Regulation information | |
Name | Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market |
Applicable region | European Union |
Applicable from date | 2014 (Amended 2024) |
The EU eIDAS Regulation (EU eIDAS), short for ‘electronic identification, authentication, and trust services’, sets out rules for EU trust services and establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.
Xemplo complies with the EU eIDAS requirements for 'electronic signatures'. Under the definition of the electronic signatures in the regulation (Article 3), an electronic signature is defined as:
Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. |
Definition of an 'electronic signature'
There are three levels of compliance with the regulation for electronic signatures:
- Simple electronic signatures (SES) - a simple electronic signature is any method an individual uses to ‘sign’ an electronic document via 'simple' methods including affixing text or a digital image;
- Advanced electronic signatures (AdES) - an advanced electronic signature requires additional controls for electronic signatures, including the requirement to uniquely link to the person signing the data in electronic form and detect any changes made to the data afterwards.
- Qualified electronic signatures (QES) - are required for specific transaction types only and have the same features as advanced electronic signatures but are created using technology and procedures which provide a higher standard of security, meet stricter validation criteria and are supported by a digital certificate meeting the requirements of EU eIDAS. They have the same legal effect as a handwritten signature. Qualified electronic signature providers must complete a verified conformance process with a conformity assessment body.
Xemplo conformance with EU eIDAS regulation
Xemplo can be configured to meet the requirements of the regulation for Advanced electronic signatures for company and worker (either employee or contractor) documents. Advanced electronic signatures are required for specific documents created throughout the employment/contract relationship. There are no documents produced by Xemplo that required a Qualified electronic signature.
Where a document must be signed by a party outside the Xemplo system (for example, an external agency), the document should be sent securely using an alternate electronic document signing application to conform with the regulation. Additionally, where a customer would prefer to collect a signature that complies with the regulation as a Qualified Electronic Signature, the document should be sent securely using an alternate electronic document signing application to conform with the regulation. |
The following table describes how Xemplo complies with each individual requirement in the regulation.
Requirement | How Xemplo conforms with requirement | Configuration |
Electronic signature | Requires document signatories to affix unique signature to an issued document. | Standard |
Electronic timestamp | The date timestamp that a signature was applied by a user in Xemplo is recorded. | Standard |
Link document to specified signatory |
All signatories to documents issued by Xemplo must create a user account to review and sign documents. |
Standard |
Verify identity of signatory |
Signatories must provide documentation to verify their identity in Xemplo alongside or prior to signing documents issued in Xemplo. |
Additional |
Prevent further amendments to documents after signing |
Documents signed in Xemplo cannot be amended after signing. |
Standard |
Allow signatory to access signed document after initial signing |
All signatories to a document is Xemplo can access the signed document after completion of the signing process for as long as the document is valid (for example, an employee can access their signed employment contract while they are employed by the organisation) |
Standard |
Website authentication certificate |
The Xemplo website and all services delivered by Xemplo are accompanied by a website authentication certificate that identifies Xemplo and verifies that the website is genuine, that is delivered by a qualified trust provider. |
Standard |
Electronic registered delivery service |
Xemplo is a secure online service that transmits all data associated with issued documents electronically, and controls and verifies that it was not intercepted or altered on the way. |
Standard |
Certificate for electronic signatures |
Xemplo stores all digital data and confirms the origin and authenticity of signed or sealed data e.g. a document. |
Standard |