Sep 15, 2021

Frequently asked questions and answers about legal security and electronic signatures

Electronic agreements and signatures can make life easier for companies of any size, in any industry. However, we know that there can be questions about legal and security issues linked to e-agreements.

We have collected our 13 most commonly asked questions in this article.

1. What does eIDAS mean?

On July 1, 2016, eIDAS was launched in Sweden. eIDAS (electronic identification, authentication and trust services) regulates the electronic identification of transactions within the EU's internal market. It’s the EU's way to harmonise and create uniformity regarding all member countries’ e-identifications. The idea is that a Swedish citizen should be able to identify themself with their e-identification issued in Sweden when they visit another EU country. The same applies to citizens of other EU countries when they come to Sweden.

2. Does Egreement have trusted services under eIDAS?

The eIDAS Regulation regulates what a trusted service is, what can be provided and the technical and legal conditions that apply to those services.

• Trusted services include:
• services linked to electronic signatures
• electronic stamps
• electronic timestamps
• website authentication
• secure electronic deliveries

With Egreement's service, you can sign documents with advanced electronic signatures using BankID or other e-identification. This makes Egreement a provider of trusted services according to eIDAS.

As a trusted service provider, Egreement complies with the eIDAS Regulation. Egreement is obliged to take technical and organisational measures as appropriate to manage any associated security risks that come with providing trusted services.

3. Does Egreement meet the requirements of the eIDAS Regulation?

Yes. Egreement's service offers several different methods for electronic signing. The strongest form of verification is an electronic signature with e-identification, for example BankID. This means Egreement’s service meets the requirements of the eIDAS Regulation on Advanced Electronic Signatures. In the vast majority of cases, other methods for electronic signatures create a legally binding agreement, such as drawing a signature or two-factor SMS signature.

4. Is Egreement's agreement legally binding?

Yes. An agreement entered into via Egreement's service is legally binding, with the exception of a few agreements in Sweden that have separate formal legal requirements. These include real estate transactions.

If the formal requirements only follow from formulations in individual agreements, parties can agree to deviate from them. For example, this would be the case if an agreement requires the agreement to be written or signed pen-on-paper in writing. Egreement can be used in this case as long as all parties agree.

5. How valid are electronic agreements in the event of a dispute?

Electronic signatures provide traceability and make it easier to technically prove who has signed the agreement. Traditional pen-on-paper signatures can be easier to counterfeit.

In some cases it’s necessary to extensively scrutinise handwritten signatures to ensure their authenticity. Therefore, agreements signed with electronic signatures have a higher evidential value than a physically handwritten signed agreement.

6. What is an event log and why is this needed?

To prove that an agreement has been entered into electronically, there is an event log where evidence regarding the agreement is gathered. The event log contains information about all important events, for example that a party has signed the agreement and who has completed the signature. Relevant information for each event is saved as times, IP addresses, e-mail addresses and personal data.

7. Is Egreement supported by GDPR?

Yes. Egreement complies with the General Data Protection Regulation (GDPR) regarding all handling of personal data and has implemented appropriate technical and organisational measures to ensure and demonstrate that the treatment is carried out in accordance with this regulation. These measures are reviewed and updated as necessary.

8. Where does Egreement store personal data?

Egreement only processes personal data within the EU and personal data is stored in Amazon Web Services at three physically different locations in Ireland.

9. What is “Privacy by Design” and why does Egreement follow this principle?

Egreement's solution is based on the principles of “Privacy by Design” and “Privacy by Default” according to GDPR. The terms refer to built-in data protection and data protection by default. This means that Egreement:

• ensures the customer can follow the basic principles according to GDPR and according to specific customer requirements
• ensures access control so customers can control who has access to which information
• ensures opportunities for correction, deletion, restriction and thinning of data in accordance with the requirements of the regulation
• ensures that the customer can enable the data subject to access any information that is registered about them in the system.

10. How secure is Egreement's service?

All external communication with the service and transport of data is encrypted. Egreement regularly runs penetration tests to test against intrusion attempts, and to maintain the highest security according to current practice.

11. How secure is data storage in Egreement's service?

All information in the service is stored in three physically different locations, which helps to ensure high availability. All information handled in the service is encrypted during storage to further protect against unauthorised access.

The database is backed up once a day. Backups are stored in three physically separate places and saved for three months before they are deleted. As a customer, you control how long each agreement and its associated information should be stored in the service.

12. How does authorisation management work in Egreement?

All user identities are personal and may not be disclosed to another person. You can login to the service with authentication via BankID or a username and password to verify your identity. The service requires complex passwords for increased security.

The service is built on the principle of "minimisation of access". To enable this, the service has authorisation management that supports the active access to agreements for specific users or groups of users.

13. Are events logged in Egreement's service?

Yes. All events in the service are logged. Important events such as times for signatures are logged separately and are available to the customer in the service.

User events such as login, display, deletion, permission changes and configurations and any other logs in the service are sent to a separate server for log management. These are saved for 90 days and then permanently deleted. Only authorised Egreement personnel have access to the logs.