nCipher Security Blog

eIDAS - establishing trust in digital signatures

Juan Asenjo | Director of Product, Solutions and Partner Marketing - nCipher Security More About This Author >

A few years ago, the BBC reported that the power of the traditional hand-written signature was under threat from its digital counterpart. While it may have taken some time, the increasing adoption of digital services – from banking and financial transactions in the private sector, to taxes and healthcare in the public – has led to a significant rise in the use of electronic signatures. But, although electronic signatures have been recognized as legally valid in some countries in Europe for years, a lack of consistency across the EU member states has proved a hindrance to cross-border business.

With enforcement of EU Regulation No. 910/2014 back in 2016, the use of electronic signatures has continued to increase. The electronic identity, authentication, and signing regulation, better known as eIDAS, is designed to establish a framework for electronic transactions that enables legally binding cross-border business throughout the European internal market.

Indeed, eIDAS creates standards for which electronic signatures are given the same legal standing as their “wet-ink” equivalents, and sees the regulation of Trust Service Providers (TSPs) by supervisory bodies within their respective member state.

Businesses operating in the EU benefit from using trust services that comply with the regulation: any signed documents and agreements is valid throughout the EU. By using a Qualified Trust Service they can be sure that a document's electronic signature has at least the same validity as a wet-ink signature. Banks in particular are using the eIDAS regulations to ensure the identity of their customers and the validity of their agreements. As governments extend their digital services to their citizens, they are also requiring the use of eIDAS compliant services and signatures.

To ensure that they remain compliant, TSPs are required to use qualified signature creation devices, or QSCDs, employing strong cryptography to protect the security of their signatures.

But, however strong that cryptography may be, it will only ever be as good as the root of trust that protects the underpinning cryptographic keys.

And it’s here where nCipher comes into the picture.

Common Criteria EAL 4+ certified, nCipher nShield hardware security modules (HSMs) are the root of trust for Trust Services. In short, as approved QSCDs, they enable TSPs to comply with eIDAS Regulations.

As digital signatures become more prevalent, and are now recognized as legally valid across the EU, regulations such as eIDAS are important in reassuring European consumers that TSPs can protect the validity of their digital transactions and their identity. As part of this, nCipher is working with leading digital service providers, integrating nShield HSMs to serve as the root of trust for protecting customers’ most valuable and sensitive digital assets with eIDAS-compliant solutions.

And it’s not just in the EU. Government and businesses in other countries are now adopting the eIDAS model to establish trust and legally binding digital signatures. Stay tuned for upcoming blogs and case studies to learn more. To find out how nCipher is helping organizations meet the eIDAS standard click here. You can also follow the company on Twitter, LinkedIn, and Facebook.