Using GlobalSign Digital Signatures for eIDAS Compliance

GlobalSign's range of signing solutions support advanced and qualified electronic signatures and seals

 

Create Advanced and Qualified Electronic Signatures and Seals

eIDAS acknowledges that not all electronic signatures are created equal. Depending on the technology and validation behind the signature, some types of signatures are inherently more trustworthy than others and withstand higher legal scrutiny. To help facilitate interoperability and acceptance across borders, the regulation created a common framework for secure electronic signatures, including standardized assurance levels.

With GlobalSign's solutions, you can create advanced or qualified (the highest level) electronic signatures and seals. Signatures are in the name of individuals; seals are in the name of organizations or other corporate bodies.

eIDAS qualified trust mark

Qualified Certificates for Electronic Signatures & Seals

As a qualified trust service provider (QTSP), GlobalSign is able to provide certificates for qualified electronic signatures and seals.

  • Apply unlimited signatures and seals
  • Qualified signatures creation device (QSCD) included
  • GlobalSign is an AATL member so signatures and seals are automatically trusted by Adobe and other leading programs

Qualified electronic signatures and seals are available to individuals and organizations through GlobalSign’s token-based deployment. In keeping with eIDAS requirements, each signing identity, whether individual or corporate body, is verified and issued a qualified certificate stored on a qualified signature creation device (the token).

Buy Qualified Certificates for Electronic Signatures

Qualified electronic signatures are in the name of individuals and:

  • Have the same legal effect as handwritten signatures
  • Must be recognized and accepted across all member states of the EU.

electronic signature

1 Year - -

2 Year - -

3 Year - -


Buy Qualified Certificates for Electronic Seals

Qualified electronic seals are in the name of organizations or other corporate bodies and:

  • Presume the integrity and origin of the document
  • Must be recognized and accepted across all member states.

Note: Due to vetting restrictions, this offering has limited availability outside Europe.


electronic seal

1 Year - -

2 Year - -

3 Year - -

Advanced Electronic Signatures & Seals from GlobalSign

GlobalSign’s standard line of digital signature certificates and solutions meet the requirements for advanced electronic signatures and seals because they are:

  • uniquely linked to the signatory;
  • capable of identifying the signatory;
  • created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control;
  • linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

Advanced electronic signatures and seals are available to individuals and organizations through GlobalSign’s standard range of deployment options, including:

Signing certificates stored on USB tokens

Individual Certificates

Individual or organization signing certificates on cryptographic USB tokens

1 Year - -

2 Year - -

3 Year - -

Signing certificates stored on USB tokens

Bulk Certificates

Purchase tokens in bulk to lower costs and centralize certificate management

  • Volume discounts
  • Lifecycle & user management via Managed PKI platform
  • Dedicated GlobalSign account manager

Signing certificates stored on USB tokens

Digital Signing Service

Completely cloud-based service integrates directly with document workflows

  • No hardware to manage
  • Support high volume signing
  • Use existing integrations (e.g., Adobe Sign) or build your own

Signing certificates stored on USB tokens

Certificates on HSMs

Certificates are stored on on-premises or service provider (e.g., AWS hardware) HSMs

  • Organization/ department identities only
  • Requires PKI knowledge to configure integration
  • Supports high volume signing

Featured Resources

FAQs

1. What Is eIDAS?

eIDAS is a European Union (EU) regulation focused on enhancing trust in electronic transactions between citizens, businesses and public authorities cross-borders. A major component of the regulation was the creation of a common framework for secure electronic signatures, including standardized assurance levels, to facilitate interoperability and acceptance across EU and European Economic Area (EEA) member states.

2. How does eIDAS define and classify electronic signatures?

Under eIDAS, an electronic signature cannot be denied legal effect and admissibility just because it is electronic. However, the regulation acknowledges that, depending on the technology and validation behind the signature, some types of signatures are inherently more trustworthy than others and withstand higher legal scrutiny. That is, they are more reliably linked to the person signing the document, can protect the integrity of the document and, at the highest level, can carry the same legal effect as a handwritten signature. eIDAS defines three types of electronic signatures.

  • Electronic Signatures - the most basic and broadest electronic signature classification, eIDAS defines these as, “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”
  • Advanced Electronic Signatures (AdES) - must meet additional requirements specifically set out by the regulation, including the ability to uniquely link to the signer, validate the signer’s identity, and detect subsequent changes to the signed data. PKI-based digital signatures, those applied with a digital certificate, meet these requirements.
  • Qualified Electronic Signatures (QES) - must meet the AdES requirements, but also must be created with a qualified certificate that itself has to be stored on a qualified signature creation device (QSCD). Qualified certificates can only be issued by an eIDAS-accredited, qualified trust service provider (QTSP). QES have the equivalent legal effect of a handwritten signature and must be recognized across borders (i.e., a QES based on a qualified certificate issued in one Member State must be recognized as a QES in all other member states).

GlobalSign offers a range of digital signing solutions and can support advanced and qualified electronic signatures.

3. What is a qualified signature creation device (QSCD)?

QSCDs are purpose-built devices that ensure the generated signature creation data is managed by a qualified trust service provider (QTSP), only the signatory has control over their private key, and the signature creation data is unique, confidential and protected from forgery.

4. What are electronic seals?

Electronic seals are similar to electronic signatures, but instead of an individual person signing, it is an organization or other corporate body signing or “sealing” the document to ensure its origin and integrity. The same assurance levels and associated legal effects apply to seals, with PKI-based digital signatures generally meeting the requirements for advanced electronic seals and a qualified certificate from a qualified trust service provider required for qualified electronic seals.

GlobalSign supports advanced and qualified electronic seals.

5. What does it mean to be a qualified trust provider (QTSP)?

Being a QTSP means GlobalSign’s qualified trust services, in this case qualified electronic certificates used for qualified signatures and seals, ensure a higher level of security and legal assurance that is standardized and accepted across the EU. In order to become a QTSP, GlobalSign underwent a stringent conformity assessment to ensure all associated processes meet the requirements established by eIDAS.

Only QTSPs can provide qualified trust services and appear on the EU’s Trust List. If an entity is not on that list, they are not entitled to provide qualified trust services.