Digital signature in Estonia
Electronic signature allows users to electronically perform the actions for which they previously had to give a signature on paper. Estonia's digital signature system is the foundation for some of its most popular e-services including registering a company online, e-banks, the e-voting system and electronic tax filing – essentially any services that require signatures to prove their validity.
History and usage
The first digital signature was given in 2002. A number of freeware programs were released to end users and system integrators. All of the components of the software processed the same document format – the DigiDoc format.
As of October 2013, over 130 million digital signatures have been given in Estonia.
In October 2014 Estonian parliament passed a bill which gives any person, regardless of their citizenship or residency, possibility to apply for Estonian digital identity (e-Residency of Estonia) to give digital signatures and use Estonian government online services. The law came into force on December 1, 2014.
The nature and use of digital signature in Estonia is regulated by the Digital Signature Act. The Estonian parliament Riigikogu passed the Digital Signature Act on March 8, 2000, and it entered into force on December 15, 2000. According to this legislation, a digital signature is equal to a hand-written signature. Pursuant to the Act it is also necessary to distinguish between valid and void digital signatures, any signatures given with a void or suspended certificate are null and void. All Estonian authorities are obliged to accept digitally signed documents.
Users can create digitally signed documents with their ID-card, digital identity card or Mobile-ID using either the DigiDoc3 program that is installed into the computer along with the ID-card software, in the signing section of the State Portal www.eesti.ee or in the DigiDoc Portal.
Digital signature support can be added to all the applications and programs where it is required.
The Estonian digital signatures corresponds to the EU Electronic Signatures Directive (1999/93/EC) with the strictest requirements (advanced electronic signature, secure-signature-creation device, qualified certificate, certification-service-provider issuing qualified certificates).
Upon the issuance of ID-cards or mobile ID-s, every user receives two certificates: one for authentication, the other for digital signing. The certificate may be compared to the specimen signature of a person – it is public and it can be used by anyone to examine whether the signature given by the person is authentic. The certificate also holds the personal data, name and personal identification code.
All certificates are different and correspond to the private keys of specific persons. The certificate can be used to examine digital signatures – if the certificate and the signature match mathematically (all the necessary calculations are performed by the computer on behalf of the user), it can be claimed that the signature has been given by the person named in the certificate.
- "Digital signature". Retrieved 25 October 2013.
- Martens, Tarvi. "Digital signatures in Estonia and the rest of Europe – a look back and ahead". Estonian Ministry of Economics and Communication. Retrieved 25 October 2013.
- "Digital Signature Statistics". Retrieved 25 October 2013.
- "Neelie Kroes, EU Commissioner for Digital Agenda got an Estonian ID-card". Archived from the original on 28 October 2013. Retrieved 25 October 2013.
- "Estonian ID legislation". Retrieved 25 October 2013.
- "Digital signing". Retrieved 25 October 2013.