PkBox 3.1 is eIDAS compliant

Starting from 1st July 2016 throughout the European Union the eIDAS EU Regulation 910/2014 went into force. This Regulation provides the legal framework for cross-border recognition of identification systems and trust services.

In particular it is now guaranteed interoperability and legal certainty to trust services (electronic signature, seal, electronic timing validation, electronic certificate delivery services and website authentication) helping to foster confidence, safety and online convenience for public administrations, companies and consumers.

For this reason qualified trust services have been regulated, specifying the requirements and obligations that guarantee a high level of security of all trust qualified services and products used or provided.

Among these trust services electronic qualified signature plays a particularly important role because thanks to eIDAS Regulation now it can be compared with the handwritten signature. The qualified signature certificate, if associated with a qualified device, allows you to put a qualified electronic signature with legal value equivalent to those of a handwritten signature that is recognized in all EU Member States.

This allows starting from 1st July 2016, the free circulation of documents with legal value throughout the EU, with a significant improvement for the market, similar to what happened with Schengen Convention regarding individuals.

Furthermore there is the introduction of the qualified certificate of seal (an electronic signature for legal entities rather than individuals), which when combined with a qualified device, allows you to put a qualified electronic seal.

The qualified electronic seal has the presumption of data integrity and correctness of the data source that are associated with, and is valid in all Member States. It can be used to guarantee the authenticity of any electronic data: the pages of a website, a document or software.

The electronic signature is also associated with a qualified temporal electronic validation that has accuracy of the date and time and data integrity to which that date and time are associated with, and is recognized valid in all Member States. This time validation was also enriched with new formats designed to ensure the possibility of verifying the qualified electronic signature in the case of documents conservation for long periods of time, even when the provider of trust services had eventually ceased to provide its services.

Lastly it was given legal validity to a new format, called ASiC (Associated Signature Containers), which regulates the use of compressed archive with the ZIP format, containing files of any type and signatures associated with them through a particular structure. In this way it is possible to apply the signature to any file (even non-PDF) using an extremely popular format and accessible on any platform.

The eIDAS Regulation is therefore a fundamental step to increase security and trust in transactions, and then to foster the building of a European digital single market. However it would not enough if there were no providers with innovative technological solutions ready to use that can simplify and improve the user experience.

In order to satisfy this need, Intesi Group has conformed to eIDAS Regulation Time4Mind remote signature cloud services, based on PkBox technology. On 17th May 2016, PkBox version 3.1.0 got the certification as a Secure Signature Creation Device (SSCD) by the Austrian certification authority A-SIT.

Today Intesi Group is able to provide its customers with the full support of all new regulatory and technical requirements: such as new signature formats for long-term periods of validity (CAdES-LT, XAdES-LT, XAdES-LTA, PAdES-LT, PAdES-LTA) and ZIP archives with signature (ASiC).

Finally it’s important to note that eIDAS defines and regulates the remote digital signature, giving full legal validity in all EU member states for this type of signature. For this reason PkBox is valid for an extended use in all EU member states. The validity of remote digital signature is no more tied to local regulations, which before eIDAS made the market fragmented and not homogeneous.