Ability to use an external certified Timestamp API
This function is i think essential for European users like me.
With the new eIDAS law which defines better the law arround the electronic signature, it appears to me that ApproveMe is "almost" okay to be used in a court.
The eIDAS specifies a "strong" law recognition of the Electronic Signature with an addition to US laws : Only some specific Companies are certified by an official certificate from a country member of the European Union to deliver certified timestamp (like www.universign.eu)
These organisation delivers Timestamp API (paid by contract timestamped).
That would be a very strong step for APPROVEME to be used like this for the european union members. In that way, we would have a very strong argument to show to any law court.
thanks for reading me,
eIDAS is a must. UETA and ESIGN are of US legislation and thus useless in the EU on first approach if it comes to a lawsuit. That makes the conflicting parties dependend on a judges personal assessment rather than being able to rely on a legally valid standard which in the EU is eIDAS.
This is a pre-sale comment. Not buying until EU standards will be met.
Cautious Buyer commented
Any updates on this? It's been almost a year and your "International Compliance" statement in your support documentation is very vague. I think we need to see a statement of eIDAS compliance from you, and what type of eIDAS electronic signature (basic/advanced/qualified) you provide.
We haven't set a date yet for our version 2.0 product. We will make formal announcements once we are closer to locking in a date. We have not looked in detail at the requirements of the EU trusted but in the future we do intend to explore further certification and compliance.
And when will you release this? :) My client doesn't want to subscribe until that..
With this update, will you be in the official list of Trust Service Providers? (https://ec.europa.eu/digital-single-market/en/eu-trusted-lists-trust-service-providers)
This is a fantastic idea.. and something that we will review in more detail once our 2.0 ships.
Matthias Dorin commented
No, it i specified that a "trusted timestamp" can only be delivered by a certified organisation which garantee the independance of it (they consider that we can locally modify the time of the server which host the site)
So for me the only missing thing is the ability to use the api of a independant cerified timestanp service
Jan Dou commented
I think that ApproveMe comply with Article 26 of eIDAS Regulation (Regulation (EU) N°910/2014) (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0910&from=EN)
This article says:
Requirements for advanced electronic signatures
An advanced electronic signature shall meet the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Article 46 Legal effects of electronic documents: "An electronic document shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form."