Trust Center

We enable over 4,000 organizations across Europe to deliver exceptional business services, with a central focus on earning and maintaining your trust.

eID

Supporting your digital business transformation with cloud-based eIDAS compliant electronic signatures

Verified’s powerful workflows and electronic signature and authentication solutions allow your business to complete transactions, agreements and approvals faster all while being compliant with eIDAS standards. Verified is providing you with real-time signer certificates at the time of signing, reducing the need for in-house digital certificate management and hence reducing the operational management complexity your business might need to handle.

Electronic and digital signatures

Electronic signature is a broad term for any kind of signature in an electronic format. They are a legal way to get approval or consent on electronic documents or forms and can be considered as a replacement of a written signature. There are different levels of assurance among electronic signatures, which are most often differentiated into electronic and digital signatures.

Commonly, electronic signatures come with no level of assurance regarding the authenticity of the signer. For example, confirming the delivery of a parcel by signing on a device offered by the delivery service provider acknowledges that the parcel has been delivered, but does not provide any further authentication of the signature and hence the person who received the parcel.

A digital signature provides more advanced levels of assurance regarding the authenticity of the signer. The advanced levels of assurance are provided by so-called trusted service providers, who hold the license to issue electronic IDs/digital IDs.

When signing a document with an eID, higher levels of security are realized through fast and easy validation of a person’s identity, also ensuring that only the correct signer has access to the information provided and no one else.

It also provides evidence regarding the origin, identity and status of an electronic document or transaction and acknowledges an informed consent by the signer. Documents signed with an eID support the provision of proof that an electronic document or transaction was not forged or modified intentionally or unintentionally from the time it was signed. Tamper-sealed protection secures an audit trail of any potential changes made within an electronic document or transaction by adding electronic logs from the moment a document is created. This is done by a unique hash for the electronic document or transaction and encrypting it with the sender’s private key. If the electronic document or transaction has changed, the hash will change as well.

eIDAS

Verified complies with the eIDAS Regulation set by the European Union on electronic identification and trust services for electronic transactions in the European Single Market. The eIDAS Regulation’s intent is to enable convenient and secure electronic transactions across EU borders for citizens, businesses, and public sector institutions. Regulation (EU) No 910/2014 (eIDAS Regulation) went into force on 1 July, 2016, being mandatory and fully adopted in all EU member states, with precedent over any conflicting national laws.

eIDAS ensures that each form of electronic signature is admissible as evidence in EU courts and shall not be denied legal effect solely because it is in electronic form. However, the enforceability of an agreement made using electronic signatures is depending on the type of electronic signature used and its embedded evidence. A scanned image of a written signature is more likely to be challenged in court versus a qualified electronic signature meeting multiple EU technical standards and containing significant embedded signer information.

eIDAS differentiates four different levels of electronic signatures, of which level 1 (lowest level) is not in scope of the eIDAS regulation. We will focus on eIDAS assurance levels 2 till 4 in the following paragraphs.

Basic Electronic Signatures

Do you need to accept a delivery package? Check a digital box on a desktop screen? Scan a manually signed document? Then the basic electronic signature will suffice. This may either be a signature that’s manually put on a desktop screen (after which it’s digitally saved) or a click on an ‘I accept’ button.

Generally, this type of signature is mainly used in lower-value processes, as there is no foolproof way to confirm the identity of the signer. If someone would copy another person’s signature and put it on the document, it would be difficult to prove (or even discover) that. Using the basic electronic signature in legally valid documents could obviously pose an issue, depending on the process in place. Therefore, a signature on insurance, financial, or real estate documents, for example, should meet stricter requirements so it can be connected to the signer with (more) certainty.

According to eIDAS, at the basic level, an electronic signature can be defined as:

“Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”

Taking this definition literally, you can sign a document simply by scanning your signature or ticking a box in a document opened on your device of choice. Technically, the data is in electronic form and attached to a file, but there are problems with this model which eIDAS is trying to address.

As you might already have guessed, this isn’t covering the purpose of signing a document at all. The document can still be tampered with, and a “signature” can easily be forged (i.e., we cannot be sure who ticked the box to confirm the terms and conditions were accepted). Simply put: Neither integrity nor authenticity of the document are guaranteed.

Advanced Electronic Signatures

Under eIDAS, this is a type of electronic signature that must meet specific requirements providing a higher level of signer ID verification, security, and tamper-sealing. The main requirements are:

  • Uniquely linked to the signer, enabling its identification
  • The signer can use the signature creation data under their sole control with a high level of confidence
  • Any subsequent changes in the signed data can be detectable

Using digital signatures that are applied with a digital certificate satisfies all of the above requirements. Digital certificates are obtained after a thorough verification of an individual’s identity by a trusted third party (e.g. certificate authority). Digital certificates, and their resulting signatures, are unique to the individual and virtually impossible to spoof, achieving the two requirements above.

Because the signatory is the sole holder of the private key which is used to apply the signature (see our article on Public Key Infrastructure to get an understanding of how public and private keypairs work), you can be assured that the signer is the person who they say they are. Finally, part of the signature verification process, which automatically occurs when a recipient opens the document, includes checking to see if any changes have been made to the document since it was signed.

Qualified Electronic Signatures

This is the only electronic signature type to have special legal status in EU member states, being the legal equivalent of a written signature. It must meet advanced electronic signature requirements and be backed by a qualified certificate, meaning a certificate issued by a trust service provider that is on the EU Trusted List (ETL) and certified by an EU member state. The trust service provider must verify the identity of the signer and vouch for the authenticity of the resulting signature. Furthermore, the signature has been given by approved means like a qualified signature creation device.

The legal framework of the country you are operating in defines if there is a need for a qualified signature or if an advanced electronic signature is considered as legally binding. However, depending on the type of business you are in, a qualified electronic signature might be the right one to choose for you. For instance, any business that is exposed to a high risk of scam or fraud might consider having a more secure signing system implemented. This could be businesses operating in the financial, insurance, healthcare or telecommunications sector, as well as governmental institutions.

What is the difference?

As explained above, electronic signatures are classified by the level of assurance they offer. Each of the three types of electronic signatures can be legally effective under eIDAS. A basic level of integrity is always guaranteed in the sense that content can’t be altered after signing the document. But the levels of security differ significantly, and if you ever need to prove to a court a signature is genuine and was intentionally put on a particular document, there’s a difference in the evidence you must provide.


Verified offers the following integrations:

Native methods

  • BankID, Sweden
  • BankID, Norway
  • FTN, Finland
  • Email
  • SMS OTP
  • Touch Sign

Third party integrations & ID hubs

  • Smart-ID, the Baltics
  • Freja-ID, Sweden
  • Passport reader, Global
  • ID card, Belgium
  • ID card, Serbia
  • ID card, Lithuania
  • ID card Latvia
  • ID card Estonia

Amazon

Description and relevant certification

Hosting of our platform for our operational services storage ISO/IEC 27001:2013, SOCI-III, PCI DSS and more.

Company ID and address

Org no: 516411-0669, Kungsgatan 49, 111 22 Stockholm, Sverige

Processing customers data

Processing customers data

Region

EU

Bronnoysundregistrene

Description and relevant certification

Lookup services

Company ID and address

974 760 673, Brønnøysundregistera, Postboks 900, 8910 Brønnøysund

Processing customers data

Yes

Region

EU

Datadog

Description and relevant certification

Use logdata for Observability, monitoring and security purposes. Read more: https://trust.datadoghq.com/.

Company ID and address

Datadog, Inc. 620 8th Ave 45th Floor, New York, NY 10018 USA https://trust.datadoghq.com/

Processing customers data

Yes

Region

EU

Dun & Bradstreet

Description and relevant certification

Lookup services

Company ID and address

Org no: 556341-5685, Rosenborgsgatan 4-6, Solna, Sweden

Processing customers data

Yes, from Dec 27, 2023

Region

EU

EID Easy OÜ

Description and relevant certification

Signing, authentication

Company ID and address

14080014, Telliskivi tn 60/1, Tallinn, Estonia, 10412

Processing customers data

If customer uses the service

Region

EU

Finansiell ID-Teknik BID AB

Description and relevant certification

Signing, authentication, lookup services with BankID SE

Company ID and address

556630-4928, Södra Kungstornet; Kungsgatan 33; 111 56 Stockholm

Processing customers data

If customer uses the service

Region

EU

Google Ireland Limited

Description and relevant certification

Storage of files that enables the customer to maintain the text and its translations to different languages that are used if the service “smart forms” is used.

Company ID and address

ISO/IEC 27001:2013, SOC 2, CSA STAR and more: https://cloud.google.com/security IEno 6388047V, Gordon House, Barrow Street, Dublin 4

Processing customers data

If customer uses the service

Region

EU if customer select to use the service

IN Groupe Trust Services ApS

Description and relevant certification

Offer eID (MitID in Denmark)

Company ID and address

C/O IN Groupe Denmark A/STeknikerbyen 5, 2.Søllerød2830 Virum‍

Processing customers data

If customer select to use the service

Region

EU

MongoDB Limited

Description and relevant certification

Storage of process data generated and could be used during usage of some of our services as custom flows and AML.

Company ID and address

ISO/IEC 27001:2013, SOC 2, PCI DSS and more: Number One Ballsbridge, Ballsbridge, Dublin 4, Ireland

Processing customers data

Region

EU if customer select to use the service

Nets AS

Description and relevant certification

Signing, authentication, payments, lookup services

SOC 2

Company ID and address

37427497, Klausdalsbrovej 601, DK-2750 Ballerup, Denmark

Processing customers data

If customer select to use the service.

Region

EU

Plisec AB

Description and relevant certification

Lookup services supporting AML and KYC compliance

Company ID and address

559161-4275, Dansbanevägen, 16, 126 31 Hägersten, Sweden

Processing customers data

If customer uses the service

Region

EU

Tagd AB

Description and relevant certification

Operational services for contract management.

Company ID and address

559364-3058
Skogsfrugränd 1, 16762 Bromma, Sweden

Processing customers data

If customer select to use the service.

Region

EU

Trapets AB

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

Org no: 556586-4773, Kungsgatan 56, 111 22 Stockholm, Sweden

Processing customers data

If customer select to use the service

Region

EU

Vipps AS

Description and relevant certification

Signing, authentication, payments, lookup services

Company ID and address

918 713 867, Postboks 9236 Grønland, 0134 Oslo

Processing customers data

If customer uses the service

Region

EU

Zendesk, Inc.

Description and relevant certification

Tool for our customer support services and ticket application. Contains information provided by the customer and support staff about the service. ISO 27001:18, AICPA, SOCII etc. See: https://www.zendesk.com/product/zendesk-security/

Company ID and address

EIN no: 26-4411091, SEC CIK #0001463172, 989 Market St, San Francisco, CA 94103

Processing customers data

If customer uses the service

Region

EU

Basic electronic - Level 2

Character

Quick and easy

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Customer on-boarding
  • Signing when receiving a parcel

Type

Touch ID, Email, SMS OTP

Advanced electronic - Level 3

Character

  • Linked to signer
  • Increased legally binding proof
  • More trustworthy than basic electronic signature

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Loan application
  • Employment contracts
  • Insurance documents
  • Documents from public authorities

Type

SMS OTP, Mail OTP, BankID Sweden, BankID Norway, FTN, MitID

Qualified electronic - Level 4

Character

  • Highest level of security
  • Personal link to signer
  • Digital equivalent of a written signature
  • Legal obligation

Use cases (local regulations regarding the legal validity and the availability of level 4 signatures apply)

  • Loan application
  • Employment contracts
  • Insurance documents
  • Documents from public authorities

Type

BankID Norway

Standard

ISO 27001

Sponsor

International Organization for Standardisation

Status

Certified ISO 27001 is specification for an information security management system (ISMS), which is a framework for an organization's information risk management processes.

Standard

BankID

Sponsor

BankID

Status

Verified is a compliant partner and issuer of BankID in Norway and Sweden. Merchants get their certificates issued through Verified. Verified adheres to the current requirements of BankID to keep this status/position. BankID meets the banks’ own high standards for Internet banking security.