Qué es la firma electrónica avanzada

With its superior level of legal security, the advanced electronic signature is a fundamental tool in today’s digital world, as it ensures the authenticity, integrity and confidentiality of electronic documents and online transactions, and their combination with the signature of a subject, organization or administration. In this article, we will explore the legal basis of the advanced electronic signature, the applicable legislation and the security aspects surrounding it.

Legal basis for advanced electronic signatures: applicable legislation

The advanced electronic signature is regulated by Law 6/2020 and Regulation (EU) No. 910/2014, i.e. the European eIDAS regulation. These regulations establish the legal frameworks necessary to guarantee the validity and security of electronic signatures in the legal and business environment.

Law 6/2020, which replaced Law 59/2003, is the main regulation in Spain governing electronic trust services. The purpose of this law is to avoid regulatory gaps and strengthen security in electronic transactions.

For its part, Regulation (EU) No. 910/2014 of the European Parliament and of the Council, also known as the eIDAS regulation, establishes a legal framework for electronic identification and trust services in the internal market. In other words, it defines the rules for electronic commerce and transactions at the community level. In addition, it regulates the figure of the qualified provider of trustworthy electronic services. We are accredited as such, in the form of certified electronic delivery.

This regulation is directly applicable in all European Union member states.

It is important to note that the advanced electronic signature must comply with the requirements established in the eIDAS Regulation to be considered valid and have the same legal value as a handwritten signature. This regulation ensures interoperability and confidence in electronic transactions throughout the European Union.

Characteristics of the advanced electronic signature

Article 26 of the eIDAS regulation regulates the requirements that the advanced electronic signature must meet. They are summarized in:

  • It must unequivocally bind the signatory and allow his or her identification.
  • And be based on “creation data that the signatory can use, with a high level of confidence, under his exclusive control”.
  • It must be able to control that no post-signing changes are made in the process.

This type of signature offers clear benefits in aspects such as security, conversion rates, user confidence, legal reliability, integration possibilities, agility in signature processes and guarantee of the inviolability of the signed document.

Characteristics of the qualified electronic signature

Within the legal framework of the electronic signature is the qualified electronic signature. This is a special category of electronic signature that meets additional requirements established in the eIDAS Regulation, which states: “A qualified electronic signature shall have a legal effect equivalent to that of a handwritten signature.

The qualified electronic signature has a high level of security and, like the advanced signature, is also issued by a qualified trusted service provider. Likewise, this signature is able to guarantee the signer’s identity.

It is the electronic signature that offers and requires the greatest legal guarantee for its use:

  • The signatory must have an official digital certificate or an electronic ID (with its reader).
  • That the processing solution incorporates systems that can process the data involved in the signature.

Electronic signatures offer benefits such as presumption of legal validity, an extraordinarily high level of trust between the parties and, on occasions, are mandatory in electronic relations with public administrations.

On the other hand, it must be taken into account that this is a complex signature that, for its integration and use, will require the participation of an expert provider, such as MailComms Group, which offers guarantees when implementing and ensuring its validity at all times.

Signature Policy

The implementation of a signature policy is essential to ensure the security and validity of the advanced electronic signature. This policy establishes the procedures and standards to be followed when using electronic signatures in an organization.

The signature policy must contemplate aspects such as the authentication of the signer, the integrity of the signed document, the confidentiality of the information and the technical requirements necessary for the generation and verification of the electronic signature. Always in strict compliance with the provisions of the eIDAS regulation and Law 6/2020 to guarantee its validity on a day-to-day basis, in the face of possible claims and in cases of litigation.

National Interoperability Scheme (ENI)

The National Interoperability Scheme (ENI) is a regulatory framework that establishes the criteria and standards to ensure the interoperability of electronic systems and services in the Public Administration in Spain.

The ENI includes the regulation of advanced electronic signatures and establishes the technical and security requirements to be met by trust service providers to guarantee the validity and integrity of electronic signatures in the public sector.

National Security Scheme (ENS)

The National Security Scheme (ENS) is a set of security measures and policies to be adopted by public administrations and electronic service providers to protect information and systems.

The ENS includes security criteria related to advanced electronic signatures, such as authentication of signatories, protection of cryptographic keys and management of digital certificates.

At MailComms we have obtained ENS mid-level certification after passing a complex audit by the National Cryptologic Center. This certification describes our systems as optimized in all aspects of security, cybersecurity and information privacy, and is combined with ISO 27001 and ISO 27701, which we also hold.

Additional regulatory notes

In addition to Law 6/2020 and the eIDAS Regulation, there are other normative notes that complement the legal basis for advanced electronic signatures. These normative notes may include specific provisions for certain sectors or technical aspects related to the security of electronic signatures.

It is important to consult these additional policy notes to ensure that you comply with all legal and technical requirements when using advanced electronic signatures.

Electronic signature: how to choose a supplier

When looking for a supplier to implement an electronic signature process there are some points that any company must take into account. The supplier has to:

  • Strict compliance with eIDAS regulations.
  • To be accredited as a qualified trust service provider. This makes the difference in terms of security and legal guarantee.
  • To offer you a solution that allows you to sign documents with digital certificate and electronic signature.
  • And different possibilities of authentication and digital identity verification.
  • Collect evidence and store it for the necessary time in a secure environment.
  • Guarantee the integrity and inviolability of the documents involved in the signing process.

Conclusion

In conclusion, the advanced electronic signature is backed by a solid legal and regulatory basis that guarantees its validity and security. Law 6/2020 and the eIDAS Regulation establish the requirements and standards necessary to ensure the authenticity, integrity and confidentiality of electronic documents and online transactions. The implementation of signature policies, compliance with ENI and ENS criteria, and the monitoring of additional normative notes are fundamental aspects to take full advantage of the benefits of advanced electronic signatures.