Softline AG // Services // Information Security and IT Security // Security@Softline Workshops // Digital Signatures & eIDAS

Digital Signatures & eIDAS

The replacement of the handwritten signature is one of the primary drivers of digital transformation. The process of handwritten countersigning of a contract between two parties can take weeks and is not only time-consuming, but also costs money and human resources. A digital signature eliminates the need for printing, hand-signing (and thus the personal presence of the signatory), scanning and mailing – within just a few mouse clicks, contracts can be legally signed and transmitted by those responsible without a physical presence.

However, digital signatures extend to many more use cases, for example:

  •  Internal approval processes of any kind
  • Tender documents/e-tendering
  • Human resources documents (holiday applications, care leave requests, notice of termination, ...)
  • Employee leasing contracts
  • Running folders
  • Non-disclosure agreements (NDA)
  • Evidence of further training and certification
  • Travel expense reports/receipts
  • Authorisation of access and access rights
  • Declarations of compliance (e.g. data protection declaration)

Digital Signatures & eIDAS – Our Workshops

Let us advise you within the framework of our workshops. Starting with the free basic workshop, we accompany you in every phase of the introduction of a signature solution!

Basics Workshop

In our free basics workshop, we will introduce you to the functionality and advantages of a signature solution and answer basic questions such as:

  • Where can I use electronic signatures?
  • Is an electronic signature legally binding?
  • How are electronic signatures inserted into documents?
  • What costs can I expect

Request Workshop

Consulting and Design Phase

During the consulting and design phase, we evaluate your requirements in detail in order to identify a suitable solution for you:

  • Support in the selection of a suitable signature solution
  • Support in the selection of a suitable qualified trust service provider and identification procedure
  • Preservation of the evidential value of electronic signatures
  • Mapping of process flows
  • Cost-benefit analysis
  • Joint development of a solution concept
  • Provision of a detailed solution specification

Request Workshop

Integration Phase

In the integration phase, we help you to implement a concrete signature solution; this includes for example:

  • Mapping of the processes for signature circulation
  • Connection to third-party applications, e.g. identity provider or specialised applications
  • Connection to a qualified trust service provider
  • Integration into a corporate PKI
  • Implementation of user and administrator trainings
  • Creation of end-user acceptance and awareness
  • Establishment of reliable audit and reporting functions

Request Workshop

eIDAS Workshop

In addition, we offer an eIDAS workshop in which we explain the European regulation to you in a comprehensible form with many examples:

  • What is electronic identification? What effects does it have on national means of identification?
  • What is a trust service provider and what services does it offer?
  • What are electronic signatures, seals and time stamps? How do they differ?
  • What is an electronic registered mail delivery service?
  • What are the requirements for qualified electronic signatures?
  • What is a QSCD?
  • How is a trust service provider certified? What are the accreditation bodies and what are the tasks of the national supervisory authorities?

Request Workshop
eIDAS Regulation

Since July 1, 2016, the eIDAS Regulation has been providing the legal framework for electronic signatures. It states that electronic documents are in principle negotiable and defines three types of electronic signature: simple, advanced and qualified.

The highest level, qualified, is ascribed the same legal effect as a manual signature. This legal certainty enables the foundation for a digital single market in the EU area.

In order to accelerate the development, the eIDAS Regulation also enables a comparatively simple procedure for the qualified signing of documents: the remote signature. Remote signatures are comparable in their application to those that take place in the banking sector when placing an order.

Nevertheless, the qualified signature should only be used where it is legally required. This is because every person must first be legitimised for the qualified signature through an identification procedure, which is often associated with comparatively high costs. Not without reason the eIDAS Regulation provides alternatives with the simple and advanced electronic signature.

Commissioning such a solution is comparatively easy, provided you know what you need. Because the eIDAS world awaits with many exciting questions:

  • Which signature level (simple, advanced, qualified) can be used for which formal requirement?
  • When do I use the electronic seal instead of the electronic signature? When do I use an electronic time stamp instead of an electronic seal?
  • What identification procedures are there and how do I find the right procedure for the company? (e. g. auto-ident, eID, bank-ident, video-ident)
  • Where does the remote signature score, where does the signature card score?
  • What are the authentication requirements? Does 2FA have to be used?
  • How do I validate electronic signatures? How do I know which signature level they meet?
  • What are the eIDAS Trusted Lists and what role do they play in signature validation?
  • What costs can be expected? How expensive are qualified electronic signatures, seals or time stamps and how expensive are the ID procedures?
  • When should legal advice be sought to determine the signature level?
  • What should be considered when choosing a trust service provider in the qualified area?
  • Which signature formats are recognised by the eIDAS Regulation? (e.g. XAdES, CAdES, PAdES, ASiC)
  • Can I bring in an already company-owned PKI for the implementation?
  • How can I integrate electronic signatures into third-party applications?
  • When do I need an HSM or a QSCD?
  • How can I bring documents into a signature workflow? Are there ways to control such workflows?
  • How can I digitise paper documents? (e.g. replacement scanning/TR-RESISCAN)
  • How can I preserve the evidential value of electronic signatures in the long term? (e.g. TR-ESOR, baseline LTA profiles)