New ETSI standard for EU-compliant electronic signatures
ETSI has published a multi-part standard that will facilitate secure paperless business transactions throughout Europe, in conformance with European legislation. The standard defines a series of profiles for PAdES – Advanced Electronic Signatures for Portable Document Format (PDF) documents – that meet the requirements of the European Directive on a Community framework for electronic signatures (Directive 1999/93/EC).
The ETSI standard supports a European Commission Action Plan that seeks to build on existing experience in this area and further improve the efficiency of cross-border use of electronic signatures. Open technical standards, such as those produced by ETSI, provide an ideal means for ensuring the required interoperability such that, for example, a document created and signed in one Member State can be validated in another.
The standard also recognizes that digitally-signed documents may be used or archived for many years – even many decades. At any time in the future, in spite of technological and other advances, it must be possible to validate the document to confirm that the signature was valid at the time it was signed – a concept known as Long-Term Validation (LTV).
The new standard was developed by ETSI’s Electronic Signatures and Infrastructure (ESI) Technical Committee in collaboration with PDF experts. PDF is defined in a standard (ISO 32000-1) published by the International Organization for Standardization (ISO), so the ETSI activity included reviewing and documenting how ISO 32000-1 can satisfy the European Directive. The resulting PAdES standard, ETSI Technical Specification (TS) 102 778, also introduces a number of adaptations and extensions to PDF to satisfy the Directive’s requirements. ETSI will feed these European-specific elements back into ISO for inclusion in the next release of the PDF standard, ISO 32000-2.
PAdES is complementary to two other Electronic Signature concepts also developed by ETSI’s ESI committee, both widely recognised within the European Union and suited for applications that do not involve human-readable documents: Cryptographic Message Syntax Advanced Electronic Signatures (CAdES) and XML Advanced Electronic Signatures (XAdES).