GDPR | eIDAS Requirements and Roadmap

icon picker
AdES Requirements

Last edited 223 days ago by Jamie Heindl

Done
Task
Notes
1
Unique Link to the Signer: The signature must be uniquely linked to the signer. This means it should be able to identify the individual who has signed the document.
2
Signer Identification and Authentication: The signer must be identified and authenticated with a reasonable level of confidence. This can involve various methods, including password, PIN, biometric data, or digital certificates.
3
Signature Creation Under Signer's Control: The data used for creating the signature (like private keys) must be under the sole control of the signer. This ensures that no other party can replicate or misuse the signature.
4
Data Integrity: The signature must be attached to or logically associated with the signed data in such a way that any subsequent change in the data is detectable (tamper-evident).
5
Document Integrity: Once a document is signed, it should be sealed in a way that any alteration to its content post-signature is detectable.
6
Non-repudiation: The signature should offer non-repudiation, meaning the signer cannot reasonably deny the validity of their signature.
7
Compliance with eIDAS Regulation: While not requiring certification by a QTSP, the AES should still comply with standards set by the EU's eIDAS regulation, particularly regarding the security and validity of the signature.
8
Audit Trails: Maintain records of the signing process, including how the signature was created and verified. This is important for legal and compliance reasons.
9
Revocation and Expiry Mechanisms: Implement mechanisms to address the revocation or expiry of the signature or the means used to create the signature.
10
Security Measures: Implement appropriate technical and organizational measures to ensure the security of the signature creation data.
11
Regular Updates and Compliance Reviews: Keep the technology and processes used for AES up to date with current security standards and legal requirements, and regularly review compliance.
12
Interoperability: Consider the interoperability of the advanced electronic signature solution with different systems and software, ensuring that the signature can be verified across different platforms.
There are no rows in this table

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.