Regulation (EU) 910/2014

Electronic signatures with eIDAS validity

The eIDAS Regulation sets the legal framework for electronic signatures across all 27 EU member states. SignDeal implements Advanced Electronic Signatures (AES) with certified timestamp and a complete audit trail.

Valid across all 27 EU member states

Admissible as evidence in court

RFC 3161 timestamp

Try free — no card required Compare with DocuSign

What is eIDAS?

EU 910/2014

Regulation (EU) No 910/2014, known as eIDAS (electronic IDentification, Authentication and trust Services), is the European legal framework governing electronic identification and trust services, including electronic signatures. It has been in force since 1 July 2016 and is directly applicable in all member states without requiring national transposition.

Its Article 25 establishes that an electronic signature shall not be denied legal effect solely on the grounds that it is in electronic form. This makes signatures generated by SignDeal legally equivalent to handwritten signatures before any EU court.

The three eIDAS signature levels

eIDAS defines three levels of electronic signature with different degrees of legal security.

Simple Electronic Signature (SES)

Basic level

Any data in electronic form attached to or logically associated with other electronic data that is used by the signatory to sign. Includes a click of acceptance, a scanned image of a signature or typing a name in a form. Has legal value but is easiest to challenge due to lack of identity and integrity guarantees.

Examples: accepted terms of service, web consent forms.

✓ SignDeal implements this level

Advanced Electronic Signature (AES)

Recommended level

Meets the requirements of Article 26 of eIDAS: it is uniquely linked to the signatory, capable of identifying the signatory, created using signature data that the signatory can use under their sole control, and linked to the document in such a way that any subsequent change in the data is detectable.

Uniquely linked to the signatory

Signatory identity verified

Signature data under sole control

Detects any document modification

RFC 3161 timestamp included

Complete audit trail

Valid for: commercial contracts, employment contracts, NDAs, real estate agreements, service contracts, power of attorney.

Qualified Electronic Signature (QES)

Highest level

An advanced signature created using a qualified signature creation device (QSCD) and based on a qualified certificate issued by a Qualified Trust Service Provider (QTSP) listed on a member state trust list. It has the legal effect equivalent to a handwritten signature across the entire EU (Article 25.2 eIDAS).

Requires:signatory's personal certificate from a QTSP (e.g. national eID, FNMT in Spain). Needed for government portals and some regulated transactions.

Technical implementation in SignDeal

Every document signed in SignDeal generates technical evidence meeting Article 26 eIDAS requirements.

RFC 3161 Timestamp

Every signature includes a cryptographic timestamp from a trusted TSA. It proves the document existed and was signed at a specific moment in time.

SHA-256 document hash

The document is fixed via SHA-256 hash before signing. Any subsequent modification to the PDF invalidates the signature and is automatically detected.

Audit trail

An immutable audit trail is generated with the signer's IP, user-agent, document open time, signature time and verified email.

PAdES / XAdES formats

Signatures are embedded in the PDF following the PAdES standard (PDF Advanced Electronic Signatures), compliant with ETSI EN 319 100 and eIDAS technical requirements.

Email verification

Signers receive a unique, non-transferable link to their email. Email verification acts as authentication data under the signatory's sole control (Art. 26.b eIDAS).

EU infrastructure

All documents and records are processed and stored on AWS Frankfurt (eu-central-1). GDPR-by-design. No transfers outside the EEA.

Frequently asked questions about eIDAS

Is a SignDeal signature valid before tax authorities?

For private contracts and documents, yes. For filing declarations and managing procedures on behalf of a client before tax authorities, a qualified certificate from a national QTSP is required. SignDeal signatures cover the documents that formalise those representation relationships, not the direct electronic procedures with government portals.

What is the difference between eIDAS and GDPR?

eIDAS governs electronic signatures and digital identity services. GDPR governs the protection of personal data. They are complementary: eIDAS gives legal validity to the signature, GDPR governs how the signatory's data is handled. SignDeal complies with both regulations.

Is an eIDAS advanced signature valid in the US or UK?

In the EU, validity is full and directly applicable. In the US, electronic signatures are governed by the ESIGN Act and UETA, which recognise e-signatures under similar criteria. In the UK, a UK eIDAS equivalent framework is maintained post-Brexit. In practice, documents signed with SignDeal are internationally accepted.

Do I need to keep the signed PDF?

Yes. The signed PDF generated by SignDeal contains the embedded signature (PAdES) and timestamp. This is the document you should keep as evidence. SignDeal also stores a secure copy on its servers during the contracted retention period. We recommend always downloading and storing the original signed PDF.

Sign with eIDAS validity today

Create your free account and send your first documents with advanced electronic signatures. No credit card, no installation, no training required.

Get started free GDPR compliance

Standards & compliance

Infrastructure certifications belong to our cloud provider, AWS.

Privacy Legal Notice Cookies