ITEN

Let's clarify
the different electronic signatures

There are different types of electronic signatures, distinguished by their level of security (and consequent probative validity in case of court dispute) and by technical complexity and ease of use.

eIDAS (Electronic Identification, Authentication and Trust Services) defines three types of electronic signatures

Simple Electronic Signature (SES)

“Simple” Electronic Signature is a commonly used name that groups all electronic signatures excluding advanced and qualified ones.

Read more

Advanced Electronic Signature (AES)

It consists of a set of data in electronic form connected to an electronic document that allows the identification of the document’s signatory.

Read more

Qualified Electronic Signature

Used for signing documents between legal representatives of a company and public administration or for notarial acts requiring the highest level of security.

Read more

The difference between the three types of signatures is mainly the security level of each type and the complexity of the signatory’s identity verification system that each uses. The strength of the signature therefore lies in the degree of trust it provides regarding the identification of the signatory and the proof that the document is indeed the one signed, as well as, of course, in increasing probative validity in case of judgment.

For an informed choice of the pros and cons of each, we will explain below the difference between the various types of electronic signatures.

Often, people instinctively tend to choose the strongest type of signature. However, one must always consider the cost/benefit ratio, where cost is not only an economic issue but also one of practicality and speed of use for both the proposer (the one proposing a document for signing) and the signatory (the one who must sign the proposed document).

The proposer must therefore balance the level of signature actually needed, aware that as the required security increases, the process becomes more complex and costly, especially in terms of time, both for the proposer and the signatory.

At OTP service, we offer the first two levels of signature, the simple (FS) and the advanced (FEA).

Following is a description of the simple electronic signature and the advanced electronic signature, both of which can be purchased on this website. OTP Service is the first and only signature provider that does not require a recurring subscription but offers both a completely free service (but limited in the number of signatures) and a pay-per-use service, deducted from a prepaid credit usable both from our web interface or integrated into your own management system through our APIs.

Simple electronic signature (FS)

“Simple” Electronic Signature is a commonly used name that groups all electronic signatures excluding advanced and qualified ones. Although it is used by most digital signature providers, eIDAS does not use this term. However, to simplify the understanding of this document, we will use the term ‘simple signature’ to indicate the first of the three levels of electronic signature.

Today, the vast majority of electronic signatures on the market are so-called “simple” because they are accessible to everyone, indeed, they are easy and fast. The FS corresponds to the first level of security in terms of legal validity for a document signed remotely.

Security level for simple electronic signature

Thus, there is no established list of requirements for this type of signature. One can therefore, without any concrete process of identity verification or consent, have a document signed very quickly. In this case, however, it would be very easy for the signatory to disavow the signature. According to this definition, a scanned signature or a basic digital signature, such as the one you make on the courier’s terminal when receiving a package, for example, are so-called simple signatures.

However, precisely because for the simple electronic signature it is the judge who evaluates it on a case-by-case basis, otpservice.io has decided to strengthen it, thus acquiring greater legal value, thanks to a series of measures that we have drawn directly from the more stringent regulations of the advanced electronic signature. For example, we have added an additional authentication step, such as the two-factor authentication system through which an OTP code, sent to the signatory via SMS or email, is necessary to sign the document.

Similarly, although it is not mandatory to have a control tracking with simple electronic signatures, we have enhanced all the information that is collected during the signing process.

In the event log, the following are recorded: signatory’s email, their phone number, IP address of the computer used to sign the document, etc. The purpose of this log is to give lawyers the ability to easily trace the different stages of a transaction step by step, thus providing greater credibility in case of a dispute over the document signature.

All this additional information is displayed in the signature certificate that otpservice.io automatically adds at the end of the document after signing. A copy of this document is sent to the signatory by otpservice.io and is always available to the proposer through the convenient control panel reserved for them.

The simple electronic signature (SES), despite not meeting the requirements of qualified electronic signatures, is still recognized by eIDAS as a fully admissible signature in legal proceedings.

Article 20, paragraph 1-bis of the CAD (Digital Administration Code) establishes that the suitability of the electronic document to satisfy the requirement of written form and its probative value are freely assessable in court, in relation to the security, integrity, and immutability characteristics of the adopted electronic signature solution.

Advanced Electronic Signature (AES)

With reference to the DPCM of 22/02/2013 article 55 and subsequent ones, the Advanced Electronic Signature (AES) consists of a set of electronic data connected to an electronic document that allows the identification of the document’s signatory and guarantees the unique connection to the signatory.

They must be created with means over which the signatory can maintain exclusive control, and the immutability of the document subject to signature must be guaranteed.

The AES constitutes a stronger signature compared to the simple electronic signature because:

  • it allows the identification of the signatory and their unique connection to the signed document;
  • this connection is created using means over which the signatory can maintain exclusive control;
  • it allows detection of whether the data has been modified after the advanced electronic signature was affixed.

The AES has the same legal value as a document signed in person between a proposer and a signatory.
The AES process managed by OTP service is secure because:

  • the signatory is contacted to invite them to sign, and a copy of the document to be signed is transmitted as an attachment. This way, the signatory can consult it before giving their consent. The same email begins to describe the process and how the fingerprint of the file containing the document to be signed is generated;
  • the digital fingerprint of the document to be signed ensures that the signed document is the same as the one previewed to the signatory before signing;
  • it requires the signatory to accept the terms of use of the AES so that they are aware of the legal validity of the signature they are about to affix;
  • it asks the signatory to enter or verify their personal data and identification document
  • it asks the signatory to provide a photo of themselves with their identity document alongside, as well as a front/back photo of their valid identity document;
  • it asks the signatory to check all the mandatory signature points required by the proposer;
  • it transmits to the signatory, by email or SMS, an OTP (one-time password) code to associate the mobile number or email address with the signature at the moment it is affixed;
  • it shares photos and information with the proposer in a secure and encrypted form so that they can validate them;
  • in case of confirmed validity of all received data, the system automatically deletes the photo with the face and instead retains the two photos of the identity document, as required by current regulations (DPCM February 22, 2013 Art. 57 point 1b). Moreover, it completes the signing process by transmitting the signed document to both parties;
  • Finally, in the concluding email, the procedure for independently verifying the entire signing process is described.

Qualified Electronic Signature

OTP service does not offer Qualified Signature (or Digital Signature) as it is typically used for signing documents between legal representatives of a company and public administration or for notarial deeds requiring the highest level of security. This type of signature usually requires hardware (USB token) that contains a certificate valid only for a certain period of time and issued by chambers of commerce or other accredited entities after an in-person recognition process. Resident software on the USB drive allows for applying a signature and timestamp directly to the document. Viewing the signed file requires specific software. If both the signatory and the proposer need to sign, both parties must have their own USB token and respective signature password (which are strictly personal and should never be delegated to third parties, for example: within a company).

Legal Value of Signatures

The EU Regulation No. 910/2014 of the European Parliament and of the Council of 23 July 2014, known by the acronym eIDAS (Electronic IDentification Authentication and Signature), has established rules and procedures for electronic signatures.

At the European level, the electronic signature system can be traced back to Directive 1999/93/EC, a Directive of the European Parliament and of the Council on a Community framework for electronic signatures. Published in the Official Journal of the European Communities on 19 January 2000 L. 13, it came into force on 19 January 2000. Article 5 of the directive is of particular importance, as it provides for obligations of Member States relating both to ‘advanced electronic signatures based on a qualified certificate and created by a secure signature creation device’ and to other signature systems (which are now generally called weak or simple). Please refer to the entry on Teleadministration. Italy complied with the directive in 2002 (Legislative Decree No. 10 of 23 January 2002).

Solutions

Do you need more details?

Contact us to receive complete documentation and try our service.

Contact Us

Chosen by

Request a Demo

Enter your details and we will contact you to arrange an operational demo on how the service works.

Please enable JavaScript in your browser to complete this form.
Privacy