July 1, 2016 marks the official transition from the EU EC/1999/93 Directive to the “Electronic ID and Trust Services” or “eIDAS.” This new and improved legislation bolsters the protection of eSignature in European nations, and standardizes the recognition of eSignatures across countries in the EU.
The new legislation pertains to both European residents using eSignatures and those entering into business or commerce transactions that require a legally binding eSignature from clients of a country in the EU.
More about the transition to eIDAS
For nearly 10 years, countries in the European Union have electronically signed documents securely and legally online, protected by the EU EC/1999/93 Directive. As the pioneering law for eSignatures in the EU, EU EC/1999/93 was the first to establish “that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the fact that it is in electronic form” among many other protections (Source).
Put more simply, the EU EC/1999/93 Directive made eSignatures legal in the EU.
The new and improved eIDAS regulation (also known as “Regulation EU 910/2014”) takes legal truths established by the EU EC/1999/93 Directive and fortifies them across countries, with the effect of “ensuring confidence in electronic transactions and creating a pan-European legal framework for all EU member states.” (Source). This means that the eIDAS has taken what was once a jigsaw puzzle of different eSignature laws and created a single, unified version of eSignature legislation.
For those interested in additional information about the eIDAS, here are a few excellent resources:
Questions & Answers on Trust Services under eIDAS
New EU Regulation for Electronic Signatures
Full Text of Regulation (EU) No 910/2014
Other Goals of the eIDAS
The investment of time and resources poured into creating the eIDAS serves as further proof that we’re rapidly moving towards a world that universally recognizes the immense value and superior security of electronic signing.
In addition to creating a unified legal framework to protect and define electronic signatures, the eIDAS also has civic-minded goals for increasing public confidence in electronic signing.
- Educating the public on the legality of eSignatures and online transactions to spread a mutual understanding of what does and does not qualify as a protected electronic transaction.
- Demonstrating to individuals and businesses the incredible security benefits of electronically signing a document compared to signing by traditional methods (pen and paper).
Dropbox Sign’s Continued Dedication to eSignature Compliance & Security
Dropbox Sign is – and has always been – compliant with European standards for eSignature legality. In addition to strict adherence to European regulations, we also meet other compliances such as U.S. Electronic Signature in Global and National Commerce Act of 2000 (ESIGN) and the Uniform Electronic Transactions Act (UETA). We also protect our users with a fortress of additional security measures.
- Hosting in a state-of-the-art SOC 2 Type II, SSAE 16 facility that has achieved ISO 27001 certification
- SSL connection to Dropbox Sign
- Encryption at rest using AES - 256 bit encryption
- Time-stamped audit trails
- Payments processed by a PCI Service Provider Level 1 service
- Private bug bounty program
If you have any questions about our stringent security, visit our security page.
Will the change affect me or my signers?
This will only affect you or your signers if the country in which you are signing doesn’t continue to uphold and adhere to the requirements set forth by the eIDAS.
Am I required to take any actions?
No action is required from our Dropbox Sign customers. The eIDAS effectively replaces the EU EC/1999/93 Directive and automatically renders all previous European state-based laws and legislation null. European signers can rest easy that their eSignature remains secure, safe, legally binding, and compliant under eIDAS regulation.