In December 2000, the Digital Signatures Act entered into force in Estonia. In less than two years, the first contract was concluded by using digital signature and soon electronic identification and digital signatures became part of daily life of Estonian people. When visiting other countries, we allowed ourselves an occasional smirk when looking how natives scanned printed and hand-signed documents into pdf files.
eIDAS regulation, officially referred to as “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ” entered into force on July 1, 2016. Pursuant to the Regulation, public sector bodies and private entities providing public services must recognise the electronic signatures of the citizens of all EU Member States equivalent to electronic signatures used in their country. Other entrepreneurs and private persons may, but do not have to recognise electronic signatures.
ID card, digital ID and mobile ID
Until the beginning of November 2018, Estonian residents could use three different electronic signature tools that were valid across Europe – ID card, digital ID and mobile ID.
In technical terms, ID card and digital ID were identical chips, but unlike ID card, the digital ID could not been used as a visual personal identification document.
Mobile ID. However, some Estonian residents did not want to keep a card reader at hand all the time or deal with restoring ID card support after updating their web browsers. They found a suitable alternative in the form of mobile ID – a solution that could be used even with keypad phones, which only required installation of SIM card with mobile ID support. True, mobile ID did not allow encryption or decryption of digital documents and required payment of a small monthly fee. Then again, convenience comes at a certain cost.
A couple of days before the entry into force of eIDAS regulation, Estonian company SK ID Solutions launched Smart-ID, a solution consisting in smart app and service, which did not require mobile network or SIM card to work and, unlike mobile ID, it was free to use for end user.
However, legally speaking, electronic signatures given by using Smart ID were at first not quite equal to hand-written signatures, because its level of trust was considered insufficient for that purpose.
On 08.11.2018, Smart ID developer announced that a German security certifying body TÜViT had issued a certificate for the solution, allowing its users to give qualified electronic signatures (QES), which are considered to have the highest level of trust according to eIDAS. The Information System Authority (Riigi Infosüsteemi Amet, RIA), who is responsible for development of DigiDoc software, has promised to supplement the software with Smart ID support within 2019. Until then, Smart-ID allows signing documents via digidoc.ee portal.
Is this really significant?
Why am I writing about this? Signatures and authentication are unescapable when performing legal acts. Over the years, Estonians have become so accustomed to do business electronically, so it is a good idea to have a functional alternative in case one or the other system happens to malfunction. That is why I always have the most recent ID card software installed on my computer and both mobile ID and Smart ID installed on my phone.
I recommend you do the same!