Table of Contents

    On 23 July 2014, the European Union adopted the eIDAS Regulation on electronic identification and trust services. As of 1 July 2016, it replaces Directive 1999/93/EC on electronic signatures and certification service providers.

    The main objectives of the eIDAS Regulation are threefold:

    • to remove legal and technical barriers to the functioning of the internal market in terms of cross-border administrative formalities;
    • to ensure greater confidence in electronic transactions;
    • to strengthen legal certainty for both providers and users of trust services.

    In addition to those three main objectives, the desire to stimulate innovation and development in the provision of trust and electronic identification services is also expressed.

    In Belgium, that desire has been translated into the adoption of the Act of 21 July 2016, called the “eIDAS and Electronic Archiving Act”, which implements and complements the Regulation by laying down provisions aimed at creating a complete, coherent legal framework for electronic archiving. In this context, the FPS Economy was assigned the role of supervisory authority, responsible for the qualification and supervision of trust service providers established in Belgium.

    A summary of the Digital Act (PDF, 67.54 KB) (in French)

    Frequently asked questions (FAQ) about trust services (PDF, 6.03 MB) (in French)

    More information about the legal aspects and concerns regarding electronic signatures and other trust services.

    Use of the terms “electronic signature” and other “trust services” as well as the term “durable medium”

    Trust services

    In addition to the electronic signature, the eIDAS Regulation and the eIDAS and Electronic Archiving Act include other trust services, such as the electronic seal, the time stamp, the electronic registered mail service, website authentication and electronic archiving.

    “‘Trust service’ means an electronic service normally provided for remuneration which consists of:

    • the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or
    • the creation, verification and validation of certificates for website authentication; or
    • the preservation of electronic signatures, seals or certificates related to those services;” (Art. 3(16) of the eIDAS Regulation).

    Electronic signature

    What is an electronic signature?

    According to the eIDAS Regulation, “‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign” (Art. 3(10) of the Regulation).

    This definition includes all types of electronic signatures, such as handwritten scanned signatures, biometric signatures (e.g., voice recognition, iris recognition, fingerprint recognition), digital signatures or the simple codes of bank cards.

    When an electronic signature meets certain requirements, it can be “advanced” or ”qualified”.

    In order to be advanced, it must meet the following requirements:

    • it is uniquely linked to the signatory;
    • it is capable of identifying the signatory;
    • it is created using electronic signature creation data that the signatory, with a high level of confidence, can use under his sole control; and
    • it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable (Art. 26 of the eIDAS Regulation).

    It is qualified when it is not only advanced, but also created by a qualified electronic signature creation device, and based on a qualified certificate for electronic signatures (Art. 3(12) of the eIDAS Regulation).

    The Regulation specifies that an electronic signature (regardless of the technology and level used) may not be rejected as evidence in legal proceedings solely on the grounds that it is electronic or not qualified. Nevertheless, only the qualified signature is equated with a handwritten signature (Art. 25 of the eIDAS Regulation).

    Electronic seal

    As for the electronic signature, there are three levels of electronic seal:

    • The electronic seal (basic form) is data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity (Art. 3(25) of the eIDAS Regulation).
    • The “advanced” electronic seal must be uniquely linked to the creator of the seal; be capable of identifying the creator of the seal; be created using electronic seal creation data that the creator of the seal can, with a high level of confidence under its control, use for electronic seal creation; and be linked to the data to which it relates in such a way that any subsequent change in the data is detectable (Art. 36 of the eIDAS Regulation).
    • A “qualified” electronic seal means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal (Art. 3(27) of the eIDAS Regulation).

    Although an electronic seal may not be refused as evidence in legal proceedings solely on the grounds that the seal is electronic, only the qualified signature enjoys the presumption of integrity of the data and of correctness of the origin of that data to which the qualified electronic seal is linked (Art. 35 of the eIDAS Regulation).

    Time stamp

    Electronic time stamp means: “data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time” (Art. 3(33) of the eIDAS Regulation).

    The electronic time stamp makes it possible to

    • accurately date a document, and
    • certify that at a precise moment a piece of data existed or that a transaction was carried out electronically (electronic signature, electronic registered mail, etc.).

    An electronic time stamp is called “qualified” if it meets the following requirements:

    • it binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably;
    • it is based on an accurate time source linked to Coordinated Universal Time; and
    • it is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method (Art. 42 of the eIDAS Regulation).

    A qualified electronic time stamp enjoys the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound (Art. 41 of the eIDAS Regulation).

    Electronic registered mail service

    “Electronic registered mail service” means “a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations” (Art. 3(36) of the eIDAS Regulation; there, the term “electronic registered delivery service” is used).

    Data sent and received using a qualified electronic registered mail service enjoy the presumption of:

    • the integrity of the data,
    • the sending of that data by the identified sender,
    • its receipt by the identified addressee, and
    • the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service (Art. 43 of the eIDAS Regulation).

    To enjoy qualified status, the electronic registered mail service must meet the following requirements:

    • it must be provided by one or more qualified trust service provider(s);
    • it must ensure with a high level of confidence the identification of the sender and the addressee;
    • sending and receiving data is secured by an advanced electronic signature or an advanced electronic seal of a qualified trust service provider in such a manner as to preclude the possibility of the data being changed undetectably;
    • any change of the data needed for the purpose of sending or receiving the data is clearly indicated to the sender and addressee of the data;
    • the date and time of sending, receiving and any change of data are indicated by a qualified electronic time stamp. Data sent and received using a qualified electronic registered mail service enjoy the presumption of:
      • the integrity of the data,
      • the sending of that data by the identified sender,
      • its receipt by the identified addressee, and
      • the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service (Art. 44 of the eIDAS Regulation).

    Website authentication

    Website authentication services provide a means by which a visitor to a website can be assured that there is a genuine and legitimate entity standing behind the website. Those services contribute to increasing trust and confidence in conducting business online.

    To establish website authentication as a means of enhancing trust, the eIDAS Regulation defines the certificate for website authentication as an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued. To obtain qualified status, the certificate has to meet a whole set of requirements included in the eIDAS Regulation (Art. 3(38) and Annex IV of the eIDAS Regulation).

    Electronic archiving

    Unlike other electronic services, electronic archiving is not defined at European level in the eIDAS Regulation. The Belgian eIDAS and Electronic Archiving Act of 21 July 2016 implementing the eIDAS Regulation contains the definition of electronic archiving and the concept of a qualified electronic archiving service. As a reminder, this Act inserts the new provisions into the Code of Economic Law (CEL).

    “A qualified electronic archiving service is a trust service in addition to the services referred to in the eIDAS Regulation, which consists in preserving electronic data or digitizing paper documents and which is offered by a trust service provider within the meaning of the eIDAS Regulation or operated on its own account by a public authority or a natural person or legal entity” (CEL, Art. 18(17)).

    Thus, the Act distinguishes two types of electronic archiving:

    • archiving by a service provider, and
    • “internal” archiving, specifically a natural person or legal entity operating an electronic archiving service on its own account.

    Both types of archiving can obtain qualified status and thereby enjoy a presumption of integrity and conformity. A digital copy of a paper document is deemed to be a true and durable copy of it when created and stored using a qualified electronic archiving service (CEL, Art. XII.25, §6).

    On 16 April 2019 – in application of Article XII. 28, §3 CEL – the Royal Decree of 29 March 2019 establishing the reference numbers for standards for qualified electronic archiving services (hereinafter: RD Standards) entered into force. 

    More information about the RD Standards.

    A working group, composed of interested parties and stakeholders, developed the e-Archiving certification scheme with the support of the FPS Economy's supervisory authority for trust service providers.

    This scheme aims to bring together in detail all the legal requirements applicable to electronic archiving service providers that were previously scattered across various international standards.

    The scheme allows the user to implement qualified electronic archiving services for storing electronic documents and information in electronic form in a practical and effective way, in line with the requirements of Belgian legislation.

    Consult the e-Archiving certification scheme (PDF, 976.27 KB)

    Security and control

    Trust service providers are required to take technological and organisational measures that meet requirements that are regularly tightened.

    In addition, trust service providers with qualified status are subject to ex-ante and ex-post control in a periodic audit (every two years) or any extraordinary audit at the request of the supervisory authority.

    The Act of 21 July 2016 officially designated the FPS Economy as the supervisory authority to monitor trust service providers established in Belgium, including providers of electronic archiving services (CEL, Art. 18(16)).

    Signing with a qualified electronic signature

    You can find more information on the “How to electronically sign a document page.

    Qualified trust service providers in Belgium

    For the first time, a company offering archiving of electronic documents has been granted “qualified” status and placed on the European Trusted List by Belgium. This is the very first qualification of a trust service provider in that domain in Europe. The company in question was added to the list of qualified trust service providers in Belgium.

    The procedure for becoming qualified in Belgium for one or more electronic trust services and then being placed on the Trusted List consists of several stages.  

    Government control of trust service providers who are candidates for qualification is based, among other things, on a conformity assessment report delivered by an institution accredited to assess conformity to the provision of the eIDAS Regulation through an audit. A first electronic archive certification institution in Belgium was accredited by BELAC (the Belgian accreditation body) in April 2023.

    Accreditations within this domain are available through Products certification bodies (PROD) | FPS Economy (fgov.be) (service “IT Products and Services”).

    The service providers qualified in Belgium and the electronic trust services they provide are included in the list published by the European Commission (“EU List of eIDAS Trusted Lists).

    The table below provides a simplified overview of service providers qualified in Belgium.

    overview of service providers qualified in Belgium

    Qualified trust service providers in Europe

    You can find all trust service providers qualified in the European Union on the European Commission's joint list. On this overview list you can, if you wish, make a selection by type of electronic trust service and/or by European Member State and you can search by (part of) the name of a trust service provider.

    Documentation

    Last update
    20 September 2024