eSignature FAQ

What is an eSignature?

As with a traditional signature, an eSignature is used to identify and confirm a signer's intent to agree to the contents of a document. eSignatures, however, are digital in nature, and are used to sign electronic files and documents.

The EU eIDAS electronic Identification, Authentication and Trust Services is a European Regulation that created a single framework for electronic identification (eID) and trust services, making it more straightforward to deliver services.. The eIDAS Regulation established the framework to ensure that electronic interactions between businesses are safer, faster and more efficient, no matter the country they take place in. eIDAS promotes interoperability across EU member states, ensuring that countries mutually recognise each other’s notified electronic identification schemes. It also ensures that the trust services provided by service providers who comply with the requirements can be accepted as evidence in legal proceedings. Digital Signature Software (DSS) ensures that Advanced File Sync & Share eSignatures are created and verified in line with European legislation and standards. Regulation defines an eSignature as "data in electronic form, which is attached to - or logically associated with - other data in electronic form, and which is used by the signatory to sign."

eIDAS recognizes three types of eSignatures: simple, advanced, and qualified. As you might expect, advanced and qualified eSignatures have a higher level of security and reliability, as they are backed by a digital certificate which verifies the signer's identity, and links the eSignature to the signed document.

What is an advanced eSignature?

An advanced eSignature (AdES AdES is the acronym for either an advanced electronic signature or an advanced electronic seal. It is the second level of electronic signatures/seals defined in European Union's eIDAS regulation.) is a type of digital electronic signature that meets technical requirements set out in the EU's eIDAS regulation.

An AdES must be created using a qualified certificate that has been issued by a trust service provider (TSP) which appears in the European Commission's List of Trusted Lists (LOTL) of qualified TSPs. The qualified certificate must contain certain information about the signer, and the TSP must be approved and supervised by a national regulatory body.

To qualify as an AdES, the signature must be uniquely linked to the signer; be capable of identifying the signer; be created using electronic signature creation data that the signer can keep under their sole control; and be capable of detecting any subsequent changes to the signed data. The process of doing this involves a third party and some identity verification. Most commercial agreement types are covered using AdES.

An advanced eSignature uses a digital certificate to authenticate the signer’s identity. Digital certificates indicate that the signer has completed the necessary steps to confirm their identity to the standard established be the EU's eIDAS legislation.

Does eSigned Files functionality comply with international standards for eSignatures?

Yes. International standards specify requirements for eSignatures, such as the methods used to authenticate a signer's identity.

Our digital certificate-based eSignatures comply with the European Union’s eIDAS electronic Identification, Authentication and Trust Services is a European Regulation that created a single framework for electronic identification (eID) and trust services, making it more straightforward to deliver services.. The eIDAS Regulation established the framework to ensure that electronic interactions between businesses are safer, faster and more efficient, no matter the country they take place in. eIDAS promotes interoperability across EU member states, ensuring that countries mutually recognise each other’s notified electronic identification schemes. It also ensures that the trust services provided by service providers who comply with the requirements can be accepted as evidence in legal proceedings. Digital Signature Software (DSS) ensures that Advanced File Sync & Share eSignatures are created and verified in line with European legislation and standards. regulations. This regulation defines two types of certificate-based signatures: Advanced and Qualified electronic signatures (or AdES and QES), which require identity authentication before a digital certificate is issued.

What is a Qualified eSignature?

A QES is a type of eSignature that meets even higher standards than an advanced eSignature (AdES).

In certain situations, a qualified eSignature (QES) may be required by law, regulation, or contractual agreements. Some examples may include transactions involving a very large amount of money, such as real estate sales; patent applications; official government or industry recognition, such as pharmaceuticals; and public sector documents, such as government contracts or tenders.

As with an AdES, a QES must be created using a qualified certificate, issued by a trust service provider (TSP). For a QES, however, the process of identity verification is more rigorous than AdES: it requires video verification.

Contact Acronis if you need QES.

How do I verify an AdES?

An AdES can be verified and validated using standard software tools built into some PDF readers. We recommend the Adobe reader.

For how long is an eSignature valid?

According to eIDAS regulations electronic Identification, Authentication and Trust Services is a European Regulation that created a single framework for electronic identification (eID) and trust services, making it more straightforward to deliver services.. The eIDAS Regulation established the framework to ensure that electronic interactions between businesses are safer, faster and more efficient, no matter the country they take place in. eIDAS promotes interoperability across EU member states, ensuring that countries mutually recognise each other’s notified electronic identification schemes. It also ensures that the trust services provided by service providers who comply with the requirements can be accepted as evidence in legal proceedings. Digital Signature Software (DSS) ensures that Advanced File Sync & Share eSignatures are created and verified in line with European legislation and standards., the validity of an AdES or an advanced certificate has a time limit. For example, in the European Union, an advanced certificate used for digital electronic signature purposes must be issued for a minimum period of one year, but can be valid for longer periods, subject to renewal. The validity of a document signed with advanced certificates depends on various factors, such as the intended use of the signature or certificate; the jurisdiction where it is used; and any applicable legal or regulatory requirements.

Acronis uses PAdES. A signature at this level could still be validated long after the cryptographic algorithms used for its creation are no longer considered secure enough or, more simply, after the expiration of the validation data.

Why does Acronis offer a digital electronic signature and not a digital electronic seal?

While both digital electronic seals and digital electronic signatures are types of electronic authentication methods, they serve different purposes. A digital electronic signature is used to authenticate the identity of the signer and the integrity of a file, while a digital electronic seal is used to authenticate the origin and integrity of a file. Acronis follows best practices and EU eIDAS standards, using a digital electronic signature to sign PDF files, which gives each signer a unique certificate to identify them as a signer.

A digital electronic signature works by associating a digital signature with the document or transaction. The signature is created using a digital certificate and provides proof of the signer's identity and intent to sign the file. Digital electronic signatures can be used for various types of files (e.g. contracts, invoices, and purchase orders).

On the other hand, a digital electronic seal works by applying a digital stamp or seal to the document. The seal is created using a digital certificate and provides proof of the identity of the entity that applied the seal, such as a government agency, a company, or an individual (e.g. for official documents and records, such as birth certificates, deeds, and patents).

Are there any legal considerations when using an eSignature?

For each eSignature type, it's necessary to consider if it is legal, valid, and binding for your situation.

In many cases, an advanced eSignature (AdES) may be sufficient to meet the legal and practical requirements of a given transaction or document. AdESs provide a high level of security and authenticity.

You should consult with your legal advisor to discuss what's right for your situation, taking into account factors including:

1. Enforceability - Would a court recognize and enforce an agreement validly e-signed in accordance with its governing law?

2. Validity - Are eSignatures legal, valid, and binding in the relevant jurisdiction?

3. Admissibility - Is a file that has been eSigned admissible in a court of law?

4. Specific agreements - What is the position relating to specific file types? (E.g., deeds, guarantees; loan agreements; company files, such as board minutes or board resolutions; powers of attorney; and employee agreements.)

5. Impact - Are the parties to an agreement natural versus legal persons.

6. Witnessing - How can eSignatures apply to files which need to be witnessed?

7. Registration - Can eSigned files be registered or filed with authorities? (E.g., relating to tax, real estate, intellectual property, and security filings.)

Can I still use eSigned files if I am not in the EU?

This depends on the enforceability and validity of the eSignature and your situation

• The enforceability of whether local regulatory bodies will accept eSigned agreements should be considered and should be registered with them, if needed.

• The validity of using eSignature types depends on the agreement types to be signed, including - but not limited to - the execution of deeds, guarantees, loans, certain real estate agreements, commercial B2B and B2C agreements, powers of attorney, board minutes and resolutions, and employment agreements, and considers issues such as whether eSigned files can be witnessed or registered.

In terms of enforceability and validity, the eSigned files can use the national ID card or passport of just under 100 countries, based on the validation service of our TSP partner, even if eIDAS is not applied within the laws of the country.

For countries that do not follow eIDAS, then the underlying laws have to be considered, which may accept an eIDAS eSignature. So, the use of local legal services is recommended.

Here are some examples of countries not falling under eIDAS regulations, that have their own underlying laws, but where digital electronic signatures, such as Acronis eSignature, might be OK to use, based on local legal knowledge:

Singapore

Digital signatures are legally recognized under Electronic Transactions Act (ETA), which provides the legal framework. The form of the digital signature is similar to what is implemented without the requirement of eIDAS-approved TSP or qualified format. So, along with PDPA laws, it ensures the validity and enforceability of electronic contracts (simple eSignatures) and advanced electronic signatures (AdES).

Mexico

Digital signatures are legally recognized under the Law on Metrology and Standards, which provides for the use of digital signatures in electronic documents. It's based on ISO IEC 1488 standards. The Mexican government has also implemented regulations for the use of digital signatures in specific industries, such as banking and healthcare.

Brazil

Digital signatures are legally recognized under the Brazilian Internet Act, which is based on ISO IEC 14888.

USA

Digital signatures are legally recognized under Electronic Signatures in the Global and National Commerce Act (eSign act), and apply to all types of signatures: simple, advanced, and qualified. However, certain transactions and contracts have state laws that apply. The Federal government has their own Digital Signature Guidance (DSG), issued by the National Institute of Standards (NIST), which uses a base standard of FIPS 186-4.

For example, when the signatories to an agreement are located in a country not governed by the local law for the agreement, or where the agreement may need to be registered or enforced in a third country (e.g. English laws govern the original agreement, but the place of incorporation of the counterparties to the agreement are not in England, you may need to register your agreement in multiple countries, and you may need to enforce it one of those countries, then analysis of the combination of laws is required, and an informed decision on which laws are relevant needs to be taken.

Why are there more steps to signing with an advanced eSignature than with a simple eSignature?

This process has a high level of trust and, as a result, has a few more steps. Since we use AdESs, the process requires the acquisition and inclusion of a digital certificate, in accordance with eIDAS certification standards.

This ensures each eSignature is linked to and is capable of identifying the signer, and is created using electronic signature creation data that signers can keep under their sole control (e.g., a mobile device). Mobile devices are identified by a unique code, sent by SMS each time a signer signs, so they must be available to the signer.

Here are the steps for each signer, in turn:

1. Access to the file to be signed on Acronis' Files Cloud .

   • Once a signer has received an email invitation to sign, and has opened the file, they are taken to the eSignature app.

   • If a signer does not already have a user profile on Acronis Files Cloud, they must create a guest account A guest account is an account, created to give non-File Sync & Share users temporary, limited access to content which has been shared with them or which they have been invited to sign (Advanced File Sync & Share only).. This gives secure access to the file and to the eSignature service.

2. Reviewing and signing the document electronically

   • Signers are shown the file to be signed so they can review it.

   • Signers are obliged to complete all required fields, including their signature.

   • Signers then select Review and Sign to start the process to attach their digital certificate.

   • Signers can come back to the document to amend fields at any time before the digital certificate is issued.

3. Acquiring digital eSignature credentials.

   This process happens only once, and the eSignature can be used to sign multiple subsequent documents.

   • Because the signing is AES, signers are asked to provide additional authentication, by providing their phone number.

   • Signers are then asked to authenticate themselves by entering an access code sent by SMS to their stated phone number.

   • If it's the first time signing, the signer must complete a verification process using an app called IDCheck from Acronis's TSP partner, DigitalSign. The app verifies the signers' ID using a scanned ID card or passport, and facial recognition technology.

   • When verification is complete, a digital certificate becomes available to sign the file in the next step.

   At this step, it is no longer possible to go back and change the content in the file.

4. Digitally signing the file

   • Signers complete the eSignature process by verifying that they are in possession of the same device used in the verification process.

   • They enter a new code sent by SMS to their phone and select Verify and Sign to digitally sign the document .

   • Signers are able to use the application without repeating the IDCheck verification process, as long as they are using the same passport or ID card.

5. Signers get access to eSigned files when they are signed by all signers.