Is it safe to use electronic signatures?

digitalization

With the implementation of the eIDAS regulation, there are EU-wide uniform requirements for electronic signatures. A distinction is made between three levels of signatures:

  1. Electronic signature, also simple signature
    The electronic signature consists of data in electronic form and is linked to other electronic data.

  2. Advanced electronic signature
    The advanced electronic signature is an electronic signature that is uniquely assigned to the signatory and enables his or her identification. In addition, he must create this using electronic signature creation data that the signatory can only use under his sole control. It is linked to the signed data in such a way that a subsequent change becomes visible.

  3. Qualified electronic signature
    The qualified electronic signature is an electronic signature created with a secure signature creation unit and based on a qualified certificate.

The recommended use also differs due to the different strengths of the requirements for the various signature types and the associated effort.

Electronic signature

The simple electronic signature is the weakest form of signature and is best suited for transactions that involve little legal risk.
In the company, this is mainly suitable for internal documents, such as orders or travel expense reports. Technically, the electronic signature can be created, for example, by sending it by e-mail or by inserting the name of the signatory in a document.

Advanced electronic signature

The advanced electronic signature is an extended signature that simplifies the verification of validity in the event of a dispute and is therefore suitable for transactions that involve a medium legal risk. It is mainly suitable for B2B transactions, such as offers and contracts.

Companies enjoy a lot of freedom when it comes to implementation. The international standards PGP or S / MIME apply. Many products, such as Adobe Acrobat, now integrate the advanced digital signature.

Qualified electronic signature

The qualified electronic signature corresponds to a personal signature and thus offers the highest evidential value with digital signatures. It is therefore suitable for all transactions and companies for which a handwritten signature is required by law, such as consumer loans or temporary work.

The certificate used must be created by a qualified trust service. The Trust Services Act (VDG), which came into force on July 29, 2017, applies to German providers. In addition, the software and hardware used for signing - usually smart cards and card readers - must meet certain security requirements.
The BSI maintains a corresponding list for German products. Thanks to the underlying EU directives, signature products that are approved in other EU countries can also be used in this country.

Electronic seal

As with electronic signatures, there are also electronic seals. These correspond to the respective signature types. However, the signatory is not a natural person, but a legal person. They are suitable for securing the integrity of data for which a signature is not required, for example for bank statements. Certified products can be found on the BSI website. (bw)