E-Signature Terms (eIDAS)
Electronic signatures in the Aldric platform: Legal framework, signature levels, and integration guidelines
Version 1.0 — As of: March 2026
The Aldric platform supports the integration of electronic signatures into compliance workflows. This document explains the legal framework under EU Regulation No. 910/2014 (eIDAS Regulation), the signature levels available within the platform, and the responsibilities when using e-signature services.
This document is for informational purposes only and does not constitute legal advice. Electronic signatures are subject to different legal requirements depending on the use case. We recommend consulting a qualified attorney for choosing the appropriate signature level.
Part A: Legal Framework (eIDAS Regulation)
1. What is the eIDAS Regulation?
Regulation (EU) No. 910/2014 on electronic identification and trust services (eIDAS) establishes a uniform legal framework for electronic signatures, seals, and timestamps across all EU Member States. It has been in effect since 1 July 2016 and is being further developed through the eIDAS 2.0 Regulation (EU 2024/1183).
Core principles of the eIDAS Regulation:
- Non-discrimination: An electronic signature shall not be denied legal effect solely on the grounds that it is in electronic form (Art. 25(1) eIDAS).
- Cross-border recognition: Qualified electronic signatures issued in one EU Member State are recognized in all other Member States (Art. 25(3) eIDAS).
- Technology neutrality: The regulation does not prescribe any specific technology.
2. The Three Signature Levels under eIDAS
The eIDAS Regulation defines three levels of electronic signatures with different security levels and evidentiary value:
| Level | Description | Evidentiary Value | Typical Use |
|---|---|---|---|
| Simple Electronic Signature (SES) | Data in electronic form which is attached to or logically associated with other electronic data (Art. 3(10) eIDAS) | Free assessment by the court | Internal approvals, policy acknowledgments, standard workflows |
| Advanced Electronic Signature (AdES) | Uniquely linked to the signatory, capable of identifying the signatory, under the sole control of the signatory, detects subsequent changes (Art. 26 eIDAS) | Enhanced evidentiary value (prima facie evidence) | Contracts, data processing agreements, compliance declarations |
| Qualified Electronic Signature (QES) | Advanced signature with a qualified certificate, created by a qualified signature creation device (Art. 3(12) eIDAS) | Equivalent to a handwritten signature (Art. 25(2) eIDAS) | Fixed-term employment contracts, notarial transactions, regulatory filings |
3. Form Requirements under German Law
German law prescribes specific form requirements that must be considered when choosing the appropriate signature level:
| Form Requirement | Legal Basis | Minimum Signature Level |
|---|---|---|
| Text form (Textform) | Section 126b German Civil Code (BGB) | SES sufficient |
| Electronic form (substitute for written form) | Section 126a BGB | QES required |
| Written form (Schriftform) | Section 126 BGB | QES or handwritten signature |
| Public certification / notarization | Section 129 / Section 128 BGB | Electronic signature not sufficient |
Important: For certain legal transactions (e.g., termination of employment, Section 623 BGB; surety, Section 766 BGB), electronic form is explicitly excluded. Always verify the applicable form requirements for your specific use case.
Part B: E-Signature Integration in the Aldric Platform
4. Supported Signature Providers
The Aldric platform integrates e-signature functionality through standardized interfaces (adapter pattern). The following providers are supported or planned:
| Provider | Supported Levels | Status | EU Trust List |
|---|---|---|---|
| DocuSign | SES, AdES, QES (via ID Verification) | Planned | QES through partnership with EU-qualified trust service providers |
Additional providers can be connected through the platform's adapter pattern. The architecture is intentionally provider-neutral to avoid dependencies and enable switching between signature services.
5. Signature Workflows in the Platform
Electronic signatures can be used in the following compliance workflows:
- Policy acknowledgment: Employees confirm awareness of compliance policies (SES)
- Data processing agreements (DPA): Digital signing of data processing agreements pursuant to Art. 28 GDPR (AdES/QES recommended)
- Contract management: Signing of contracts and agreements in the contract module (signature level depends on contract type)
- Training records: Confirmation of attendance at compliance trainings (SES)
- Risk assessments: Approval and sign-off on DPIA results (AdES recommended)
- Audit documentation: Signing of audit reports and action plans (AdES recommended)
6. Technical Implementation
The integration of electronic signatures in the Aldric platform follows these principles:
- Adapter pattern: Signature providers are connected through interchangeable adapters. The platform is not tied to any specific provider.
- Audit trail: Every signature event is logged in the platform's tamper-evident audit log (timestamp, signatory, document hash, signature level).
- Document integrity: Signed documents are stored with a cryptographic hash. Subsequent modifications are detectable.
- Tenant isolation: Signature configurations and certificates are strictly tenant-specific (tenant_id-based, PostgreSQL RLS).
- Long-term archiving: Signed documents are archived in the S3-compatible object storage according to the configured retention periods.
7. Responsibilities
| Area of Responsibility | CONPORT Services GmbH (Platform Provider) | Customer (Platform User) |
|---|---|---|
| Technical integration | Provision and maintenance of signature adapters | Configuration of own signature account |
| Choice of signature level | Recommendations in the documentation | Independent verification of form requirements |
| Signature provider contract | No contractual relationship — platform only facilitates technically | Direct contract with signature provider (e.g., DocuSign) |
| Legal validity | No guarantee of legal validity in individual cases | Verification of applicable form requirements |
| Identity verification | Technical connection to ID verification APIs | Ensuring correct identity verification |
| Archiving | Secure storage of signed documents | Definition of retention periods |
Part C: Data Protection and Compliance
8. Processing of Personal Data
The following personal data is processed when using electronic signatures:
- Identification data: Name, email address of the signatory
- Signature metadata: Time of signature, IP address, device used
- Verification data: For QES, potentially ID document data, video identification data (at the signature provider)
- Document reference: Hash of the signed document
Legal bases for data processing:
| Processing | Legal Basis |
|---|---|
| Signature creation and verification | Art. 6(1)(b) GDPR (Performance of contract) |
| Audit logging | Art. 6(1)(f) GDPR (Legitimate interest: proof of signature) |
| Long-term archiving | Art. 6(1)(c) GDPR (Legal retention obligation) |
9. Data Transfers with Signature Providers
When using external signature providers, data transfers to third countries may occur. The platform transparently informs the customer about:
- The data processing location of the respective signature provider
- Applicable safeguards (e.g., EU-US Data Privacy Framework, Standard Contractual Clauses)
- The option to choose providers with exclusively EU-based processing
See also our Sub-Processor List and the Data Processing Agreement (DPA).
10. Retention and Deletion
Signed documents and associated metadata are stored according to the retention periods configured by the customer. Automatic deletion occurs after the period expires, unless statutory retention obligations apply.
Relevant statutory retention periods:
- Commercial law: 6-10 years (Section 257 German Commercial Code, HGB)
- Tax law: 10 years (Section 147 German Fiscal Code, AO)
- GDPR accountability: Up to 3 years after end of processing (Art. 5(2), Art. 82 GDPR)
Part D: Recommendations for Customers
11. Choosing the Right Signature Level
We recommend the following signature levels for common compliance use cases:
| Use Case | Recommended Level | Rationale |
|---|---|---|
| Internal policy acknowledgment | SES | No form requirement, proof of acknowledgment suffices |
| Training attendance confirmation | SES | Documentation purpose, no form requirement |
| Data processing agreement (DPA) | AdES or QES | Art. 28(9) GDPR permits electronic form |
| B2B service contracts | AdES | Generally form-free, AdES provides enhanced evidentiary security |
| Fixed-term employment contracts | QES | Written form requirement (Section 14(4) TzBfG, Section 126a BGB) |
| Regulatory filings | QES | Frequently requires written form |
12. Best Practices
- Verify form requirements: Before using an e-signature, always check the applicable form requirements. When in doubt, seek legal advice.
- Document signature levels: Define in the workflow which signature level is required for which document type.
- Ensure identity verification: For AdES and QES, ensure proper identity verification.
- Plan archiving: Define retention periods for signed documents and configure them in the platform.
- Train employees: Inform relevant employees about the meaning and differences of signature levels.
- Fallback process: Establish a process for handwritten signatures for cases where electronic signatures are not sufficient.
Contact and Further Information
For questions about electronic signatures in the Aldric platform, please contact:
- Email: info@aldric.eu
Further relevant documents:
- Terms of Service
- Data Processing Agreement (DPA)
- Privacy Policy
- Information Security Policy
- Sub-Processor List
CONPORT Services GmbH, Alte Benninghofer Str. 24, 44263 Dortmund, Germany
Managing Director: Benjamin Schowe