This page outlines the main requirements of eIDAS (electronic Identification, Authentication, and Trust Services) for advanced electronic signatures and explains how QC Approvals addresses them.
QC Approvals meets the requirements for Simple Electronic Signatures and Advanced Electronic Signatures as defined by eIDAS. The app does not support eIDAS Qualified Electronic Signatures.
Simple Electronic Signatures: data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign (eIDAS Article 3).
Advanced Electronic Signatures: According to eIDAS Article 3, an advanced electronic signature is an electronic signature that is additionally:
-
uniquely linked to and capable of identifying the signer;
-
created in a way that allows the signer to retain control;
-
linked to the document in a way that any subsequent change of the data is detectable.
Qualified Electronic Signatures: According to eIDAS Article 3, is an advanced electronic signature which is additionally:
-
created by a qualified signature creation device;
-
and is based on a qualified certificate for electronic signatures.
Electronic Signatures and Use Cases
The table below summarizes the three types of electronic signatures recognized under the eIDAS Regulation and explains how their legal effects, as defined in Articles 3, 25, and 26, translate into practical use cases.
|
Type of Signature |
Legal Effect |
Typical Use Cases |
|---|---|---|
|
Simple Electronic Signature |
|
|
|
Advanced Electronic Signature |
|
|
|
Qualified Electronic Signature |
|
|
Requirements for Advanced Electronic Signatures
According to Article 26 of the Regulation (EU) No 910/2014 of the European Parliament and of the Council, an advanced electronic signature must meet the following requirements:
|
Article 26 Requirement |
QC Approvals |
|---|---|
|
Uniquely Linked to the Signer The signature must contain unique identifiers tied exclusively to the person signing. This typically involves cryptographic keys or biometric data that cannot be replicated by another individual. |
All signatures provided by QC Approvals are linked to the signer via their unique user name and user ID within Confluence Cloud. |
|
Capable of Identifying the Signer The system must provide reliable means to establish the signer's identity. This usually includes multi-factor authentication such as email verification combined with SMS one-time passwords (OTP) or identity document checks. |
All signatures display the signer’s unique username. |
|
Created Under the Signer's Sole Control The electronic signature creation data must be under the exclusive control of the signer, meaning no third party can sign on their behalf without authorization. This ensures that only the legitimate signer can execute the signature. |
Signers need to log in to Confluence using their credentials in order to be able to sign a page. When signing, they need to provide either the Token they created on their personal settings within the app’s interface, or a one-time password generated by their authenticator app. |
|
Linked to Signed Data in a Detectable Way Any subsequent modification to the signed document must be immediately detectable. This tamper-evident characteristic is achieved through cryptographic hashing, which creates a unique fingerprint of the document at the moment of signing. |
QC Approvals provides a clear way to distinguish when a page was signed, which version, and by whom. Any updates to the page are displayed in an easy-to-understand way, using Statuses, and the new version becomes available for signing. |