification services.

United States (USA) legislation

Electronic signature in the US is regulated by two laws:

• ESIGN (Electronic Signatures in Global and National Commerce Act) – a federal law that regulates the use of electronic signatures in all states of the United States of America

• UETA (Uniform Electronic Transactions Act) – the law on uniform electronic transactions, which is recognized by all US states except New York and Illinois

#3 Is a scanned signature considered a form of electronic signature?

A scan of a handwritten signature is an example of a simple electronic signature. Such a signature has a low degree of security, minimal or negligible legal certainty, and the law does not specify how it should look.

If in specific cases the law does not mandate the use of a handwritten physical signature, notarized signature or QES, it is possible to use any form of electronic signature – that is, even a simple electronic signature, which is commonly used, for example, when issuing invoices.

Our tip: As a simple electronic signature, we recommend using a digital signature through the NFQES platform, with which we can ensure the authenticity, integrity and non-repudiation of the document for free.

#4 What is a qualified electronic signature (QES)?

A qualified electronic signature (QES) represents information logically connected to an electronic document, which, subject to the fulfillment of the conditions defined in Act no. 272/2016 Coll. on trusted services and Regulation (EU) no. 910/2014 (eIDAS) makes it possible to reliably and unequivocally verify the identity of the signed subject and demonstrate the immutability of signed documents at the time of their signing if a qualified timestamp was also used. It is therefore equivalent to a notarized signature, and the signed subject cannot claim that he did not make the signature.

QES can only be issued by a certification authority – a company that is a provider of trusted services and is registered in the trusted list of providers.

Certification authority Brain:IT covers the NFQES platform, which enables the use of all types of electronic signatures according to eIDAS.

In terms of level, it is an advanced electronic signature with a qualified status, which is placed on a qualified device (so-called QSCD device). This can be a card, a valid ID or a qualified server in the case of remote signing. The mentioned signatures require different approaches when verifying a person – for an advanced electronic signature with a qualified status, a video call is sufficient, for a qualified electronic signature, a personal meeting or the use of another QES is required.

A qualified electronic signature replaces a handwritten personal signature and provides the highest security and legal force of a handwritten signature. Therefore, it is used when signing various contracts, such as an insurance contract, an employment contract, a confidentiality agreement, and the like.

#5 What is a guaranteed electronic signature?

Guaranteed electronic signature (GES) is a term that was used in Slovakia in the past. Sometimes there is a false claim that GES and QES are equivalent, but this is not the case.

Guaranteed electronic signature (GES) is an old format, or an old type of signature that was used in Slovakia before the implementation of the European eIDAS regulation. After the adoption of the European regulation eIDAS, terms and definitions related to electronic signatures were harmonized.

In the new legislation, only the term qualified electronic signature (QES) is used. Since the adoption of the eIDAS legislation, GES has been considered an advanced electronic signature and is not a qualified electronic signature. Nowadays, GES is no longer issued and is only used within the framework of the sustainability of old signed documents.

#6 What is a qualified timestamp for?

The eIDAS regulation defines an electronic timestamp as data in electronic form that binds other data in electronic form to a specific time, thereby forming evidence of the existence of this other data at a given time. A qualified electronic timestamp is defined as follows:

• It associates the date and time with the data in a way that reasonably prevents the possibility of undetectable data change,

• It is based on an accurate time source linked to coordinated world time and

• It is signed with an advanced electronic signature or sealed with an advanced electronic seal of a qualified trusted service provider or an equivalent method.

A qualified electronic timestamp is therefore used for a qualified time verification of a document. Adding a timestamp to a document ensures that the document is verified at the time it was added. This time data is legally verified and undeniable, therefore the timestamp prevents falsification of the time of signing the document.

#7 Is an electronic signature legally equivalent to a handwritten signature?

Slovak legislation accepts only a qualified electronic signature (QES) as the equivalent of a handwritten signature for communication with the state. For communication within the European Union, an advanced electronic signature can also be considered the equivalent of a handwritten signature.

#8 Is a qualified electronic signature created by an ID card also valid in countries other than Slovakia?

Yes, the eIDAS regulation guarantees the recognition of the QES of one member state within the entire European Union. Switzerland also recognizes qualified electronic signatures. In international relations, an advanced electronic signature with a qualified status is also commonly recognized.

#9 How to electronically sign a document?

The electronic document can be signed through the NFQES.com website. This platform allows you to create:

• simple electronic signature – digital signature: the lowest level of electronic signature, which enables the electronic signature of a pdf document, while guaranteeing its authenticity and inviolability at the time of signing,

• advanced electronic signature without qualified status – electronic signature: a basic level of authentication that allows identification of the physical person who created the electronic signature (use for personal documents, signing contractual documents, signing requests),

• advanced electronic signature with qualified status – advanced electronic signature: an advanced electronic signature providing a higher level of authentication, trustworthiness and unequivocal proof of signature by the relevant person that requires a certificate for electronic signature (use for legal contracts and agreements, financial transactions, business correspondence, international transactions );

• qualified electronic signature – enables the natural person who created it to be reliably and unequivocally identified and completely replaces the written form of a handwritten signature (use for legal acts, communication with the state and public authorities, and communication in the private sector):

• in the form of a remote signature, without the need to connect anything to the computer,

• on an ID card or any QSCD card.

All certificates can be obtained conveniently at zone.nfqes.com

#10 What is a BOK code and how to get it?

BOK is an abbreviation for security personal code. It is a 6-digit code that confirms the identity of the holder of the electronic identification card (ID card with a chip) when communicating electronically with public administration bodies, other natural persons or legal entities.

The BOK code is chosen by the holder of the electronic identity card when applying for its issuance, or through the relevant application equipment. During the period of validity of the identity card, the holder can change it.

If, during electronic communication, the holder enters the BOK code incorrectly 5 times in a row, electronic communication is blocked. Unblocking is performed upon request by the documents department of the SR Police Force, which also performs requests in case of loss or forgetting of the BOK code.

#11 What are QES PIN and QES PUK for?

QES PIN is a 6-digit code used to create a qualified electronic signature. It is a means of two-factor authentication that serves as security protection against the creation of a qualified electronic signature by an unauthorized person. After the third incorrectly entered code, the possibility of creating a QES is blocked.

QES PUK is an 8-digit code that is used for unblocking if the holder of the electronic identification card entered the PIN code incorrectly three times in a row. QES PUK is blocked after ten incorrectly entered values.

#12 Is the electronic signature valid even after printing the electronic document?

An electronic signature is only valid in a digital environment. If the document is signed with an electronic signature, after it is printed, the signature is not on it.

Therefore, notaries and lawyers perform the so-called guaranteed document conversion. This ensures that a new document is created from the original document, which, however, has the same legal effects and guarantees that the original document has not been changed during conversion.

Guaranteed conversion allows:

• transfer of a document from a paper form to an electronic one,

• transfer of a document from electronic to paper form,

• converting a document from an electronic form to an electronic one (e.g. changing the document format).

#13 What are the purposes of the electronic seal?

The eIDAS Regulation defines an electronic seal as data in electronic form that is attached or logically associated with other data in electronic form in order to ensure the origin and integrity of this associated data. The electronic seal works on the same principle as an electronic signature, however, unlike the e-signature for natural persons, it is intended for legal entities and public administration entities.

The electronic seal is thus the equivalent of an electronic signature, with the help of which it is possible to identify a legal entity with the information associated with an electronic document when it is signed online by a legal entity. It represents a basic level of authentication of a legal entity, but it does not guarantee legal certainty and may not always provide strong proof of the signer’s identity. To sign electronic documents on behalf of a legal entity, a certificate for an electronic seal issued by a certification authority is required. The issuer of such certificates for an electronic seal is a certification authority, that is, a company that charges customers fees for providing these services.

#14 How can an electronic signature be validated?

For information purposes, it is possible to verify the electronic signature in the Adobe Reader application, specifically in the “Signature Panel” section. It is also possible to verify a graphic signature in Adobe Reader – information about its validity is displayed after clicking on the signature.

A more reliable way is to use the NFQES platform for document verification. Such document validation verifies the existence of the signature, the certification of the signer and the integrity of the document itself.

#15 What does the term electronic identity mean?

The term electronic identity is used in relation to communication with the state. Law no. 305/2013 Coll. on the electronic form of the exercise of the powers of public authorities and on the amendment and supplementation of certain laws (the e-Government Act) defines the electronic identity of a person as a set of attributes that can be recorded in electronic form and that clearly distinguish one person from another, especially for the purpose of accessing information system or for electronic communication purposes. A person’s electronic identity is declared by person identification and verified by person authentication.

Resources