.jpg)
EU-UK Spotlight: Renewables, trade, and the global supply chain
Glossary: E-Signatures Advice for execution of commercial agreements by corporate entities
Cross-report glossary
Advanced Electronic Signature or 'AES'
An Advanced Electronic Signature as defined by the EIDAS Regulation, means an electronic signature which:
- is uniquely linked to the signatory;
- is capable of identifying the signatory;
- is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
eIDAS Regulation means regulation (EU) No 910/2014 of the European Parliament and of the Council, of 23 July 2014 on electronic identification and
trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Put simply, following the UK withdrawal from the EU the eIDAS Regulation was adopted into UK law and slightly amended, which means that the eIDAS
terms used in this Guide are applicable to English law too.
Electronic Identification ("eID")
Electronic Identification means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person.
Qualified Certificate for electronic signatures
A Qualified Certificate for electronic signatures, as defined by the EIDAS Regulation, shall contain:
- an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic
signature; - a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least, the member state in
which that provider is established and: — for a legal person: the name and, where applicable, registration number as stated in the official records, —
for a natural person: the person’s name; - at least the name of the signatory, or a pseudonym; if a pseudonym is used, it shall be clearly indicated;
- electronic signature validation data that corresponds to the electronic signature creation data; (e) details of the beginning and end of the certificate’s
period of validity; - the certificate identity code, which must be unique for the qualified trust service provider;
the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point is available free of
charge; - the location of the services that can be used to enquire about the validity status of the qualified certificate;
- where the electronic signature creation data related to the electronic signature validation data is located in a qualified electronic signature creation
device, an appropriate indication of this, at least in a form suitable for automated processing.
Qualified Electronic Signature Creation Devices or 'QES Creation Devices'
Qualified Electronic Signature Creation Devices as defined by the EIDAS Regulation, shall ensure, by appropriate technical and procedural means, that at least:
- the confidentiality of the electronic signature creation data used for electronic signature creation is reasonably assured;
- the electronic signature creation data used for electronic signature creation cannot, with reasonable assurance, be derived and the electronic
- signature is reliably protected against forgery using currently available technology; and
- the electronic signature creation data used for electronic signature creation can be reliably protected by the legitimate signatory against use by
others. Qualified electronic signature creation devices shall not alter the data to be signed or prevent such data from being presented to the signatory
prior to signing.
Generating or managing electronic signature creation data on behalf of the signatory may only be done by a qualified trust service provider. Without prejudice to point (d) above, qualified trust service providers managing electronic signature creation data on behalf of the signatory may duplicate the electronic signature creation data only for back-up purposes provided the following requirements are met:
- the security of the duplicated datasets must be at the same level as for the original datasets; and
- the number of duplicated datasets shall not exceed the minimum needed to ensure continuity of the service.
Qualified Electronic Signature or 'QES'
A Qualified Electronic Signature as defined by the EIDAS Regulation, means an Advanced Electronic Signature that is created by a QES Creation Device, and which is based on a Qualified Certificate for electronic signatures.
A QES shall have the same legal effect as a handwritten signature and a QES based on a certificate issues by one member state will be recognised as a QES in all other member states.
Simple electronic signature or 'SES':
A simple electronic signature is an electronic signature which is not given special status by the EIDAS Regulation but which involves data in electronic form which is attached to or logically associated with other date in electronic form and which is used by the signatory to sign.
A simple electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.