Breadcrumbs

eIDAS Electronic Signature Assessment

Electronic signatures have become a core element of modern digital transactions across Europe. Both European Union law and Greek national legislation provide a clear legal framework that defines what electronic signatures are, how they work, and when each type can be used. This article explains the legal background, the different types of electronic signatures, which documents require the highest level of legal certainty, and how the QC Approvals app addresses the main requirements for eIDAS (electronic Identification, Authentication, and Trust Services).

Electronic Signatures at EU Level

Across the European Union, electronic signatures are governed by the eIDAS Regulation (Regulation (EU) No 910/2014). eIDAS establishes a uniform legal framework for electronic identification and trust services, including electronic signatures, seals, timestamps, and certificates.

The regulation applies directly in all EU Member States and ensures that electronic signatures are legally recognized and accepted across borders. One of its key principles is that an electronic signature cannot be denied legal effect or admissibility in court simply because it is in electronic form.

Electronic Signatures in Greece

In Greece, the legal framework for electronic signatures is based on the eIDAS Regulation and is further specified through national legislation and regulatory acts. The cornerstone national law is Law 4727/2020, which governs digital governance and formally applies the eIDAS framework in the Greek legal order.

In addition, the regulatory framework is supplemented by Decision No. 837/1B/2017 (“Regulation for the Provision of Trust Services”, Government Gazette 4396/B/14-12-2017). This regulation was issued by the EETT and sets out detailed rules on trust services and the practical application of eIDAS in Greece.

The supervisory and enforcement role of EETT is established by Law 4070/2012, which defines EETT’s competencies in relation to trust service providers and electronic signatures, as well as the sanctions that may be imposed in cases of non-compliance with electronic signature legislation.

Finally, the use and legal effects of electronic signatures are also shaped by substantive and procedural civil law rules, in particular provisions of the Greek Civil Code relating to contract formalities and evidentiary requirements. These rules determine when written form is required, how electronic signatures are assessed as evidence, and when a higher level of electronic signature, such as a qualified electronic signature, is legally necessary.

Electronic and Digital Signatures

An electronic signature is any form of electronic data that is attached to, or logically associated with, an electronic document and used by a person to indicate approval or intent to sign.

From a legal perspective, the key element is intent. Whether it is a typed name, a checked box, or a cryptographic signature, an electronic signature demonstrates that the signer agrees with the content of the document. Under EU and Greek law, electronic signatures are generally valid and enforceable, provided they meet the applicable legal requirements.

A digital signature is a specific type of electronic signature that relies on cryptographic technology. It uses public-key infrastructure (PKI) to:

  • Verify the identity of the signer

  • Protect the integrity of the document

  • Detect any changes made after signing

While all qualified electronic signatures are digital signatures, not all digital signatures qualify as “qualified” under the law. Digital signatures are primarily a technical mechanism that supports stronger forms of electronic signatures.

Types of Electronic Signatures

The eIDAS Regulation introduces a three-tier model of electronic signatures, which is fully applicable in Greece.

  • Simple Electronic Signature (SES): A simple electronic signature is the most basic form of e-signature. It includes examples such as typing a name at the end of an email, clicking an “I accept” button, or pasting an image of a handwritten signature into a document. SES is legally recognized, but it offers limited evidentiary value if the signature is challenged, as it may be harder to prove who signed the document and under what conditions.

  • Advanced Electronic Signature (AES): An advanced electronic signature must meet stricter criteria. It must be uniquely linked to the signer, capable of identifying the signer, created under the signer’s sole control, and linked to the document in a way that detects later changes. Advanced electronic signatures typically rely on digital signature technology and provide a much higher level of security and legal reliability than simple electronic signatures.

  • Qualified Electronic Signature (QES): A qualified electronic signature represents the highest level of legal assurance. It is an advanced electronic signature that is created using a qualified signature creation device and based on a qualified certificate issued by a recognized Qualified Trust Service Provider. Under eIDAS, a qualified electronic signature has the same legal effect as a handwritten signature in all EU Member States, including Greece.

Documents that can be signed with Electronic Signatures

  • Documents Suitable for Simple Electronic Signatures: Simple electronic signatures are typically used for low-risk and routine documents, such as internal company approvals, acknowledgements, standard business agreements, and basic commercial documents. While legally valid, they may not be sufficient where stronger proof of identity or intent is required.

  • Documents Suitable for Advanced Electronic Signatures: Advanced electronic signatures are commonly used for medium-risk business and commercial agreements. These include employment contracts, supplier agreements, commercial transactions, and corporate documents where identity verification and document integrity are important but a qualified signature is not legally mandated.

  • Documents Suitable for Qualified Electronic Signatures: Qualified electronic signatures are appropriate for high-risk or legally sensitive documents. Because they are legally equivalent to handwritten signatures, they are often used where the law requires written form or where legal certainty is essential, including dealings with public authorities and courts.

Electronic Signatures and Use Cases

The table below summarizes the three types of electronic signatures recognized under the eIDAS Regulation and explains how their legal effects, as defined in Articles 3, 25, and 26, translate into practical use cases.

Type of Signature

Legal Effect

Typical Use Cases

Simple Electronic Signature

  • Legally valid as evidence, but no presumption of authenticity

  • Can be challenged in court

  • Signing internal documents

  • Low-risk agreements

  • Online forms, email confirmations

Advanced Electronic Signature

  • Provides higher assurance than SES

  • Linked to the signer uniquely

  • Created using means under the signer’s sole control

  • Can detect tampering after signing

  • Business contracts with medium risk

  • Agreements where identity verification is important

  • Invoices, HR documents, procurement processes

Qualified Electronic Signature

  • Highest legal effect, equivalent to a handwritten signature

  • Presumed valid in all EU member states

  • Must be created using a qualified certificate issued by a Qualified Trust Service Provider (QTSP)

  • High-risk contracts (e.g., real estate, notarial acts)

  • Public administration forms

  • Banking and financial services agreements

  • Legal filings, court documents

Documents that require a Qualified Electronic Signature in Greece

Greek law explicitly requires a qualified electronic signature for certain categories of documents, particularly where written form is mandatory. These include, among others:

  • Termination or renewal of employment contracts

  • Notifications and submissions to labour authorities

  • Acknowledgements of debt

  • Termination of commercial lease agreements

  • Intellectual property transfer and licensing agreements

  • Financial and financing agreements

  • Court filings, pleadings, and procedural documents

  • Audit reports on annual financial statements

  • Documents submitted in public procurement procedures

In these cases, using a simple or advanced electronic signature may not be sufficient to meet legal requirements.

QC Approvals and Electronic Signatures

Under eIDAS, electronic signatures are classified into three levels based on the legal assurance they provide. QC Approvals is designed to support the first two levels (Simple Electronic Signatures and Advanced Electronic Signatures), allowing organizations to align their Confluence approval workflows with EU electronic signature requirements.

The app does not support Qualified Electronic Signatures (QES). Documents that legally require a QES, such as certain employment, financial, court, or notarial documents, must be signed using external qualified trust services.

Enabling Simple Electronic Signatures (SES) in QC Approvals

QC Approvals supports SES through its Basic signing method:

  • When configuring an Approval Template in the QC Approvals app for Confluence Cloud, select “Basic” as the signing method.

  • This enables a standard electronic signature that records the approval action electronically.

  • Each approval is associated with the user’s Confluence account and includes timestamps and signature information.

This approach aligns with the eIDAS definition of a simple electronic signature by providing a clear electronic expression of consent.

Enabling Advanced Electronic Signatures (AES) in QC Approvals

QC Approvals supports AES by offering enhanced authentication options:

  • When configuring an Approval Template, select either:

    • “Token”, or

    • “Two-factor authentication (2FA)” as the signing method.

  • These options introduce an additional authentication step during approval, strengthening the link between the signer’s identity and the signed content.

  • Approval actions are fully logged, supporting traceability and auditability.

Requirements for AES and QC Approvals

According to Article 26 of the Regulation (EU) No 910/2014 of the European Parliament and of the Council, an advanced electronic signature must meet the following requirements:

Article 26 Requirement

QC Approvals

Uniquely Linked to the Signer

The signature must contain unique identifiers tied exclusively to the person signing. This typically involves cryptographic keys or biometric data that cannot be replicated by another individual.

All signatures provided by QC Approvals are linked to the signer via their unique user name and user ID within Confluence Cloud.

Capable of Identifying the Signer

The system must provide reliable means to establish the signer's identity. This usually includes multi-factor authentication such as email verification combined with SMS one-time passwords (OTP) or identity document checks.

All signatures display the signer’s unique username.

Created Under the Signer's Sole Control

The electronic signature creation data must be under the exclusive control of the signer, meaning no third party can sign on their behalf without authorization. This ensures that only the legitimate signer can execute the signature.

Signers need to log in to Confluence using their credentials in order to be able to sign a page. When signing, they need to provide either the Token they created on their personal settings within the app’s interface, or a one-time password generated by their authenticator app.

Linked to Signed Data in a Detectable Way

Any subsequent modification to the signed document must be immediately detectable. This tamper-evident characteristic is achieved through cryptographic hashing, which creates a unique fingerprint of the document at the moment of signing.

QC Approvals provides a clear way to distinguish when a page was signed, which version, and by whom.

Any updates to the page are displayed in an easy-to-understand way, using Statuses, and the new version becomes available for signing.