We enable over 4,000 organizations across Europe to deliver exceptional business services, with a central focus on earning and maintaining your trust.
Supporting your digital business transformation with cloud-based eIDAS compliant electronic signatures
Verified’s powerful workflows and electronic signature and authentication solutions allow your business to complete transactions, agreements and approvals faster all while being compliant with eIDAS standards. Verified is providing you with real-time signer certificates at the time of signing, reducing the need for in-house digital certificate management and hence reducing the operational management complexity your business might need to handle.
Electronic signature is a broad term for any kind of signature in an electronic format. They are a legal way to get approval or consent on electronic documents or forms and can be considered as a replacement of a written signature. There are different levels of assurance among electronic signatures, which are most often differentiated into electronic and digital signatures.
Commonly, electronic signatures come with no level of assurance regarding the authenticity of the signer. For example, confirming the delivery of a parcel by signing on a device offered by the delivery service provider acknowledges that the parcel has been delivered, but does not provide any further authentication of the signature and hence the person who received the parcel.
A digital signature provides more advanced levels of assurance regarding the authenticity of the signer. The advanced levels of assurance are provided by so-called trusted service providers, who hold the license to issue electronic IDs/digital IDs.
When signing a document with an eID, higher levels of security are realized through fast and easy validation of a person’s identity, also ensuring that only the correct signer has access to the information provided and no one else.
It also provides evidence regarding the origin, identity and status of an electronic document or transaction and acknowledges an informed consent by the signer. Documents signed with an eID support the provision of proof that an electronic document or transaction was not forged or modified intentionally or unintentionally from the time it was signed. Tamper-sealed protection secures an audit trail of any potential changes made within an electronic document or transaction by adding electronic logs from the moment a document is created. This is done by a unique hash for the electronic document or transaction and encrypting it with the sender’s private key. If the electronic document or transaction has changed, the hash will change as well.
Verified complies with the eIDAS Regulation set by the European Union on electronic identification and trust services for electronic transactions in the European Single Market. The eIDAS Regulation’s intent is to enable convenient and secure electronic transactions across EU borders for citizens, businesses, and public sector institutions. Regulation (EU) No 910/2014 (eIDAS Regulation) went into force on 1 July, 2016, being mandatory and fully adopted in all EU member states, with precedent over any conflicting national laws.
eIDAS ensures that each form of electronic signature is admissible as evidence in EU courts and shall not be denied legal effect solely because it is in electronic form. However, the enforceability of an agreement made using electronic signatures is depending on the type of electronic signature used and its embedded evidence. A scanned image of a written signature is more likely to be challenged in court versus a qualified electronic signature meeting multiple EU technical standards and containing significant embedded signer information.
eIDAS differentiates four different levels of electronic signatures, of which level 1 (lowest level) is not in scope of the eIDAS regulation. We will focus on eIDAS assurance levels 2 till 4 in the following paragraphs.
Do you need to accept a delivery package? Check a digital box on a desktop screen? Scan a manually signed document? Then the basic electronic signature will suffice. This may either be a signature that’s manually put on a desktop screen (after which it’s digitally saved) or a click on an ‘I accept’ button.
Generally, this type of signature is mainly used in lower-value processes, as there is no foolproof way to confirm the identity of the signer. If someone would copy another person’s signature and put it on the document, it would be difficult to prove (or even discover) that. Using the basic electronic signature in legally valid documents could obviously pose an issue, depending on the process in place. Therefore, a signature on insurance, financial, or real estate documents, for example, should meet stricter requirements so it can be connected to the signer with (more) certainty.
According to eIDAS, at the basic level, an electronic signature can be defined as:
“Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”
Taking this definition literally, you can sign a document simply by scanning your signature or ticking a box in a document opened on your device of choice. Technically, the data is in electronic form and attached to a file, but there are problems with this model which eIDAS is trying to address.
As you might already have guessed, this isn’t covering the purpose of signing a document at all. The document can still be tampered with, and a “signature” can easily be forged (i.e., we cannot be sure who ticked the box to confirm the terms and conditions were accepted). Simply put: Neither integrity nor authenticity of the document are guaranteed.
Under eIDAS, this is a type of electronic signature that must meet specific requirements providing a higher level of signer ID verification, security, and tamper-sealing. The main requirements are:
Using digital signatures that are applied with a digital certificate satisfies all of the above requirements. Digital certificates are obtained after a thorough verification of an individual’s identity by a trusted third party (e.g. certificate authority). Digital certificates, and their resulting signatures, are unique to the individual and virtually impossible to spoof, achieving the two requirements above.
Because the signatory is the sole holder of the private key which is used to apply the signature (see our article on Public Key Infrastructure to get an understanding of how public and private keypairs work), you can be assured that the signer is the person who they say they are. Finally, part of the signature verification process, which automatically occurs when a recipient opens the document, includes checking to see if any changes have been made to the document since it was signed.
This is the only electronic signature type to have special legal status in EU member states, being the legal equivalent of a written signature. It must meet advanced electronic signature requirements and be backed by a qualified certificate, meaning a certificate issued by a trust service provider that is on the EU Trusted List (ETL) and certified by an EU member state. The trust service provider must verify the identity of the signer and vouch for the authenticity of the resulting signature. Furthermore, the signature has been given by approved means like a qualified signature creation device.
The legal framework of the country you are operating in defines if there is a need for a qualified signature or if an advanced electronic signature is considered as legally binding. However, depending on the type of business you are in, a qualified electronic signature might be the right one to choose for you. For instance, any business that is exposed to a high risk of scam or fraud might consider having a more secure signing system implemented. This could be businesses operating in the financial, insurance, healthcare or telecommunications sector, as well as governmental institutions.
As explained above, electronic signatures are classified by the level of assurance they offer. Each of the three types of electronic signatures can be legally effective under eIDAS. A basic level of integrity is always guaranteed in the sense that content can’t be altered after signing the document. But the levels of security differ significantly, and if you ever need to prove to a court a signature is genuine and was intentionally put on a particular document, there’s a difference in the evidence you must provide.
Hosting of our platform for our operational services storage ISO/IEC 27001:2013, SOCI-III, PCI DSS and more.
Org no: 516411-0669, Kungsgatan 49, 111 22 Stockholm, Sverige
Processing customers data
EU
Lookup services
974 760 673, Brønnøysundregistera, Postboks 900, 8910 Brønnøysund
Yes
EU
Use logdata for Observability, monitoring and security purposes. Read more: https://trust.datadoghq.com/.
Datadog, Inc. 620 8th Ave 45th Floor, New York, NY 10018 USA https://trust.datadoghq.com/
Yes
EU
Lookup services
Org no: 556341-5685, Rosenborgsgatan 4-6, Solna, Sweden
Yes, from Dec 27, 2023
EU
Signing, authentication
14080014, Telliskivi tn 60/1, Tallinn, Estonia, 10412
If customer uses the service
EU
Signing, authentication, lookup services with BankID SE
556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm
If customer uses the service
EU
Storage of files that enables the customer to maintain the text and its translations to different languages that are used if the service “smart forms” is used.
ISO/IEC 27001:2013, SOC 2, CSA STAR and more: https://cloud.google.com/security IEno 6388047V, Gordon House, Barrow Street, Dublin 4
If customer uses the service
EU if customer select to use the service
Offer eID (MitID in Denmark)
C/O IN Groupe Denmark A/STeknikerbyen 5, 2.Søllerød2830 Virum
If customer select to use the service
EU
Storage of process data generated and could be used during usage of some of our services as custom flows and AML.
ISO/IEC 27001:2013, SOC 2, PCI DSS and more: Number One Ballsbridge, Ballsbridge, Dublin 4, Ireland
EU if customer select to use the service
Signing, authentication, payments, lookup services
SOC 2
37427497, Klausdalsbrovej 601, DK-2750 Ballerup, Denmark
If customer select to use the service.
EU
Lookup services supporting AML and KYC compliance
559161-4275, Dansbanevägen, 16, 126 31 Hägersten, Sweden
If customer uses the service
EU
Operational services for contract management.
559364-3058
Skogsfrugränd 1, 16762 Bromma, Sweden
If customer select to use the service.
EU
Signing, authentication, payments, lookup services
Org no: 556586-4773, Kungsgatan 56, 111 22 Stockholm, Sweden
If customer select to use the service
EU
Signing, authentication, payments, lookup services
918 713 867, Postboks 9236 Grønland, 0134 Oslo
If customer uses the service
EU
Tool for our customer support services and ticket application. Contains information provided by the customer and support staff about the service. ISO 27001:18, AICPA, SOCII etc. See: https://www.zendesk.com/product/zendesk-security/
EIN no: 26-4411091, SEC CIK #0001463172, 989 Market St, San Francisco, CA 94103
If customer uses the service
EU
Quick and easy
Touch ID, Email, SMS OTP
SMS OTP, Mail OTP, BankID Sweden, BankID Norway, FTN, MitID
BankID Norway
ISO 27001
International Organization for Standardisation
Certified ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.
BankID
BankID
Verified is a compliant partner and issuer of BankID in Norway and Sweden. Merchants get their certificates issued through Verified. Verified adheres to the current requirements of BankID to keep this status/position. BankID meets the banks’ own high standards for Internet banking security.