Skip to main content

Hi,

Does our digital signature solution in IFS/Document Management comply to the EIDAS regulation?

Thanks in advance for your reaction.

Best regards,

Martin 

Hi Martin,

Thanks for asking here.

At this moment we don’t know the answer to that question, since we have not looked into EIDAS. I can just mention that, in general, the way we digitally sign PDF files, is according to the standard for adding digital signatures to PDF files.

If EIDAS imposes additional requirements on top of that, then it’s not clear if we are compliant with those until someone investigates it. There are no such plans.

/Mathias

 


Thanks for your (as usual) quick reply, Mathias :-)


@Mathias Dahl 

Hi Mathias,

The customer now comes back with the question to which standard you are referring and if there is some kind of proof (e.g. a certificate) that we do comply to that standard.

Thanks in advance again :-)

Best regards,

Martin


Hi,

For me, just the fact that the digital signatures shows/works as they should is proof, for me. But perhaps that argument will not be accepted by the customer.

@Daniel Svantesson , can you shed some light on this? 

/Mathias

 


EiDAS recognizes three types of e-signatures.

  1. Electronic signatures

    eIDAS sets a foundation for all electronic signatures by asserting that no signature can be denied legal admissibility solely because it's in electronic form. This requirement can be met with typical e-signatures.

  2. Advanced Electronic Signatures (AdES)
    With AdES, signatures must be uniquely linked to and capable of identifying, the signer. Signers create their signature using data solely under their control and the final document is tamper-evident. This requirement can be met with digital signatures.

  3. Qualified Electronic Signatures (QES)
    QES is a strict form of AdES and the only signature type given the same legal value as handwritten signatures. It requires signers to use certificate-based digital ID issued by a qualified EU Trust Service Provider (TSP), along with a qualified signature creation device (QSCD), such as a smart card, USB token or mobile app that creates a one-time passcode.

Our internal PDF signature, that can be signed when printing or from DOCMAN applies Electronic Signatures. This is type no 1 above. We do not fulfill the requirements of 2 and 3.


Hi, Apparently, I still have to get used to the IFS Community options... I didn't receive any notification of the above answers, so I saw them only just now. Thanks for your reactions, @Mathias Dahl and @Daniel Svantesson!


Hi, Apparently, I still have to get used to the IFS Community options... I didn't receive any notification of the above answers, so I saw them only just now.

@KristenGastaldo Are there known problems here? Most of the time it works for me but I have the feeling that sometimes I don’t get the notifications I should. Did you get reports about this?