European Union rules for electronic signatures change on Friday to make a clear distinction between the identity of the person signing, and that of the authority guaranteeing the integrity of the data, but the technology needs to be still simpler, vendors say.
The new rules are intended to simplify the process of electronically signing contracts between businesses, or between businesses and persons, and across international borders where different and often incompatible electronic signature rules apply today.
But while the new rules will simplify the legal environment, today's technical environment makes it too difficult to create and securely manage digital identities, according to the Cloud Signature Consortium.
Defining an electronic signature that satisfies the laws of 28 countries is one thing, but creating one that is accepted seamlessly by desktop applications such as Adobe Acrobat Reader and Microsoft Office, and by enterprise applications such as Salesforce, Workday, Microsoft Dynamics CRM or Ariba, is entirely another, according to the consortium.
The newly founded organization, led by Adobe Systems, is drafting a new technical standard that it hopes to publish by year-end and implement early next year.
Existing legislation, derived from the 1999 eSignature directive, allows certificates for electronic signatures to be granted to natural persons (people) and legal persons (organizations), and makes little distinction between authenticating the content of a document and expressing consent to that content.
That will change on July 1, when the 2014 eIDAS Regulation enters force.
From that date, only certificates issued to natural persons will be able to make electronic signatures (eSignatures) that are legally binding. Those issued to legal persons will only be valid for guaranteeing the integrity of documents (eSeals).
The new legislation thus makes a clear distinction between the two colloquial uses of the term "digital signature," for the quite different processes of guaranteeing the integrity of a document and of agreeing to its content.
The eIDAS Regulation applies to businesses and not to European Union bodies such as the Commission or Parliament, despite their role in creating it. However, when the regulation was approved in October 2014, Neelie Kroes, then European Commission vice president, called on incoming Commission President Jean-Claude Juncker to make every transaction with the Commission and other EU institutions possible electronically.
"Whether you're bidding for an EU procurement contract or submitting your invoice for payment, it should be possible to do it completely online, without having to resort to piles of paperwork -- or indeed any -- from the beginning to the end of the process," she said.
Like other EU regulations, eIDAS automatically becomes directly applicable, without the need for new national laws, in all EU member states within two years of its approval.
Sign up for Computerworld eNewsletters.