Electronic Signatures – A Brief Overview of the EU Landscape

This blog was authored by Fiona Maini, Global Compliance and Strategy Principal, and Valeria Orlova, Global Compliance and Strategy Analyst.

In our ever-evolving world, we take many digital simplifications to traditional processes for granted. Our perception of the norm is shifting towards a reality where everyday activities are supported by technology. Signatures are no exception to this. From years of signing documents with a wet ink signature on paper, it is becoming more and more common to receive a digital document and add an electronic signature (eSignature) in order to sign—all without the need to print, post, or travel on-site unnecessarily.

Despite the novel appearance of a signature, its fundamental principles are to be respected. A signature is uniquely linked to the person signing; it carries a meaning, such as approval, consent, or declaration of the contents of the document being signed. An electronic signature possesses all of these important aspects just like a paper signature does, and arguably adds an additional layer of security. 

What Exactly Is an Electronic Signature?

According to the European Commission's definition (under eIDAS Regulation), electronic signature means “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. This describes a basic, or “simple”, electronic signature. The European Commission outlines three types of electronic signatures: simple, advanced, and qualified, in order of increasing standards to signatory authentication. 

• An advanced electronic signature (or AdES) must follow requirements, including being ‘uniquely linked to and being capable of identifying the signatory, created in a way that allows the signatory to retain control, and linked to the document in a way that any subsequent change of data is detectable.’ 
• A qualified electronic signature (or QES) is the highest level of security and is subject to the most rigid requirements; this includes the requirements of an advanced signature and extends beyond those, with the addition of being ‘created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures.’

In a clinical trial—as part of the informed consent process—a prospective participant (who has made the informed decision to participate in a trial) signs an informed consent form. With electronic informed consent, or eConsent, this signature can be electronic (granted the local regulation and legislation permits its use). Electronic signatures can be applied on-site or remotely, where permissible, from the comfort of the participant’s home. 

What Level of Signature is Required?

Different countries and health authorities require different levels for signatures—from simple and advanced, to qualified. Over the past 4 years, Medidata has engaged directly with health authorities and familiarized themselves with regional regulation and legislation that pertains to the use of electronic signatures across the EU (European Union), and globally. 

This research is explained in detail in Medidata’s eConsent White Paper 2.0. The key findings from the authorities indicated some common scenarios:

1. Full eConsent is permitted, including eSignature, which needs to be manifested on-site.
2. Full eConsent is permitted, including eSignature, which can be manifested remotely. 
3. Full eConsent is permitted, including eSignature, but the eSignature has to be a qualified signature as per eIDAS.
4. The use of electronic methods for informing a trial participant is permitted, but the signature has to be a handwritten wet signature on paper only.

Medidata has observed a rather fragmented landscape regarding the acceptance of electronic informed consent for consent participation in a clinical trial across EU Member States. Certain countries do not accept electronic signatures at all, while some accept simple or advanced signatures; others require qualified signatures. Qualified electronic signatures have many additional steps that are required on behalf of the participant and site staff. However, with a proposed amendment to eIDAS Regulation introducing the EU Digital Identity Wallet, the process of providing a qualified signature may become simplified over the next decade—potentially easing barriers to adoption of electronic signatures in certain regions.