SlideShare a Scribd company logo

Electronic Signatures Guidance - by BEIS

Zeev Shetach
Zeev Shetach

This document provides an overview of electronic signatures, trust services, and the legislative background related to the EU's eIDAS Regulation. It defines key terms like electronic signatures, advanced electronic signatures, qualified electronic signatures, and trust services. It explains the importance of these concepts for online transactions and their legal effect. It also outlines the roles of the UK's Trusted List Scheme Operator and the Information Commissioner's Office as the supervisory body.

Technology
1 of 16
Download to read offline
Electronic Signatures and Trust Services Contents Introduction...................................................................................................................................3 What this guide explains .............................................................................................................3 Background Information ..............................................................................................................4 Why are e-signatures and trust services important?....................................................................4 What is an e-signature and why should you use one?.................................................................4 What is a trust service and why should you use them? ...............................................................5 What is electronic identification and why is it important? .............................................................5 Legislative Background................................................................................................................7 Electronic Signatures ..................................................................................................................7 Advanced Electronic Signatures..................................................................................................7 Qualified Electronic Signatures ...................................................................................................7 Electronic Seals ..........................................................................................................................8 Legal effect of electronic signatures, seals, time stamps, registered delivery services and electronic documents ..................................................................................................................8 Trust Service Providers................................................................................................................9 UK Trust Service Status List (TSL)..............................................................................................9 How to check and authenticate the TSL......................................................................................9 Data Protection ...........................................................................................................................11 Supervisory Body – Information Commissioner’s Office.........................................................12 Annex A – Definitions.................................................................................................................13 2
Electronic Signatures and Trust Services Introduction What this guide explains This guide is intended to assist individuals and businesses in understanding the changes made to the electronic signature regime introduced by Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the eIDAS Regulation). The changes made to UK law on electronic signatures are set out below and the requirements of the eIDAS Regulation are explained in general terms. This guide covers basic information about electronic signatures, the introduction of a new framework for trust services, and the supervisory regime. You should refer to the Regulations themselves for a full explanation of the requirements: • UK Regulation: The Electronic Identification and Trust Services for Electronic Transactions Regulation 2016 (2016 No.696)1 and section 7 of the Electronic Communications Act 2000.2 • EU Regulation: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.3 Further requests for information or enquiries should be sent to: uksinglemarketcentre@beis.gsi.gov.uk 1 http://www.legislation.gov.uk/uksi/2016/696/pdfs/uksi_20160696_en.pdf 2 http://www.legislation.gov.uk/ukpga/2000/7/section/7 3 http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN 3
Electronic Signatures and Trust Services Background Information Why are e-signatures and trust services important? Businesses and individuals involved in commercial transactions or messaging activities need to have confidence in, and be trusting of, any communication that is sent in relation to that activity. This helps to ensure that documents sent electronically have not been altered in any way, that the sender can be easily recognised, and that the document has the necessary security. Trust is the basis of business and commercial activity, and can be enhanced by the use of electronic signatures and trust services. Generally, electronic signatures and trust services can prove the origin of the communication or document, show whether a message has been altered and ensure messages remain confidential. More and more businesses and individuals are using, or are seeking to use, electronic signatures and trust services and, with an increasing number of Government services available digitally, there will be continued growth in this market for some time to come. What is an e-signature and why should you use one? Electronic signatures deliver a way to sign documents in the online world, much like one signs a document with a pen in the offline world. Electronic signatures come in many forms, including: • Typewritten • Scanned • An electronic representation of a handwritten signature • A unique representation of characters • A digital representation of characteristics, for example, fingerprint or retina scan • A signature created by cryptographic means Electronic signatures can be divided into three groups: • Simple electronic signatures – these include scanned signatures and tickbox plus declarations. • Advanced electronic signatures – these are uniquely linked to the signatory, are capable of identifying the signatory, and are linked to data within the signature that can detect any changes made. 4
Electronic Signatures and Trust Services • Qualified electronic signatures – an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Electronic signatures are only as secure as the business processes and technology used to create them. High value transactions need better quality electronic signatures – signatures used for these transactions need to be more securely linked to the owner in order to provide the level of assurance needed and to ensure trust in the underlying system. Better quality electronic signatures can offer: • Authentication – linking the signatory to the information • Integrity – allowing any changes to the information provided to be detected more easily • Non-repudiation – ensuring satisfaction (in a legal sense) about where the electronic signature has come from What is a trust service and why should you use them? In order to ensure the security and legal validity of an electronic activity, e-signatures are certainly important, but not always sufficient. Trust Services can offer: • Electronic time stamping – this is data in electronic form which binds other electronic data to a particular time, providing evidence that such data existed at that time. • Electronic seals – the electronic equivalent of a seal or stamp which is attached or incorporated into a document to guarantee its origin and integrity • Electronic registered delivery service – this is a service enabling parties to exchange electronic data securely by protecting the data against risk of loss, theft, damage or any unauthorised alterations. The service also provides evidence relating to the handling of the transmitted data, including proof of delivery and receipt. • Website authentication – a certificate that allows users to verify the authenticity of the website and its link to the entity/person owning the website What is electronic identification and why is it important? Online identification is becoming increasingly important as services move online. GOV.UK Verify is the new way to prove who you are online. It gives safer, simpler and faster access to government services like filing your tax or checking the information on your driving licence. 5
Electronic Signatures and Trust Services A range of UK Government services are now available for use with GOV.UK Verify. For more information, you can visit the Verify webpage.4 4 https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify 6
Electronic Signatures and Trust Services Legislative Background Directive 1999/93/EC on a Community framework for electronic signatures (‘Electronic Signatures Directive’) established a legal framework for electronic signatures and associated certification services to ensure the proper functioning of the internal market. In the UK, the Directive was implemented into law by the Electronic Communications Act 2000 and the Electronic Signatures Regulation 2002 (SI 2002 No. 318). The main objective behind the eIDAS Regulation is to update these rules and create a uniform regime for the mutual recognition of electronic identification and trust services throughout the EU. In the UK, the eIDAS Regulation has been implemented into law by the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (2016 No.696)5 and section 7 of the Electronic Communications Act 2000.6 The eIDAS Regulation is fundamentally split into two parts. The first section deals with electronic identification systems and establishes a legal framework that allows for mutual recognition of identification systems between Member States. The second section of eIDAS deals with Trust Services and electronic signatures in particular. It clarifies existing rules and introduces a new legal framework for electronic signatures and seals, time stamps, registered delivery services and website authentication, offering greater legal certainty to services that follow eIDAS’s rules, which are designed to improve the reliability and trustworthiness of these services. Electronic Signatures One important change to this regime is that an electronic signature can now only be used by individuals. Previously, under the Electronic Signatures Directive, an electronic signature could be used by both individuals and corporate organisations. The eIDAS Regulation makes a distinction between natural and legal persons. Advanced Electronic Signatures Another change from the new Regulation is the re-definition of the Advanced Electronic Signature, which allows unique identification and authentication of the signer of a document and enables the verification of the integrity of the signed agreement. This authentication is typically accomplished through the issuance of a digital certificate by a Certificate Authority. These certificates have existed for many years and now, under eIDAS, users are able to utilise mobile technology for this activity. Qualified Electronic Signatures 5 http://www.legislation.gov.uk/uksi/2016/696/pdfs/uksi_20160696_en.pdf 6 http://www.legislation.gov.uk/ukpga/2000/7/section/7 7
Electronic Signatures and Trust Services The final type of signature defined under the eIDAS Regulation is the Qualified Electronic Signature (QES). While both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are Advanced Electronic Signatures created by qualified electronic signature creation devices, based on Qualified Certificates. Qualified Certificates can only be issued by a qualified trust service provider, which has been granted its qualified status by the Supervisory Body. The electronic signature creation data must also be stored on a qualified signature creation device such as a smart card, a USB token, or a cloud based trust service. Electronic Seals The eIDAS Regulation also introduces the recognition of electronic seals. These are similar to electronic signatures but only available to legal persons, such as corporate entities. Legal effect of electronic signatures, seals, time stamps, registered delivery services and electronic documents Articles 25, 35, 41, 43 and 46 of the eIDAS Regulation provides for a harmonised and appropriate legal framework for the use of electronic signatures, trust services and electronic documents, by ensuring the recognition of all as evidence in legal proceedings. Articles 25, 35, 41, 43 and 46 are implemented into UK law through section 7 of the Electronic Communications Act 2000. 8
Electronic Signatures and Trust Services Trust Service Providers The eIDAS Regulation requires Member States to establish, maintain and publish trusted lists, containing information on qualified trust service providers (QTSPs) in their territory, together with information on the qualified trust services they provide. UK Trust Service Status List (TSL) Directive 2006/123/EC on services in the internal market (the Services Directive) was published on 12 December 2006 and Article 8 of the Services Directive allows for relevant procedures to be completed electronically and remotely. As a result, a trust mechanism has been put in place in order to provide confidence when completing these procedures online, consisting of a list of Trusted Providers that are established in each Member State of the EU (plus members of the European Economic Area). Under the eIDAS Regulation this Trusted List mechanism has been expanded. These lists are essential elements in the building of trust among market operators as they indicate the qualified status of the service provider at the time of supervision. In order to allow access to the trusted lists of all Member States in an easy manner, the European Commission has published a central list with links to the national "trusted lists"7 and the central list itself can be found on the Commission’s website.8 tScheme Limited is the UK’s Trusted List Scheme Operator (TLSO) and creates, hosts and maintains the UK’s Trust Service-status List (TSL) on behalf of the Department for Business, Energy and Industrial Strategy (BEIS). How to check and authenticate the TSL The digest information related to the certificate that supports the electronic signature of the machine-processable and human-readable versions of the UK’s TSL is presented here together with digest information on a new certificate that can be used to electronically sign the TSL in case of expiry or compromise of the current certificate. Only one of the two certificates below is applicable at a time. • The digital certificate can be authenticated through one of the following digests (sometimes referred to as the thumbprint): o The current certificate, which is valid from 20/02/14 until 20/02/2017:  SHA-1 digest (Hex) value: 17 9c 15 26 47 92 53 eb b3 39 c2 12 62 73 38 1d e2 77 38 14 o Or a new certificate that is valid from 08/08/2014 to 08/08/2017: 7 https://ec.europa.eu/digital-single-market/eu-trusted-list-certificate-providers-further-info-and-policy 8 https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml 9
Electronic Signatures and Trust Services  SHA-1 digest (Hex) value: 56 45 69 46 82 b0 e5 8f f8 38 bb 55 96 2f 6e e1 a1 2d e3 b5 The authenticity and integrity of the TSL should be verified by the relevant parties prior to any use. More information on the list and its authentication can be found on the tScheme website.9 9 http://www.tscheme.org/UK_TSL/index.html 10
Electronic Signatures and Trust Services Data Protection Organisations/persons involved with providing trust services are required to comply with Directive 95/46/EC which has been implemented into UK law as the Data Protection Act 1998. The Information Commissioner’s Office is the regulator for the Data Protection Act 1998. A guide on data protection can be found on the Information Commissioner’s Office website.10 10 https://ico.org.uk/for-organisations/guide-to-data-protection/ 11
Electronic Signatures and Trust Services Supervisory Body – Information Commissioner’s Office The UK’s implementing regulations, the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016, designates the Information Commissioner’s Office (ICO) as the supervisory body for chapter III of the eIDAS Regulation, on the topic of Trust Services, and provides that it must carry out the tasks set out in Article 17 of the EU Regulation. The ICO must: • Take action if necessary in relation to Trust Service Providers if informed that they allegedly do not meet the requirements set out in the eIDAS Regulation. This could mean issuing an enforcement or assessment notice requiring an organisation to take a particular course of action or a fixed monetary penalty of up to £1000; • Inform other European supervisory bodies and the public about breaches of security or loss of integrity; • Submit a report to ENISA (European Union Agency for Network and Information Security) on its main activities and any breach notifications on an annual basis; • Carry out audits on Trust Service Providers where there is a justified reason for doing so; • Grant, withdraw and renew ‘Qualified’ status to Trust Service Providers; and • Verify the existence and correct application of provisions on termination plans for Qualified Trust Service Providers including how information will be kept accessible. 12
Electronic Signatures and Trust Services Annex A – Definitions Advanced Electronic Signature – means an electronic signature which meets the requirements set out in Article 26 of the EU Regulation, which specifies the following requirements: • it is uniquely linked to the signatory; • it is capable of identifying the signatory; • it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and • it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. Certificate – a certificate is an electronic attestation that links signature-verification-data to a specific person and confirms the identity of that person. Under the eIDAS Regulation, certificates come in three forms: • a ‘certificate for electronic signature’ means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person; • a ‘certificate for electronic seal’ means an electronic attestation that links electronic seal validation data to a legal person and confirms the name of that person; and • a ‘certificate for website authentication’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued. Creator of a Seal – means a legal person who creates an electronic seal. Electronic Seal – means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity. Electronic Signature – means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. Electronic Signature Creation Data – means unique data which is used by the signatory to create an electronic signature. Electronic Signature Creation Device – means configured software or hardware used to create an electronic signature. Qualified Certificate for electronic signature – means a certificate for electronic signatures that is issued by a qualified trust service provider and meets the requirements laid down in 13
Electronic Signatures and Trust Services Annex I of the eIDAS Regulation. Qualified certificates for electronic signatures shall contain: • an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic signature; • a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least, the Member State in which that provider is established and: o for a legal person: the name and, where applicable, registration number as stated in the official records, o for a natural person: the person’s name; • at least the name of the signatory, or a pseudonym; if a pseudonym is used, it shall be clearly indicated; • electronic signature validation data that corresponds to the electronic signature creation data; • details of the beginning and end of the certificate’s period of validity; • the certificate identity code, which must be unique for the qualified trust service provider; • the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; • the location where the certificate supporting the advanced electronic signature or advanced electronic seal is available free of charge; • the location of the services that can be used to enquire about the validity status of the qualified certificate; • where the electronic signature creation data related to the electronic signature validation data is located in a qualified electronic signature creation device, an appropriate indication of this, at least in a form suitable for automated processing. Qualified Electronic Signature – means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Qualified Electronic Signature Creation Device – means an electronic signature creation device that meets the requirements laid down in Annex II of the eIDAS Regulation. Qualified Trust Service Provider – means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the Supervisory Body. 14
Electronic Signatures and Trust Services Signatory – means a natural person who creates an electronic signature. Trust Service – means an electronic service normally provided for remuneration which consists of: • the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or • the creation, verification and validation of certificates for website authentication; or • the preservation of electronic signatures, seals or certificates related to those services. Trust Service Provider – means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider. For a full set of definitions, please refer to the EU Regulation.11 11 http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN 15
Electronic Signatures Guidance - by BEIS

Recommended

Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...
Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...
Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...Digital Marketing
 
It act,2000
It act,2000It act,2000
It act,2000Priya Kushwah
 
New Eu Rules For E Invoicing By 2013, Equal Treatment With A Twist
New Eu Rules For E Invoicing By 2013, Equal Treatment With A TwistNew Eu Rules For E Invoicing By 2013, Equal Treatment With A Twist
New Eu Rules For E Invoicing By 2013, Equal Treatment With A TwistFriso de Jong
 
E voting under Companies Act, 2013
E voting under Companies Act, 2013E voting under Companies Act, 2013
E voting under Companies Act, 2013ANAND KANKANI
 
Sasha Gavrilovic
Sasha GavrilovicSasha Gavrilovic
Sasha GavrilovicEmil Hristov
 
Digital Signature Certificate (DSC)
Digital Signature Certificate (DSC)Digital Signature Certificate (DSC)
Digital Signature Certificate (DSC)FaizahFarook
 
Digital signature and adv payment gateway
Digital signature and adv payment gatewayDigital signature and adv payment gateway
Digital signature and adv payment gatewayKartik Kalpande Patil
 
Professional issues in IT
Professional issues in IT Professional issues in IT
Professional issues in IT Savithri Nandadasa
 

Recommended

Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...
Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...
Vietnam E-commerce report 2013 VECITA - Báo cáo Thương mại điện tử 2013 (Tiến...Digital Marketing
 
It act,2000
It act,2000It act,2000
It act,2000Priya Kushwah
 
New Eu Rules For E Invoicing By 2013, Equal Treatment With A Twist
New Eu Rules For E Invoicing By 2013, Equal Treatment With A TwistNew Eu Rules For E Invoicing By 2013, Equal Treatment With A Twist
New Eu Rules For E Invoicing By 2013, Equal Treatment With A TwistFriso de Jong
 
E voting under Companies Act, 2013
E voting under Companies Act, 2013E voting under Companies Act, 2013
E voting under Companies Act, 2013ANAND KANKANI
 
Sasha Gavrilovic
Sasha GavrilovicSasha Gavrilovic
Sasha GavrilovicEmil Hristov
 
Digital Signature Certificate (DSC)
Digital Signature Certificate (DSC)Digital Signature Certificate (DSC)
Digital Signature Certificate (DSC)FaizahFarook
 
Digital signature and adv payment gateway
Digital signature and adv payment gatewayDigital signature and adv payment gateway
Digital signature and adv payment gatewayKartik Kalpande Patil
 
Professional issues in IT
Professional issues in IT Professional issues in IT
Professional issues in IT Savithri Nandadasa
 
How Payment Cards Really Work?
How Payment Cards Really Work?How Payment Cards Really Work?
How Payment Cards Really Work?Dmitry Buzdin
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONPankaj Rane
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)Omar Ghazi
 
E voting procedure-companies act 2013
E voting procedure-companies act 2013E voting procedure-companies act 2013
E voting procedure-companies act 2013mystartupvakil.com
 
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...IRJET Journal
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic TransactionUnited International University
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systemsAbdulaziz Mohd
 
Es posible la revolucion educativa sin la integracion
Es posible la revolucion educativa sin la integracionEs posible la revolucion educativa sin la integracion
Es posible la revolucion educativa sin la integracionSoraya Miliano de Jesus
 
Developing a Political Programme for Union Activists
Developing a Political Programme for Union ActivistsDeveloping a Political Programme for Union Activists
Developing a Political Programme for Union ActivistsConor McCabe
 
Soligenix BILS 2016
Soligenix BILS 2016Soligenix BILS 2016
Soligenix BILS 2016GBX Events
 
Exercicis de formulació
Exercicis de formulacióExercicis de formulació
Exercicis de formulacióJavier Pérez
 
Gol a Gol
Gol a GolGol a Gol
Gol a GolEstúdio Lune
 
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 balexvi93
 
Personality Traits and Visualization Survey by Christy Case
Personality Traits and Visualization Survey by Christy CasePersonality Traits and Visualization Survey by Christy Case
Personality Traits and Visualization Survey by Christy CaseChristy C Langdon
 
Final
Final Final
Final Nripesh Pradhan
 
Ingenza BILS 2016
Ingenza BILS 2016Ingenza BILS 2016
Ingenza BILS 2016GBX Events
 
Cirko
CirkoCirko
CirkoCiari110
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan RangkaAnatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan RangkaREVINA SRI UTAMI,S.Pd
 
PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_KaskPPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_KaskSupport for Improvement in Governance and Management SIGMA
 
Whitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawWhitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawDocuSign
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesDr. Prashant Vats
 

More Related Content

What's hot

How Payment Cards Really Work?
How Payment Cards Really Work?How Payment Cards Really Work?
How Payment Cards Really Work?Dmitry Buzdin
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONPankaj Rane
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)Omar Ghazi
 
E voting procedure-companies act 2013
E voting procedure-companies act 2013E voting procedure-companies act 2013
E voting procedure-companies act 2013mystartupvakil.com
 
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...IRJET Journal
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systemsAbdulaziz Mohd
 

What's hot (7)

How Payment Cards Really Work?
How Payment Cards Really Work?How Payment Cards Really Work?
How Payment Cards Really Work?
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
 
Secure electronic transactions (SET)
Secure electronic transactions (SET)Secure electronic transactions (SET)
Secure electronic transactions (SET)
 
E voting procedure-companies act 2013
E voting procedure-companies act 2013E voting procedure-companies act 2013
E voting procedure-companies act 2013
 
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
IRJET- Smart and Secured Voting System using Magnetic Stripe Voter ID Card an...
 
Secure Electronic Transaction
Secure Electronic TransactionSecure Electronic Transaction
Secure Electronic Transaction
 
Secure payment systems
Secure payment systemsSecure payment systems
Secure payment systems
 

Viewers also liked

Es posible la revolucion educativa sin la integracion
Es posible la revolucion educativa sin la integracionEs posible la revolucion educativa sin la integracion
Es posible la revolucion educativa sin la integracionSoraya Miliano de Jesus
 
Developing a Political Programme for Union Activists
Developing a Political Programme for Union ActivistsDeveloping a Political Programme for Union Activists
Developing a Political Programme for Union ActivistsConor McCabe
 
Soligenix BILS 2016
Soligenix BILS 2016Soligenix BILS 2016
Soligenix BILS 2016GBX Events
 
Exercicis de formulació
Exercicis de formulacióExercicis de formulació
Exercicis de formulacióJavier Pérez
 
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 balexvi93
 
Personality Traits and Visualization Survey by Christy Case
Personality Traits and Visualization Survey by Christy CasePersonality Traits and Visualization Survey by Christy Case
Personality Traits and Visualization Survey by Christy CaseChristy C Langdon
 
Ingenza BILS 2016
Ingenza BILS 2016Ingenza BILS 2016
Ingenza BILS 2016GBX Events
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan RangkaAnatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan RangkaREVINA SRI UTAMI,S.Pd
 

Viewers also liked (12)

Es posible la revolucion educativa sin la integracion
Es posible la revolucion educativa sin la integracionEs posible la revolucion educativa sin la integracion
Es posible la revolucion educativa sin la integracion
 
Developing a Political Programme for Union Activists
Developing a Political Programme for Union ActivistsDeveloping a Political Programme for Union Activists
Developing a Political Programme for Union Activists
 
Soligenix BILS 2016
Soligenix BILS 2016Soligenix BILS 2016
Soligenix BILS 2016
 
Exercicis de formulació
Exercicis de formulacióExercicis de formulació
Exercicis de formulació
 
Gol a Gol
Gol a GolGol a Gol
Gol a Gol
 
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
04 activitat 4. mapa conceptual. àlex viyuela molinero 2 b
 
Personality Traits and Visualization Survey by Christy Case
Personality Traits and Visualization Survey by Christy CasePersonality Traits and Visualization Survey by Christy Case
Personality Traits and Visualization Survey by Christy Case
 
Final
Final Final
Final
 
Ingenza BILS 2016
Ingenza BILS 2016Ingenza BILS 2016
Ingenza BILS 2016
 
Cirko
CirkoCirko
Cirko
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan RangkaAnatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
Anatomi Dan Fisiologi Tubuh Manusia Sistem Otot Dan Rangka
 

Similar to Electronic Signatures Guidance - by BEIS

Whitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawWhitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawDocuSign
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulation20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulationJos Dumortier
 
Securing eHealth, eGovernment and eBanking with Java - DWX '21
Securing eHealth, eGovernment and eBanking with Java - DWX '21Securing eHealth, eGovernment and eBanking with Java - DWX '21
Securing eHealth, eGovernment and eBanking with Java - DWX '21Werner Keil
 
E-Sign Regulations Around The World.pptx
E-Sign Regulations Around The World.pptxE-Sign Regulations Around The World.pptx
E-Sign Regulations Around The World.pptxSuchitaGautam1
 
E- Commerce and Internet Stock Trading
E- Commerce and Internet Stock TradingE- Commerce and Internet Stock Trading
E- Commerce and Internet Stock TradingRajaKrishnan M
 
Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146IJRAT
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryptionijcisjournal
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceThodoris Bais
 
Embracing Digital Transformation Electronic Signatures for Audit Reports and ...
Embracing Digital Transformation Electronic Signatures for Audit Reports and ...Embracing Digital Transformation Electronic Signatures for Audit Reports and ...
Embracing Digital Transformation Electronic Signatures for Audit Reports and ...Drysign By Exela
 
E Contracts E Transactions.pptx
E Contracts E Transactions.pptxE Contracts E Transactions.pptx
E Contracts E Transactions.pptxshrutiganpule74
 

Similar to Electronic Signatures Guidance - by BEIS (20)

PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_KaskPPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
 
Whitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature LawWhitepaper: What You Should Know About eSignature Law
Whitepaper: What You Should Know About eSignature Law
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference Guide
 
20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulation20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulation
 
Securing eHealth, eGovernment and eBanking with Java - DWX '21
Securing eHealth, eGovernment and eBanking with Java - DWX '21Securing eHealth, eGovernment and eBanking with Java - DWX '21
Securing eHealth, eGovernment and eBanking with Java - DWX '21
 
IT Act,2000
IT Act,2000IT Act,2000
IT Act,2000
 
E-Sign Regulations Around The World.pptx
E-Sign Regulations Around The World.pptxE-Sign Regulations Around The World.pptx
E-Sign Regulations Around The World.pptx
 
Cupa pres a_2
Cupa pres a_2Cupa pres a_2
Cupa pres a_2
 
E- Commerce and Internet Stock Trading
E- Commerce and Internet Stock TradingE- Commerce and Internet Stock Trading
E- Commerce and Internet Stock Trading
 
PPT - SIGMA-GIZ Academies - Topic 2 - DGconnect eIDAS
PPT - SIGMA-GIZ Academies - Topic 2 - DGconnect eIDASPPT - SIGMA-GIZ Academies - Topic 2 - DGconnect eIDAS
PPT - SIGMA-GIZ Academies - Topic 2 - DGconnect eIDAS
 
Paper id 2320146
Paper id 2320146Paper id 2320146
Paper id 2320146
 
MobileID
MobileIDMobileID
MobileID
 
An Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On SigncryptionAn Improvement To The Set Protocol Based On Signcryption
An Improvement To The Set Protocol Based On Signcryption
 
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 ConferenceSecuring eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
Securing eHealth, eGovernment and eBanking with Java - IT-Tage 2020 Conference
 
Carrie Peter
Carrie PeterCarrie Peter
Carrie Peter
 
Embracing Digital Transformation Electronic Signatures for Audit Reports and ...
Embracing Digital Transformation Electronic Signatures for Audit Reports and ...Embracing Digital Transformation Electronic Signatures for Audit Reports and ...
Embracing Digital Transformation Electronic Signatures for Audit Reports and ...
 
Digital certificate
Digital certificateDigital certificate
Digital certificate
 
E Contracts E Transactions.pptx
E Contracts E Transactions.pptxE Contracts E Transactions.pptx
E Contracts E Transactions.pptx
 
Digital signature
Digital signatureDigital signature
Digital signature
 

More from Zeev Shetach

חמש שיטות לתעדוף משימות פיתוח
חמש שיטות לתעדוף משימות פיתוחחמש שיטות לתעדוף משימות פיתוח
חמש שיטות לתעדוף משימות פיתוחZeev Shetach
 
Online Digital Signature Portal
Online Digital Signature Portal Online Digital Signature Portal
Online Digital Signature Portal Zeev Shetach
 
פורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקום
פורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקוםפורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקום
פורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקוםZeev Shetach
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustZeev Shetach
 
פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון
פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון
פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחוןZeev Shetach
 
How to be trusted in 2017
How to be trusted in 2017How to be trusted in 2017
How to be trusted in 2017Zeev Shetach
 
פתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדע
פתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדעפתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדע
פתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדעZeev Shetach
 
Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationZeev Shetach
 
המדריך לחסכון ארגוני באמצעות טכנולוגיה
המדריך לחסכון ארגוני באמצעות טכנולוגיההמדריך לחסכון ארגוני באמצעות טכנולוגיה
המדריך לחסכון ארגוני באמצעות טכנולוגיהZeev Shetach
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust OverviewZeev Shetach
 

More from Zeev Shetach (11)

חמש שיטות לתעדוף משימות פיתוח
חמש שיטות לתעדוף משימות פיתוחחמש שיטות לתעדוף משימות פיתוח
חמש שיטות לתעדוף משימות פיתוח
 
Online Digital Signature Portal
Online Digital Signature Portal Online Digital Signature Portal
Online Digital Signature Portal
 
פורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקום
פורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקוםפורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקום
פורטל חתימות אונליין - החתימו לקוחות, עובדים, חברי צוות ועוד- מכל מקום
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
 
פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון
פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון
פרשיית דלף מידע ברשתות חברתיות ובסלולר - משרד הביטחון
 
How to be trusted in 2017
How to be trusted in 2017How to be trusted in 2017
How to be trusted in 2017
 
פתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדע
פתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדעפתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדע
פתרונות ביומטריים - רשיונות נהיגה ביומטריים | קומדע
 
Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
 
Comsign & Trust
Comsign & TrustComsign & Trust
Comsign & Trust
 
המדריך לחסכון ארגוני באמצעות טכנולוגיה
המדריך לחסכון ארגוני באמצעות טכנולוגיההמדריך לחסכון ארגוני באמצעות טכנולוגיה
המדריך לחסכון ארגוני באמצעות טכנולוגיה
 
ComsignTrust Overview
ComsignTrust OverviewComsignTrust Overview
ComsignTrust Overview
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Electronic Signatures Guidance - by BEIS

  • 1.
  • 2. Electronic Signatures and Trust Services Contents Introduction...................................................................................................................................3 What this guide explains .............................................................................................................3 Background Information ..............................................................................................................4 Why are e-signatures and trust services important?....................................................................4 What is an e-signature and why should you use one?.................................................................4 What is a trust service and why should you use them? ...............................................................5 What is electronic identification and why is it important? .............................................................5 Legislative Background................................................................................................................7 Electronic Signatures ..................................................................................................................7 Advanced Electronic Signatures..................................................................................................7 Qualified Electronic Signatures ...................................................................................................7 Electronic Seals ..........................................................................................................................8 Legal effect of electronic signatures, seals, time stamps, registered delivery services and electronic documents ..................................................................................................................8 Trust Service Providers................................................................................................................9 UK Trust Service Status List (TSL)..............................................................................................9 How to check and authenticate the TSL......................................................................................9 Data Protection ...........................................................................................................................11 Supervisory Body – Information Commissioner’s Office.........................................................12 Annex A – Definitions.................................................................................................................13 2
  • 3. Electronic Signatures and Trust Services Introduction What this guide explains This guide is intended to assist individuals and businesses in understanding the changes made to the electronic signature regime introduced by Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the eIDAS Regulation). The changes made to UK law on electronic signatures are set out below and the requirements of the eIDAS Regulation are explained in general terms. This guide covers basic information about electronic signatures, the introduction of a new framework for trust services, and the supervisory regime. You should refer to the Regulations themselves for a full explanation of the requirements: • UK Regulation: The Electronic Identification and Trust Services for Electronic Transactions Regulation 2016 (2016 No.696)1 and section 7 of the Electronic Communications Act 2000.2 • EU Regulation: Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.3 Further requests for information or enquiries should be sent to: uksinglemarketcentre@beis.gsi.gov.uk 1 http://www.legislation.gov.uk/uksi/2016/696/pdfs/uksi_20160696_en.pdf 2 http://www.legislation.gov.uk/ukpga/2000/7/section/7 3 http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN 3
  • 4. Electronic Signatures and Trust Services Background Information Why are e-signatures and trust services important? Businesses and individuals involved in commercial transactions or messaging activities need to have confidence in, and be trusting of, any communication that is sent in relation to that activity. This helps to ensure that documents sent electronically have not been altered in any way, that the sender can be easily recognised, and that the document has the necessary security. Trust is the basis of business and commercial activity, and can be enhanced by the use of electronic signatures and trust services. Generally, electronic signatures and trust services can prove the origin of the communication or document, show whether a message has been altered and ensure messages remain confidential. More and more businesses and individuals are using, or are seeking to use, electronic signatures and trust services and, with an increasing number of Government services available digitally, there will be continued growth in this market for some time to come. What is an e-signature and why should you use one? Electronic signatures deliver a way to sign documents in the online world, much like one signs a document with a pen in the offline world. Electronic signatures come in many forms, including: • Typewritten • Scanned • An electronic representation of a handwritten signature • A unique representation of characters • A digital representation of characteristics, for example, fingerprint or retina scan • A signature created by cryptographic means Electronic signatures can be divided into three groups: • Simple electronic signatures – these include scanned signatures and tickbox plus declarations. • Advanced electronic signatures – these are uniquely linked to the signatory, are capable of identifying the signatory, and are linked to data within the signature that can detect any changes made. 4
  • 5. Electronic Signatures and Trust Services • Qualified electronic signatures – an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Electronic signatures are only as secure as the business processes and technology used to create them. High value transactions need better quality electronic signatures – signatures used for these transactions need to be more securely linked to the owner in order to provide the level of assurance needed and to ensure trust in the underlying system. Better quality electronic signatures can offer: • Authentication – linking the signatory to the information • Integrity – allowing any changes to the information provided to be detected more easily • Non-repudiation – ensuring satisfaction (in a legal sense) about where the electronic signature has come from What is a trust service and why should you use them? In order to ensure the security and legal validity of an electronic activity, e-signatures are certainly important, but not always sufficient. Trust Services can offer: • Electronic time stamping – this is data in electronic form which binds other electronic data to a particular time, providing evidence that such data existed at that time. • Electronic seals – the electronic equivalent of a seal or stamp which is attached or incorporated into a document to guarantee its origin and integrity • Electronic registered delivery service – this is a service enabling parties to exchange electronic data securely by protecting the data against risk of loss, theft, damage or any unauthorised alterations. The service also provides evidence relating to the handling of the transmitted data, including proof of delivery and receipt. • Website authentication – a certificate that allows users to verify the authenticity of the website and its link to the entity/person owning the website What is electronic identification and why is it important? Online identification is becoming increasingly important as services move online. GOV.UK Verify is the new way to prove who you are online. It gives safer, simpler and faster access to government services like filing your tax or checking the information on your driving licence. 5
  • 6. Electronic Signatures and Trust Services A range of UK Government services are now available for use with GOV.UK Verify. For more information, you can visit the Verify webpage.4 4 https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify 6
  • 7. Electronic Signatures and Trust Services Legislative Background Directive 1999/93/EC on a Community framework for electronic signatures (‘Electronic Signatures Directive’) established a legal framework for electronic signatures and associated certification services to ensure the proper functioning of the internal market. In the UK, the Directive was implemented into law by the Electronic Communications Act 2000 and the Electronic Signatures Regulation 2002 (SI 2002 No. 318). The main objective behind the eIDAS Regulation is to update these rules and create a uniform regime for the mutual recognition of electronic identification and trust services throughout the EU. In the UK, the eIDAS Regulation has been implemented into law by the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (2016 No.696)5 and section 7 of the Electronic Communications Act 2000.6 The eIDAS Regulation is fundamentally split into two parts. The first section deals with electronic identification systems and establishes a legal framework that allows for mutual recognition of identification systems between Member States. The second section of eIDAS deals with Trust Services and electronic signatures in particular. It clarifies existing rules and introduces a new legal framework for electronic signatures and seals, time stamps, registered delivery services and website authentication, offering greater legal certainty to services that follow eIDAS’s rules, which are designed to improve the reliability and trustworthiness of these services. Electronic Signatures One important change to this regime is that an electronic signature can now only be used by individuals. Previously, under the Electronic Signatures Directive, an electronic signature could be used by both individuals and corporate organisations. The eIDAS Regulation makes a distinction between natural and legal persons. Advanced Electronic Signatures Another change from the new Regulation is the re-definition of the Advanced Electronic Signature, which allows unique identification and authentication of the signer of a document and enables the verification of the integrity of the signed agreement. This authentication is typically accomplished through the issuance of a digital certificate by a Certificate Authority. These certificates have existed for many years and now, under eIDAS, users are able to utilise mobile technology for this activity. Qualified Electronic Signatures 5 http://www.legislation.gov.uk/uksi/2016/696/pdfs/uksi_20160696_en.pdf 6 http://www.legislation.gov.uk/ukpga/2000/7/section/7 7
  • 8. Electronic Signatures and Trust Services The final type of signature defined under the eIDAS Regulation is the Qualified Electronic Signature (QES). While both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are Advanced Electronic Signatures created by qualified electronic signature creation devices, based on Qualified Certificates. Qualified Certificates can only be issued by a qualified trust service provider, which has been granted its qualified status by the Supervisory Body. The electronic signature creation data must also be stored on a qualified signature creation device such as a smart card, a USB token, or a cloud based trust service. Electronic Seals The eIDAS Regulation also introduces the recognition of electronic seals. These are similar to electronic signatures but only available to legal persons, such as corporate entities. Legal effect of electronic signatures, seals, time stamps, registered delivery services and electronic documents Articles 25, 35, 41, 43 and 46 of the eIDAS Regulation provides for a harmonised and appropriate legal framework for the use of electronic signatures, trust services and electronic documents, by ensuring the recognition of all as evidence in legal proceedings. Articles 25, 35, 41, 43 and 46 are implemented into UK law through section 7 of the Electronic Communications Act 2000. 8
  • 9. Electronic Signatures and Trust Services Trust Service Providers The eIDAS Regulation requires Member States to establish, maintain and publish trusted lists, containing information on qualified trust service providers (QTSPs) in their territory, together with information on the qualified trust services they provide. UK Trust Service Status List (TSL) Directive 2006/123/EC on services in the internal market (the Services Directive) was published on 12 December 2006 and Article 8 of the Services Directive allows for relevant procedures to be completed electronically and remotely. As a result, a trust mechanism has been put in place in order to provide confidence when completing these procedures online, consisting of a list of Trusted Providers that are established in each Member State of the EU (plus members of the European Economic Area). Under the eIDAS Regulation this Trusted List mechanism has been expanded. These lists are essential elements in the building of trust among market operators as they indicate the qualified status of the service provider at the time of supervision. In order to allow access to the trusted lists of all Member States in an easy manner, the European Commission has published a central list with links to the national "trusted lists"7 and the central list itself can be found on the Commission’s website.8 tScheme Limited is the UK’s Trusted List Scheme Operator (TLSO) and creates, hosts and maintains the UK’s Trust Service-status List (TSL) on behalf of the Department for Business, Energy and Industrial Strategy (BEIS). How to check and authenticate the TSL The digest information related to the certificate that supports the electronic signature of the machine-processable and human-readable versions of the UK’s TSL is presented here together with digest information on a new certificate that can be used to electronically sign the TSL in case of expiry or compromise of the current certificate. Only one of the two certificates below is applicable at a time. • The digital certificate can be authenticated through one of the following digests (sometimes referred to as the thumbprint): o The current certificate, which is valid from 20/02/14 until 20/02/2017:  SHA-1 digest (Hex) value: 17 9c 15 26 47 92 53 eb b3 39 c2 12 62 73 38 1d e2 77 38 14 o Or a new certificate that is valid from 08/08/2014 to 08/08/2017: 7 https://ec.europa.eu/digital-single-market/eu-trusted-list-certificate-providers-further-info-and-policy 8 https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml 9
  • 10. Electronic Signatures and Trust Services  SHA-1 digest (Hex) value: 56 45 69 46 82 b0 e5 8f f8 38 bb 55 96 2f 6e e1 a1 2d e3 b5 The authenticity and integrity of the TSL should be verified by the relevant parties prior to any use. More information on the list and its authentication can be found on the tScheme website.9 9 http://www.tscheme.org/UK_TSL/index.html 10
  • 11. Electronic Signatures and Trust Services Data Protection Organisations/persons involved with providing trust services are required to comply with Directive 95/46/EC which has been implemented into UK law as the Data Protection Act 1998. The Information Commissioner’s Office is the regulator for the Data Protection Act 1998. A guide on data protection can be found on the Information Commissioner’s Office website.10 10 https://ico.org.uk/for-organisations/guide-to-data-protection/ 11
  • 12. Electronic Signatures and Trust Services Supervisory Body – Information Commissioner’s Office The UK’s implementing regulations, the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016, designates the Information Commissioner’s Office (ICO) as the supervisory body for chapter III of the eIDAS Regulation, on the topic of Trust Services, and provides that it must carry out the tasks set out in Article 17 of the EU Regulation. The ICO must: • Take action if necessary in relation to Trust Service Providers if informed that they allegedly do not meet the requirements set out in the eIDAS Regulation. This could mean issuing an enforcement or assessment notice requiring an organisation to take a particular course of action or a fixed monetary penalty of up to £1000; • Inform other European supervisory bodies and the public about breaches of security or loss of integrity; • Submit a report to ENISA (European Union Agency for Network and Information Security) on its main activities and any breach notifications on an annual basis; • Carry out audits on Trust Service Providers where there is a justified reason for doing so; • Grant, withdraw and renew ‘Qualified’ status to Trust Service Providers; and • Verify the existence and correct application of provisions on termination plans for Qualified Trust Service Providers including how information will be kept accessible. 12
  • 13. Electronic Signatures and Trust Services Annex A – Definitions Advanced Electronic Signature – means an electronic signature which meets the requirements set out in Article 26 of the EU Regulation, which specifies the following requirements: • it is uniquely linked to the signatory; • it is capable of identifying the signatory; • it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and • it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. Certificate – a certificate is an electronic attestation that links signature-verification-data to a specific person and confirms the identity of that person. Under the eIDAS Regulation, certificates come in three forms: • a ‘certificate for electronic signature’ means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person; • a ‘certificate for electronic seal’ means an electronic attestation that links electronic seal validation data to a legal person and confirms the name of that person; and • a ‘certificate for website authentication’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued. Creator of a Seal – means a legal person who creates an electronic seal. Electronic Seal – means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity. Electronic Signature – means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. Electronic Signature Creation Data – means unique data which is used by the signatory to create an electronic signature. Electronic Signature Creation Device – means configured software or hardware used to create an electronic signature. Qualified Certificate for electronic signature – means a certificate for electronic signatures that is issued by a qualified trust service provider and meets the requirements laid down in 13
  • 14. Electronic Signatures and Trust Services Annex I of the eIDAS Regulation. Qualified certificates for electronic signatures shall contain: • an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic signature; • a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least, the Member State in which that provider is established and: o for a legal person: the name and, where applicable, registration number as stated in the official records, o for a natural person: the person’s name; • at least the name of the signatory, or a pseudonym; if a pseudonym is used, it shall be clearly indicated; • electronic signature validation data that corresponds to the electronic signature creation data; • details of the beginning and end of the certificate’s period of validity; • the certificate identity code, which must be unique for the qualified trust service provider; • the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; • the location where the certificate supporting the advanced electronic signature or advanced electronic seal is available free of charge; • the location of the services that can be used to enquire about the validity status of the qualified certificate; • where the electronic signature creation data related to the electronic signature validation data is located in a qualified electronic signature creation device, an appropriate indication of this, at least in a form suitable for automated processing. Qualified Electronic Signature – means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Qualified Electronic Signature Creation Device – means an electronic signature creation device that meets the requirements laid down in Annex II of the eIDAS Regulation. Qualified Trust Service Provider – means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the Supervisory Body. 14
  • 15. Electronic Signatures and Trust Services Signatory – means a natural person who creates an electronic signature. Trust Service – means an electronic service normally provided for remuneration which consists of: • the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or • the creation, verification and validation of certificates for website authentication; or • the preservation of electronic signatures, seals or certificates related to those services. Trust Service Provider – means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider. For a full set of definitions, please refer to the EU Regulation.11 11 http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN 15