United Kingdom: eIDAS Regulation and Electronic Communications Act 2000
Is Portant compliant: Yes.
Portant's eSignatures meet the requirements of the UK's retained eIDAS Regulation and the Electronic Communications Act 2000 at the Simple Electronic Signature (SES) level, with several Advanced Electronic Signature (AES) features also supported. Together these laws confirm the legal validity of electronic signatures in the UK.
Overview of UK electronic signature law
eIDAS Regulation (EU Regulation No. 910/2014, retained in UK law)
- Location: UK and European Union (retained into UK law after Brexit).
- Key point: Sets three levels of electronic signatures (Simple, Advanced, Qualified) that ensure legal recognition and security for electronic transactions.
Electronic Communications Act 2000
- Location: United Kingdom.
- Key point: Recognises electronic signatures as legally valid where there is intent to authenticate, supporting the enforceability of electronic agreements.
When and where these laws apply
- Type of transactions: Most commercial, personal, and governmental transactions that traditionally need a written signature, including contracts, agreements, and acknowledgments.
- Jurisdictions: eIDAS was retained in UK law post-Brexit and applies alongside the Electronic Communications Act 2000.
- Consent: All parties must agree to use electronic signatures.
Compliance requirements and how Portant meets them
| Compliance requirement | Description | Portant's compliance features |
|---|---|---|
| User consent | Parties must agree to electronic transactions and signatures. | Portant prompts users to confirm consent before signing. |
| Document integrity | Documents must remain unaltered after signing. | Signed documents are locked and cannot be modified. |
| Audit trails | Logs of the signing process serve as proof of authenticity. | Portant maintains detailed logs of each action during signing. |
| Time stamping | Verifiable time and date are required for legal authenticity. | Every signed document is timestamped. |
| Data protection | Personal data must be protected under UK GDPR. | Portant uses encryption and secure storage. |
| Role-based access control | Controls who can access, sign, and manage documents. | Document access and management are restricted to authorised users. |
eIDAS signature levels
eIDAS categorises electronic signatures into three levels: Simple Electronic Signature (SES), Advanced Electronic Signature (AES), and Qualified Electronic Signature (QES). Portant fully supports SES and includes several features compatible with AES, covering most everyday business use cases.
| Signature level | Description | Portant's compliance |
|---|---|---|
| Simple Electronic Signature (SES) | Basic level, suitable for most business transactions. | Compliant. Portant provides SES functionality with consent, integrity, and audit trails. |
| Advanced Electronic Signature (AES) | Higher security level. Requires strict identification and control criteria to uniquely identify the signer. | Partial compliance. Portant supports audit trails, integrity verification, and timestamping, but does not include biometric verification or advanced signer identification. |
| Qualified Electronic Signature (QES) | Highest level. Legally equivalent to a handwritten signature in court. Requires a qualified certificate from a trust service provider. | Not compliant. Portant does not currently provide QES, which requires certificates from a qualified trust service provider. |
Note: SES covers most business transactions in the UK. AES or QES may be needed for high-assurance transactions that require unique signer identification. For full AES or QES compliance, you may need to add external verification or a qualified trust provider.
Practical considerations
- Confirm user consent. Portant's consent prompt confirms each user's intention to sign electronically.
- Keep documents secure. Portant's document integrity feature locks the signed document to prevent modifications.
- Maintain comprehensive audit trails. See Audit trail for how to enable a full signing audit on a workflow.
- Choose the right signature level. SES suits most transactions and is fully supported. AES is partially supported. QES requires an external qualified trust service provider.
- Watch for exclusions. Certain legal documents (wills, deeds, property transfers) may still need a handwritten signature.
Conclusion
Portant's eSignatures support the UK's retained eIDAS Regulation and the Electronic Communications Act 2000, providing legally valid signatures for a broad range of transactions. Consent, document security, audit trails, timestamping, and role-based access are all built in.
If you have questions about compliance, get in touch.