Under the eIDAS Regulation (EU 910/2014), an electronic signature has the same legal force as a handwritten signature. This is also laid down in Article 3: 15a BW. The reliability of the authentication plays a role in this, which is why three different types of signatures are distinguished in the eIDAS: a 'normal' electronic signature, an advanced electronic signature and a qualified electronic signature.
The "normal" electronic signature is difficult to authenticate, while the advanced and qualified electronic signature can be reliably authenticated.
The eIDAS requirements for an advanced electronic signature are the following:
- the electronic signature is uniquely linked to the signatory;
- the electronic signature makes it possible to identify the signatory;
- the electronic signature is created by means that the signatory can keep under his sole control;
- the electronic signature is attached to the electronic file to which it relates in such a way that any change of data can be detected after the moment of signature.
The VendorLink E-Signing process is as follows: The (authorized) signatories are first invited by e-mail to put their signature. The signatories digitally (with their mouse or by upload) sign their signature. In addition, a unique code is generated which the signatory is sent by e-mail (two-factor authentication). This passcode must also be filled in to be able to sign the document. A certificate is drawn up for the entire process. This certificate shows the audit log, which shows all activities that were carried out during the signing process. The moment the signature request was sent, the moment the document was opened, the moment the signature was placed, the moment the e-sign passcode was sent and filled in, the email address used and the IP address where the signatory has used.
VendorLink's E-Signing process thus complies with the aforementioned requirements for an advanced signature, as stipulated in the eIDAS regulation. The signature can be reliably authenticated using the audit log certificate. VendorLink thus covers processes 1 and 2 of the eIDAS regulation.
Important for you as a VendorLink customer and user:
A point of attention is the control of the (statutory) authority (power of attorney) of the signatories.
The responsibility to have the authorized person sign the agreement rests with the customers of VendorLink and is in no way the responsibility of VendorLink. See our General Conditions: article 6.6.
As a customer, you have up-to-date information regarding the signing authority of the persons who are allowed to sign on behalf of the organization.
Example: As a customer, you must immediately process this change in VendorLink after the dismissal / employment of an employee or director (authorized signatory).
VendorLink draws your attention to the importance of the correct authority of the signatories in the VendorLink. Nevertheless, if there are persons who are not (no longer) authorized to sign, this will remain at the risk of the signatory.