Most of the terms listed below are the official terms which have a strictly defined meaning. This makes them different from other terms that are used by the marketplace but grounded on no official regulation definitions.
eIDAS regulation article 3 presents precise definitions, among which the most important are listed below:
- ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
- ‘advanced electronic signature’ means an electronic signature which meets the requirements set out in Article 26;
- ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic
- ‘certificate for electronic signature’ means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person;
- ‘qualified certificate for electronic signature’ means a certificate for electronic signatures, that is issued by a qualified trust service provider and meets the requirements laid down in Annex I;
- ‘trust service’ means an electronic service normally provided for remuneration which consists of:
- the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services; or
- the creation, verification and validation of certificates for website authentication; or
- the preservation of electronic signatures, seals or certificates related to those services;
- ‘qualified trust service’ means a trust service that meets the applicable requirements laid down in this Regulation;
- ‘conformity assessment body’ means a body defined in point 13 of Article 2 of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides;
- ‘trust service provider’ means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider;
- ‘qualified trust service provider’ means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body;
- ‘electronic seal’ means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity;
- ‘advanced electronic seal’ means an electronic seal, which meets the requirements set out in Article 36;
- ‘qualified electronic seal’ means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal;
- ‘electronic time stamp’ means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time;
- ‘qualified electronic time stamp’ means an electronic time stamp which meets the requirements laid down in Article 42;
- ‘electronic registered delivery service’ means a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorized alterations;
- ‘qualified electronic registered delivery service’ means an electronic registered delivery service which meets the requirements laid down in Article 44;
- ‘validation’ means the process of verifying and confirming that an electronic signature or a seal is valid.
“Signature Policy”: document presenting a set of rules for the creation and validation of an electronic signature, under which the validity of signature can be determined. A given legal/contractual context may recognize a particular signature policy as meeting its requirements. ClubPSCo deliverable « Guide rédactionnel d’une Politique de Signature » (Signature Policy writing guide) is a document targeted to persons in charge of implementing electronic signature, in the need of writing a Signature Policy, essential element of the overall solution reliability.
A few terms that are often used but without official definition:
“Electronic signature with probing value”: any electronic signature has a “probing value” even the more simple one. eIDAS regulation states in article 25 that “An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures”. The signature value then depends on the conditions under which it was produced, the certificate and signature application qualities (security level) that were used during the process. The process value will have to be demonstrated in case of potential law suit that would focus on the signature value itself.
“Level 3 electronic signature”: these terms are often heard in the marketplace but have no official meaning and do not represent any formal security level for electronic signature (such as “level 3 electronic certificate”).