Implementing eIDAS-compliant corporate eSeals

Posted by Liaquat Khan on 08-Apr-2016 12:51:50

Ensuring compliance and security is a business's top priority. In our latest blog, we explain how organisations can implement eIDAS-compliant corporate eSeals.

What are corporate eSeals?

Corporate seals have been used by companies to protect paper documents from forgery for a long time.  A document stamped with the company seal implied that it was officially from the company, i.e. the legal entity rather than a natural person, such as the company Director. 

eIDAS Implementing Corporate eSeals

Ensuring digital security

In today’s Internet age, with increasingly sophisticated phishing attacks, the need for companies to show that e-documents originated from them and can be trusted is even stronger than the paper world. 

Example documents include e-invoices, e-statements, and e-bills.  In some cases, laws (e.g. VAT Regulations) demand the integrity and authenticity of these documents. At other times, protecting the trustworthiness of the corporate brand from misuse is also important. 

The simple security solution is to just e-sign them! Well eSignatures, or to be more precise, digital signatures based on cryptography, provide integrity and authentication services. There is a lot more to it than just that.

Problems with e-signing before eIDAS

There are essentially four main challenges:

  • Corporations as legal entities need to be able to create secure and trustworthy signatures, just as much as natural persons
  • The signed documents need to be verifiable across borders, as modern businesses interact with customers, suppliers and employees in multiple countries
  • The security and trustworthiness of the legal entity’s signature needs to be clearly understood and legally accepted across all of these jurisdictions
  • The signing process needs to handle large batches of documents e.g. one of our corporate clients issues a million e-invoices per month. This volume necessitates the use of automated document signing without human intervention.

Before eIDAS (EU Regulation 910/2014), there was no clear solution to meet these requirements.  Each country had its own way of doing things and cross-border interoperability and trust suffered as a result.

How eIDAS solves these challenges

With the advent of eIDAS, which repeals the old EU eSignature Regulation from July 2016, a new type of electronic signature is introduced – the “Electronic Seal”.  These are online signatures applied by a Legal Person rather than a Natural Person.

Often in business interactions, you are more interested in knowing whether the transacting company will abide by the agreement rather than the individual person who might be signing the agreement. In the business world, standards around electronic seals (eSeals) are significantly more important than natural person signatures which identify a citizen only. 

eIDAS defines eSeals and “Qualified Electronic Seals”. These can only be created using a qualified certificate issued to a legal person and signed using a Qualified Electronic Seal Creation Device (QESCD).  

Qualified eSeals have automatic presumption of integrity of the data and of correctness of the origin of that data to which the Qualified Electronic Seal is linked across all of the EU Member States.




How to implement eIDAS Compliant Electronic Seals

Implementing Qualified eSeals, that are compliant with the eIDAS Regulation, requires the following components:

  • A qualified certificate for your company - We work with our trusted qualified Certificate Authority (CA) service provider partners to deliver these.  
  • A qualified electronic seal creation device (QESCD) - E.g. an appropriately certified Hardware Security Module (HSM) to manage the eSeal creation key and create eSeals using this.
  • A secure electronic seal creation application - It can provide high-performance bulk signing of documents whilst ensuring the eSeal creation key (e.g. RSA private key) remains under the control of the signatory with a high degree of confidence.

How SigningHub helps businesses implement eSeals

The SigningHub security engine, known as Ascertia ADSS Signing Server, delivers secure corporate eSeals. It is directly invoked by business applications using high-level web services APIs (in Java or .NET) to perform on-demand bulk eSealing of documents. 

To provide a high level of trust for eIDAS compliance, ADSS Signing Server:

  • Authenticates business applications initiating the batch run
  • Checks that they are authoritised to access the eSeal creating key inside the HSM
  • Asks for a real person, who is responsible for the legal entity, to provide a signed authorisatio file

The signed authorisation file proves the legal representative has given approval for the eSeal to be created.  The signed authorisation file can be signed by one or more persons, and uses an M of N scheme, e.g. 3 out of 5 people are needed to authorise the batch run. The signed authorisation file also has a lifetime indicator so that it can be used for multiple batches, ensuring minimum manual overhead. 

Contact us for further details on how we can help you to create eSeals which are trusted, eIDAS-compliant and interoperable cross-border.



Recent Posts

Download this essential eBook

Choosing the right type of e-signature
for your business

Download your eBook