Digital signature in Estonia

Electronic signature allows users to electronically perform the actions for which they previously had to give a signature on paper. Estonia's digital signature system is the foundation for some of its most popular e-services including registering a company online, e-banks, the e-voting system and electronic tax filing – essentially any services that require signatures to prove their validity.

History and usage
The first digital signature was given in 2002. A number of freeware programs were released to end users and system integrators. All of the components of the software processed the same document format – the DigiDoc format.

As of October 2013, over 130 million digital signatures have been given in Estonia.

In September 2013 the European Commissioner for Digital Agenda Neelie Kroes gave her first digital signature with an Estonian test ID-card issued to her as a present.

In October 2014 Estonian parliament passed a bill which gives any person, regardless of their citizenship or residency, possibility to apply for Estonian digital identity (e-Residency of Estonia) to give digital signatures and use Estonian government online services. The law came into force on December 1, 2014.

Legislation
The nature and use of digital signature in Estonia is regulated by the Digital Signature Act. The Estonian parliament Riigikogu passed the Digital Signature Act on March 8, 2000, and it entered into force on December 15, 2000. According to this legislation, a digital signature is equal to a hand-written signature. Pursuant to the Act it is also necessary to distinguish between valid and void digital signatures, any signatures given with a void or suspended certificate are null and void. The Digital Signature Act has been superseded by the EU-wide eSignature Directive (eIDAS) since 2016. It should also mandate that rest of the EU member nations accept Estonian e-signatures amongst other countries e-signatures. The eSignature Directive also specifies that member nations should use and accept signatures in the Associated Signature Containers (ASiC) format.

All Estonian authorities are obliged to accept digitally signed documents.

Prerequisites
Users can create digitally signed documents with their ID-card, digital identity card or Mobile-ID using either the DigiDoc3 program that is installed into the computer along with the ID-card software, in the signing section of the State Portal www.eesti.ee or in the DigiDoc Portal.

Digital signature support can be added to all the applications and programs where it is required.

International context
The Estonian digital signatures corresponds to the EU eIDAS (910/2014) with the strictest requirements (advanced electronic signature, secure-signature-creation device, qualified certificate, certification-service-provider issuing qualified certificates).

Certificates
Upon the issuance of ID-cards or mobile ID-s, every user receives two certificates: one for authentication, the other for digital signing. The certificate may be compared to the specimen signature of a person – it is public and it can be used by anyone to examine whether the signature given by the person is authentic. The certificate also holds the personal data, name and personal identification code.

All certificates are different and correspond to the private keys of specific persons. The certificate can be used to examine digital signatures – if the certificate and the signature match mathematically (all the necessary calculations are performed by the computer on behalf of the user), it can be claimed that the signature has been given by the person named in the certificate.