Legislation: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/What+is+the+legislation+-+esignature
Most important facts:
- electronic documents cannot be denied legal effect solely because they are in electronic form
- the introduction of electronic seals, available to legal persons, technologically similar to electronic signature and ensuring identity and integrity
Question:What does qualified means in the following statements?
- qualified trust services across Europe
- a qualified validation service for qualified electronic signatures
List of technical specifications for XML, CMS or PDF advanced electronic signatures and the associated signature container.
Advanced electronic signatures mentioned in Article 1 of the Decision must comply with one of the following ETSI technical specifications with the exception of clause 9 thereof:
Standard | Document |
---|---|
XAdES Baseline Profile | ETSI TS 103171 v.2.1.1. |
CAdES Baseline Profile | ETSI TS 103173 v.2.2.1. |
PAdES Baseline Profile | ETSI TS 103172 v.2.2.2. |
Associated signature container mentioned in Article 1 of the Decision must comply with the following ETSI technical specifications:
Standard | Document |
---|---|
Associated Seal Container Baseline Profile | ETSI TS 103174 v.2.2.1 |
- What is a digital identity? Only the ones handed out by qualified trust services like countries?
- I understand you need an identity handed out by a qualified trust service to interact with the government but is this also required for other legally binding signatures?
Looks like the pdf specs are written by Adobe itself.
CMS is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data.
In our case, CMS seems like the best option, need to see how we can technically comply.
At first glance, it seems based on certificates so I am a bit afraid it involves traditional Certification Authorities.