Digital Sealing

Why you need to think about Digital Sealing…. now!

Did you say sealing? Don’t you mean signing?

No, not really. When you sign a document electronically, it’s called “digital signing” or “electronic signing”. It has the same effect as signing a paper document with a pen, like when you sign the papers to buy a house or your employment contract.  The actual act of signing a document digitally can take many forms: For example, when you approve a document as a task in a content management system, write your signature on a tablet, or enter your eID pincode on an application asking if you agree to sign.

But how can you make it stick? Which methods or procedures assure you that it’s a valid signature? Indeed, “valid” means different things in different contexts: inside your organization, you may have agreed internally that approving a documentary workflow task means signing the related document even though you do not actually print it out and ink-sign it. And then, what about the legal effect of a digitally signed document? Would it be accepted in a court of law just as the ink-signed paper version would be?

Together with the validity of the signature comes the question of the authenticity of the person signing and thus the digital identification. Am I who I say I am? Can somebody else do it? This is ofcourse crucial if you digitally sign a contract. In Belgium, we have an electronic ID card, the eID, that assures our identity with a pin code. Other European countries may have similar identification schemes set up. This is essential to establishing the trust necessary for digital signing.

Digital sealing

“Digital sealing” or “electronic sealing” is different: the sealing of a digital document ensures its origin and integrity. This is not really related to the natural person who signs documents and thereby commits himself or herself to all of the articles and clauses.

The applications for digital sealing are very diverse. For example, it might prove that the version of your telco supplier contract did, indeed, come from that company and that it has not been changed or that your electronic invoice was, indeed, sent from that supplier and that it is the version you signed. Here enters the term “non-repudiation”, which you will hear frequently in this context and means that the integrity and the origin are clear and can be proven. But proven by whom and do I trust that authority? Here, again, there arises the question of trustworthy sources and services.

Importance for the dematerialization process

A particular application of digitally sealed documents is in the dematerialization processes of organizations: as legal equivalents to their paper versions, it is sufficient to keep only the digital version. You can dispense with the paper versions all together. The cost savings here are enormous because paper is still being stored, copied, sent, lost, and so on.

Date and time information also matters: you may want to prove to your insurance company that you digitally signed the contract before the date of your first accident or you may need to produce digital documents including the date and time they were legally created or when a customer complained.

This problem is dealt with by means of “digital time stamping”, just as date and time stamps were and still are used to fix the entry time on a paper document. Digital timestamps indicate the date and time of the computer used to create the stamp. Anyone can create a timestamp using the time of his or her computer, but how are you sure that the computer clock was not changed to an earlier or later date? It’s easy to do.  There it is again: trust in such services is essential.

Why am I hearing about this now?

As our ways of doing business become more and more digital, paper document streams are becoming increasingly unproductive because they slow down the processes that organizations are investing lots of money on to optimize. Still, as digital document exchanging increases, how can you really be sure that the invoice you received is indeed the correct one and that you’re not being set up for fraud? Or how can you prove that the telco supplier signed contract wasn’t signed by you?  The digital market is becoming an increasingly international playing field, so it’s becoming easier to exchange, buy and sell online, but it isn’t becoming easier to answer questions about authenticity if you are in Belgium and your supplier is in Italy, for example. Maybe the local legislation defines valid proof for digital origin, authenticity, validity, and so on differently.

Local initiatives to move toward legally binding digital equivalents of documents have emerged in most European countries, be it for e-invoices or, for example, in Belgium with the “Insurance Law” of 2014, which states that electronic documents have the same legal value in the event of litigation. This is a cost saving breakthrough for the local insurance sector, or it will be when the policymakers decide to apply it!

Europe

On the European level, in order to eliminate the barriers to a single digital marketplace, the European Commission issued a Directive[1] in December 1999 to facilitate the use of digital signatures and their legal recognition. Unfortunately, it gave only half of the equation and did not provide for a single, cross-border European framework to make this happen.

So a Regulation followed in July 2014[2] (commonly known as “the eIDAS Regulation”). This one fills the gaps of 1999/93/EC and will take effect on 1 July 2016 without having to be translated to national legislation. It does help to establish a single voice and, in time, a single valid digital signing and sealing method, where organizations and citizens can trust the services because they adhere to the regulations and are regularly audited.

This Regulation states that national identification schemes (our Belgian eID for example) are valid throughout Europe. This is good news if you are often required to log onto European/Member State public administrations, be it for requesting official documents, entering tax declarations or participating in public calls for tenders.

“Trust Services”

The eIDAS Regulation also defines “trust services”. Indeed, if you have a service that says that the invoice you received is the original and that its integrity has been certified, you’d want that service to meet certain standards and make sure that these are audited and verified regularly. The eIDAS Regulation sets out the playing field for this but naturally refers to the Member States for enforcement and regulation.

Along with the aspect of digital identification and the conditions for trusted third-parties, the eIDAS Regulation will create a single unified market in Europe for electronic signatures, electronic seals and time stamps.

This is done by means of certification levels: advanced and qualified, with increasingly strong requirements to run and operate, where the “qualified” version really is the valid one. It gets a bit technical but the good news is that these services do not need to be on premise. In an SAAS world –Software as a Service – who would have expected less? As qualified certified trust services, certificates, timestamps, seals, etc. are recognized as being equally valid throughout Europe, new services will emerge and the open market will certainly affect quality and pricing.

The eIDAS Regulation really aims to create transactions and exchanges of digital documents that have the exact same legal status as their inefficient, slow and costly paper equivalents. The future is bright! And digital!

What’s in it for me?

Sounds like this doesn’t concern you? Maybe not. But think of this:

No need for paper

The non-repudiation of a document sealed with a qualified certificate opens up new cost-saving possibilities such as long-term digital archives (these certificates can be proven valid over time) as well as the elimination of paper versions and the retiring of paper archives. Integrated immediately with your inbound scanning process, this provides a very good and economical solution: you can do everything digitally and no longer need to keep and find the paper versions.

This by itself is a key argument to start looking into digital sealing: virtually every organization, large and small, has to keep some form of paper archive either in a dusty basement or neatly and unreliably outsourced. If you can’t change the past, you should still seriously consider putting an end to the ever expanding and ever more expensive paper archive now that digitally sealed documents have the same legal status as do paper ones. You reduce your costs and solve the compliance problem: win-win all the way around.

Save Time

Working with digitally sealed documents instead of paper will increase the transparency, traceability and the agility and performance of your processes. Indeed, with your invoices sent out and coming in digitally, your accountants will save time finding and processing them and your auditor will save time by no longer having to work through piles of paper piles of invoices when doing a VAT audit. Working with equivalent and legally binding digital documents is a game changer!

Open Digital Market

Interaction with public services will increasingly become digital as governments shift to e-gov, self-service portals and so on. The eIDAS Regulation specifically states that qualified electronic signatures need to be sufficient to interact. As such, you might be looking at a one-stop shop (e.g., inside Belgium with eID) that gives you access to digital information exchanges on the regional, national and European levels.

Do you still exchange a lot of paper documents with your customers, partners and authorities? Universal shifting to digital information exchange might take a while but Europe is pushing hard toward an open digital market and your competitors all over Europe are moving now, unloading legacy applications and thus are becoming able to move faster and more economically. Younger people expect to work only digitally, so you need to act now.

Thrustworthy exchange of information

A qualified electronically-sealed document has the presumption of non-repudiation, so the integrity of the data and the correctness of the origin are assumed. And when such a document is created with a qualified certificate valid in one European Member State, it’s valid in all of them. This enables the trustworthy exchange of information throughout Europe for virtually every kind of document. For example,

  • Opening a bank account in another European country will be able to be done by simply emailing the necessary documents;
  • Creating, sending, and managing duplicates of certificates, payment slips, bank statements will become simple and straightforward;
  • Exchanging shipping documents, digitally timestamping and so on to prove origin, integrity and time of creation will eliminate a lot of inefficiency in European transport;
  • Submitting information about European insurance claims will become increasingly digital as many insurance companies are now supporting the national digitalization effort and are shifting to fully digital claims management.

ROI

The bits and pieces are coming together in easy to deploy, non-intrusive systems such as DocShifter. Basically, you just plug the service into your document generating/archiving chain and we will take care of the rest. You will obtain qualified sealed documents including qualified timestamps on a pay-as-you-use basis. You won’t be burdened with complicated IT integrations or expensive legal or administrative requirements. You can start using it now and counting your ROI!

Liked this post? Then you might also like this whitepaper on Digital Sealing.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply