Complete guide on Regulation (EU) 910/2014 to ensure your electronic signature has full legal validity throughout Europe
Within the digital transformation framework, electronic signature is configured as an essential tool for companies. But for this form of identification to have full legal validity, it must adapt to current regulations which, in Europe's case, is Regulation (EU) 910/2014 (eIDAS), complemented in Spain with Law 6/2020, which regulates certain aspects of electronic trust services.
Knowing the parameters of eIDAS electronic signature is essential to ensure regulatory compliance in this matter and to understand what advantages it offers for companies.
Ensures your documents have the same validity as hand-signed ones
Your signature is valid in all 27 European Union countries without additional procedures
Regulatory framework that generates trust in electronic transactions
eIDAS is the acronym for electronic Identification, Authentication and trust Services. The eIDAS Regulation regulates a harmonized legal framework for electronic transactions within the European Union (EU).
Its objective is to unify the rules regarding electronic identification, authentication and trust services. This way, the legal validity of electronic signatures recognized in one Member State extends to all others. This greatly facilitates cross-border transactions and contributes to the development of the digital single market.
eIDAS is not the first European regulation on electronic transactions. Previously, the Electronic Signatures Directive, approved in 1999, was in force. This standard formally declared that electronic signatures were legally equivalent to handwritten signatures within Member States' territory. But each country had freedom to establish its internal regulations on electronic transaction security.
Hence the need to articulate uniform regulations that arrived in 2014 through eIDAS (which replaced the 1999 Directive).
Current regulation covers various electronic trust services that go beyond traditional electronic signatures:
Current electronic signature regulation has achieved that it has the same legal effects as a traditional handwritten signature. Thus, citizens and companies can sign contracts and documents electronically, with the confidence of knowing they will be accepted in any European country (as long as the requirements established by the Regulation are met).
Electronic signature in Spain is regulated by eIDAS and Law 6/2020. Both regulations impose a series of rigorous requirements that must be met for digital signatures and other trust services to be reliable and valid throughout the European Union territory.
Any entity offering services of creating or verifying digital signatures, electronic seals, time stamps, etc., is considered a service provider. All must comply with a series of security and supervision obligations.
In Spain's case, providers are subject to notification and control by a supervisory body, which is the Ministry of Economic Affairs and Digital Transformation.
Providers must notify this Ministry of the start of their activity to become part of the public list of authorized trust services.
If the provider wishes to offer qualified services, they need prior compliance verification. An accredited body verifies whether they meet eIDAS requirements and, if so, grants them 'qualified provider' status and they become part of the National Trust List.
It's fundamental to ensure the correct identity of signers and the veracity of data in certificates.
Physical verification in office
With equivalent guarantees
In Spain, internal regulations require that qualified certificates indicate, among other data, the interested party's DNI/NIF.
All service providers, qualified or not, must adopt appropriate technical and organizational measures to manage security risks inherent to the service they provide.
They are obligated to maintain reliable systems that guarantee the integrity of signed data and custody of related information.
In Spain's case, there's an obligation to preserve information for 15 years.
For remote cloud services, the provider must ensure the environment is as secure as if the signature were made on a user-controlled device.
Required base guarantee
Qualified trust service providers must cover their civil liability with an economic guarantee of €1,500,000. This type of insurance must be increased by an additional €500,000 for each extra qualified service type offered. These amounts serve to compensate those affected in case of failures or damages caused by the service.
When the provider ceases activity, they must notify both users and the supervisory body two months in advance. So affected parties can take measures like migrating to another provider. If not done, the service provider may incur liability for damages caused.
Regarding eIDAS electronic signature, the Regulation requires notification without delay of any security breach or loss of integrity that may have significant impact on the trust service.
Ministry of Digital Transformation
Spanish Data Protection Agency (AEPD)
Affected users
The objective of this early alert is for authorities and users to take measures to avoid greater damage and restore trust in the system as soon as possible.
If this notification obligation isn't met, authorities can impose a quite high fine on the service provider.
In compliance with eIDAS, only natural persons can hold electronic signature certificates. Legal persons (companies and entities) obtain an electronic seal certificate. Although it's also possible for them to use an electronic signature when a duly authorized legal representative acts on their behalf.
Electronic signature certificate
Electronic seal certificate
SignaSuite works with qualified trust service providers, ensuring that all your signatures have full legal validity throughout Europe.
Free trial for 7 days
Choosing an electronic signature provider for companies (electronic seal certificate) is an important decision that requires time.
The key points to consider to ensure the right choice are:
Every eIDAS electronic signature provider must be officially recognized. Each State has its own Trust Lists which, in Spain's case, are managed by the Ministry of Economic Affairs and Digital Transformation.
This list can be consulted on the Ministry's website, in the 'Trust Electronic Service Providers' section, which includes both qualified and non-qualified providers.
It's essential to choose a provider listed in this registry, and preferably one with qualified provider status for the services offered. This implies they have passed a series of audits and controls certifying compliance with all eIDAS requirements.
For eIDAS digital signature, the electronic seal certificate in the case of companies, to be valid, the provider must comply with all applicable regulations. This implies respecting what's established in the European Regulation and Law 6/2020, but also other European technical standards on officially recognized signature formats.
A good provider is one capable of offering signatures in interoperable formats, so they can be verified by third parties without any problem.
For companies that need to interact with Public Administration, it's necessary to verify that the provider supports the standards and signature policies required by government electronic offices.
Compliance with security standards like ISO 27001 certification isn't mandatory, but it's a positive indicator of the seriousness and professionalism with which the service provider operates.
Regarding eIDAS digital certificate, the first step is identifying what type of electronic signature the business needs. From there it's easy to find a provider offering that signature level with corresponding guarantees.
Additionally, it's convenient to check if they offer additional services that may be useful, such as time stamping, certificate validation or custody of signed documents.
Secure electronic signature must integrate into workflows simply. It's essential that the provider offers a signature process that's comfortable for the end user and, at the same time, respects all security standards.
Last but not least, it's interesting to know what reputation the provider has. Additionally, it's advisable to choose one offering assistance in case of incidents and that can provide coverage in all countries where the contracting company operates.
24/7 in your language
For your team
Throughout Europe
eIDAS electronic signature distinguishes three levels with different requirements and legal effects.
Encompasses any electronic signature that doesn't meet specific security criteria imposed by regulations. For example, a scanned image of a handwritten signature on a paper document.
It's accepted as legal online signature, but in case of dispute additional evidence will be needed to prove the signer's identity and that the document hasn't been altered.
It's an intermediate level with more technical and legal guarantees than the previous one. It must meet four requirements:
This type of signature provides high trust level and significant evidentiary force before courts. It's used in documents like employment contracts or commercial agreements. However, the law doesn't grant automatic presumption of equivalence to handwritten. This means the burden of proving its authenticity falls on whoever presents it as evidence if challenged.
It's the highest and most secure level of electronic signature, meeting all requirements demanded by eIDAS in Spain.
For an electronic signature to be considered qualified it must:
By eIDAS Regulation provision, this type of signature has the same legal validity as a handwritten signature, and deploys its effects in all Member States.
| Feature | Simple | Advanced | Qualified |
|---|---|---|---|
| Security | |||
| Legal validity | Basic | High | Equivalent to handwritten |
| Ease of use | Very easy | Easy | Requires certificate |
| Cost | € | €€ | €€€ |
Our platform adapts to your needs, offering from simple signatures for internal documents to qualified signatures for high-responsibility contracts.
Discover how it worksIgnoring regulations regarding electronic identification, authentication and trust services can have serious consequences for both service providers and user companies.
Violations are classified as minor, serious and very serious, and sanctions can be:
Examples: Delays in notifications, minor administrative errors
Examples: Non-compliance with security measures, lack of audits
Examples: Serious security breach, fraud, recidivism
Besides the fine, the offender may:
Companies that rely on service providers who fail to meet their obligations may suffer:
Signed documents may not have legal validity
Difficulties in procedures with Public Administration
Costs from repeating processes and possible litigation
Loss of trust from clients and partners
Working with a non-qualified provider or one that doesn't comply with eIDAS can invalidate all your digital signature processes, creating serious legal and operational problems for your company.
We work exclusively with qualified trust service providers that meet all eIDAS Regulation requirements.
eIDAS Compliant
SignaSuite offers you all the tools to manage your documents with eIDAS-compliant electronic signature. From simple submissions to complex processes with multiple signers.
The use of eIDAS-compliant digital signatures has spread throughout Spanish business fabric, because it provides agility and security in multiple processes that companies must face daily.
Some practical examples are:
Closing commercial agreements with clients, suppliers or partners. Facilitates agreement signing without requiring interested parties to be gathered in the same physical space.
Financial management and accounting documents. Used to give payment orders, approve expenses, perform accounting closing, and even issue electronic invoices.
Human resources and telework. It's possible to remotely sign employment contracts, confidentiality agreements and many documents, without requiring the employee to travel to company offices.
Interaction with Public Administrations. In this case, companies are required to interact with the Administration through electronic means, and having the representative's digital certificate or electronic signature is essential for submitting documentation. For example, to request a grant or participate in public works bidding.
In signature processes
Paper and shipping
Throughout the EU
Sign without schedules
eIDAS and its transposition into Spanish legislation have created a European-level approved and secure system for both digital signatures and trust services, from which companies benefit enormously.
Complying with this Regulation allows paperless international operations, always with the certainty that signed agreements will be fully valid in any European Union country.
While achieving reduction of bureaucratic obstacles and all tasks associated with paper document administration. It can therefore be an important source of competitive advantage over companies that are still beginning their digital transformation and haven't reached this point.
However, to ensure maximum security and reliability, it's essential to choose a service provider that is properly accredited and, if possible, qualified.
If you want to know more about eIDAS electronic signature, you can consult these official resources:
Electronic signature information from the Government of Spain
Access portalAt SignaSuite we strictly comply with the eIDAS Regulation and Law 6/2020. We work with qualified trust service providers to ensure that all signatures made through our platform have full legal validity throughout the European Union.
We help you implement electronic signatures compliant with European regulations
Implement 100% legal electronic signature with SignaSuite