Regulation information | |
Name | The Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019 |
Applicable region | United Kingdom |
Applicable from date | 2019 |
The UK eIDAS Regulation (UK eIDAS), short for ‘electronic identification, authentication, and trust services’, sets out rules for UK trust services and establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.
UK eIDAS is an amended form of the EU eIDAS Regulation and retains many aspects of the EU eIDAS Regulation but is tailored for use within the UK.
Xemplo complies with the UK eIDAS requirements for 'electronic signatures'. Under the definition of the electronic signatures in the regulation (Article 3), an electronic signature is defined as:
Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. |
Definition of an 'electronic signature'
There are three levels of compliance with the regulation for electronic signatures:
- Simple electronic signatures (SES) - a simple electronic signature is any method an individual uses to ‘sign’ an electronic document via 'simple' methods including affixing text or a digital image;
- Advanced electronic signatures (AdES) - an advanced electronic signature requires additional controls for electronic signatures, including the requirement to uniquely link to the person signing the data in electronic form and detect any changes made to the data afterwards.
- Qualified electronic signatures (QES) - are required for specific transaction types only and have the same features as advanced electronic signatures but are created using technology and procedures which provide a higher standard of security, meet stricter validation criteria and are supported by a digital certificate meeting the requirements of UK eIDAS. They have the same legal effect as a handwritten signature. Qualified electronic signature providers must complete a verified conformance process with a conformity assessment body.
Xemplo conformance with UK eIDAS regulation
Xemplo can be configured to meet the requirements of the regulation for Advanced electronic signatures for company and worker (either employee or contractor) documents. Advanced electronic signatures are required for specific documents created throughout the employment/contract relationship. There are no documents produced by Xemplo that required a Qualified electronic signature.
Where a document must be signed by a party outside the Xemplo system (for example, an external agency), the document should be sent securely using an alternate electronic document signing application to conform with the regulation. Additionally, where a customer would prefer to collect a signature that complies with the regulation as a Qualified Electronic Signature, the document should be sent securely using an alternate electronic document signing application to conform with the regulation. |
The following table describes how Xemplo complies with each individual requirement in the regulation.
Requirement | How Xemplo conforms with requirement | Configuration |
Electronic signature | Requires document signatories to affix unique signature to an issued document. | Standard |
Electronic timestamp | The date timestamp that a signature was applied by a user in Xemplo is recorded. | Standard |
Link document to specified signatory |
All signatories to documents issued by Xemplo must create a user account to review and sign documents. |
Standard |
Verify identity of signatory |
Signatories must provide documentation to verify their identity in Xemplo alongside or prior to signing documents issued in Xemplo. |
Additional |
Prevent further amendments to documents after signing |
Documents signed in Xemplo cannot be amended after signing. |
Standard |
Allow signatory to access signed document after initial signing |
All signatories to a document is Xemplo can access the signed document after completion of the signing process for as long as the document is valid (for example, an employee can access their signed employment contract while they are employed by the organisation) |
Standard |
Website authentication certificate |
The Xemplo website and all services delivered by Xemplo are accompanied by a website authentication certificate that identifies Xemplo and verifies that the website is genuine, that is delivered by a qualified trust provider. |
Standard |
Electronic registered delivery service |
Xemplo is a secure online service that transmits all data associated with issued documents electronically, and controls and verifies that it was not intercepted or altered on the way. |
Standard |
Certificate for electronic signatures |
Xemplo stores all digital data and confirms the origin and authenticity of signed or sealed data e.g. a document. |
Standard |
Requirements for Scotland
UK eIDAS applies to the whole of the UK. However, Scotland also has its own separate statutory regime for electronic signatures which sets it apart from England, Wales and Northern Ireland. In contrast to English law (which is generally conducive to executing documents with a simple electronic signature), Scots law ascribes more importance to Advanced electronic signatures (AdES).
Documents issued by companies in Scotland must also comply with the Requirements of Writing (Scotland) Act 1995 (RWSA). Documents must be signed or “authenticated” with an AdES (Regulation 2 of the Electronic Documents (Scotland) Regulations 2014 (2014 Regulations)) to be valid.