Frequently Asked Questions - eIDAS Ordinance

The eIDAS-Regulation (eIDAS stands for "Electronic Identification And Trust Services") is a regulation on electronic identification and trust services for electronic transactions in the 28 member states of the European Union. eIDAS represents a real legal innovation, the stated purpose of which is to stimulate the development of digital applications in Europe. The eIDAS is divided into two main points:

• Electronic identification
• Trust services
  • Electronic signature / remote signature
  • Electronic seals / remote seals
  • Electronic timestamps
  • Inspection and preservation service
  • Electronic registered and delivery service
  • Website authentication

The new EUregulation enables a new, simplified procedure for personal electronic signatures. The qualified certificate does not necessarily have to be on a smart card, but can be in a secure one IT-Environment of a qualified trust service provider must be kept. This means that the electronic signature can also be triggered remotely, for example with mobile devices such as tablets and smartphones.

With the publication of the eIDAS-Implementing Act on July 28, 2017 in the Federal Law Gazette, this came into force on July 29, 2017. At the same time, the Signature Act of May 16, 2001 and the Signature Ordinance of November 16, 2001 are no longer in force. The core of the eIDAS- Implementation Act is the Trust Services Act (VDG). This became the EU-Regulation eIDAS implemented in national law.

The eIDASOrdinance simplifies existing signature procedures with the introduction of a so-called remote signature. The electronic signature can be triggered without a signature card or reader, for example via mobile devices such as smartphones or tablets. With this new procedure, the user's private signature key is stored on a highly secure server (hardware security module) of the qualified trust service provider. A qualified signature is generated using two-factor authentication (TAN-SMS) by the user.

A trust service is loud eIDASRegulation, Article 3 (16), an electronic service which is usually provided for a fee and which is responsible, among other things, for generating the seal, signature and website certificates. A qualified trust service is a trust service that meets the relevant requirements of the eIDAS-Regulation fulfilled, Article 3 (17), and is checked every two years in a complex procedure by an accredited conformity assessment body and the result of the responsible supervisory authority (BNetzA or BSI) communicated. The status as a qualified trust service provider can be verified across Europe via a trust list and a seal of approval. The German trust list is on the Trusted List Browser website EU  https://webgate.ec.europa.eu visible.

The eIDAS Regulation defines two different signature types - advanced and qualified. Advanced and qualified services differ in their legal meaning. For example, if written form is required in Germany, this can only be achieved with a qualified electronic signature. If the assessment of evidence is of interest for a business transaction, the following applies to qualified certificates:

• ZPO §371a (1): The regulations on the evidential value of private documents apply accordingly to private electronic documents that are provided with a qualified electronic signature.
• eIDAS Art. 35 (2): For qualified electronic seals, the presumption of the integrity of the data and the correctness of the proof of origin of the data applies.
• eIDAS Art. 41 (2): For qualified electronic time stamps, the presumption of the correctness of the date and time stated therein as well as the integrity of the data associated with the date and time applies.
• eIDAS Art. 43 (2): For qualified electronic registered and delivery services, the presumption of the integrity of the data and the correctness of the proof of origin of the data and the times of transmission applies.

Occasionally, subsequent adjustments are necessary to a program version that has already been delivered. In the recent past this has been in the wake of the new eIDAS-Regulation and the resulting changes to the certificates of various trust centers.

You have Sign Live! CC Version 7.x in use

• With an update to version 7.0.6 you are up to date. The license used for Sign Live! CC Version 7.x remains valid.

You have Sign Live! CC Version 6.x in use

• A program update is required. Please notice that Sign Live! CC 6.x was discontinued on December 31.12.2017, XNUMX.
• Please check whether you have a maintenance contract with us. In this case the update to version 7.x is free.

The eIDAS-Regulation for seal, signature and time stamp to the trust service providers. Requirements for the signature application component are set by the eIDAS directly none. A publication of certifications or manufacturer declarations by the responsible supervisory authority is no longer possible.

However, with the M / 460 the EU [STANDARDIZATION MANDATES TO THE EUROPEAN STANDARDIZATION ORGANIZATIONS CEN, CENELEC AND ETSI IN THE FIELD OF INFORMATION AND COMMUNICATION TECHNOLOGIES APPLIED TO ELECTRONICS SIGNATURES] defines the corresponding standards that are used in the development of Sign Live! be taken into account.