Legal, Security & Privacy

Legal electronic signature - security comes first

When it comes to legally binding electronic signatures, the eIDAS Regulation of the European Union is a global pioneer and binding in the EU. The same legal framework for electronic signatures applies to all 27 member states as well as in the European Economic Area (EEA). All StepOver solutions meet the strictest security requirements, are eIDAS-compliant and enable a legally binding signature.

Legally binding electronic signature

eIDAS defines three forms of electronic signature

The eIDAS Regulation (EU) No. 910/2014, which has been in force since 2016, contains binding regulations for electronic identification and trust services throughout Europe. This also includes the topic of electronic signatures. Since it came into force, it has been possible to conclude contracts digitally and in a legally binding manner across countries. The eIDAS Regulation distinguishes between three types of electronic signature – the simple, advanced and qualified electronic signature.

Good to know: In practice, the advanced electronic signature is by far the most widely used form. The reasons are obvious: it is easy to implement and is evidence-proof. The qualified electronic signature is used less frequently because it also requires the certificate of a certification provider.


The simple electronic signature consists of data in electronic form that is attached to or logically connected with other electronic data. The signer uses this to sign. This can be, for example, a scanned signature with name in a document. Normally, the probative value of the SES is rather low. For this reason, it is used by companies primarily in the context of internal communication.


The advanced electronic signature offers a very high evidentiary value, as it ensures that the document cannot be changed undetected after it has been signed. The signature can be uniquely assigned to the signer and uniquely identifies the signer. When the signature is created, it is ensured that the signature creation data is under the control of the signer.
As a result, AES is the most widely used signature form in the business environment.


The qualified electronic signature also requires the signatory to be identified by a trust service provider using, for example, a video identification process.
The QES is only required if national legislation makes it mandatory for certain processes (e.g., in Germany if the written form is required). The QES offers the highest level of legal certainty.

icon encription


Encryption as a central element of secure electronic signatures

Electronically signed documents contain sensitive data: In the case of handwritten electronic signatures, this involves biometric data such as writing speed, pressure and writing direction. This particularly sensitive data identifies the signer and must be securely encrypted. Encryption ensures that data cannot be extracted from the document and reinserted elsewhere. Certificate-based signatures (also known as click signatures) use certificates (private keys) to identify the signer. These are securely managed centrally on the provider’s server and cannot be stolen. Access is reserved for the certificate holder, who has sole control over their use – secured by means of single or multiple authentication (password entry, use of an SMS token, etc.).

Integrity protection: The signed and encrypted document cannot be changed undetected without the signature becoming invalid. The signature is inseparably linked to the document. This protects the document from subsequent changes. The signed documents can be easily and free of charge checked for subsequent changes using Adobe Reader. “The document has not been altered or damaged after the certification has been applied.”

Patented security: when it comes to data security, we make no compromises – StepOver uses only globally recognized high-security cryptographic encryption algorithms and checksum methods. In addition, the patented security for handwritten electronic signatures provides the highest possible security when using signatures with biometric data. We have been developing solutions for digital, legally binding signatures since 2001. In the area of handwritten electronic signatures, StepOver uses a highly secure, specially patented encryption method using multiple public and private keys.

Would you like to know more? Please feel free to contact us!

illustration signature types

Always stay up to date!

Subscribe to newsletter

By submitting the newsletter form you agree that your data will be used in our newsletter distribution list. You can find more info in the privacy policy. You can revoke the newsletter and the consent to store the data at any time. The best way to do this is to contact

Data privacy

GDPR compliant solution with full data control

With the General Data Protection Regulation – GDPR for short – strengthens and standardizes data protection within the European Union.

Fact: StepOver only offers GDPR compliant solutions to its customers.

Software solutions: With in-house developed native software solutions, no data is stored on third-party systems as a matter of principle. All applications and transactions take place locally at our customers’ sites.

Cloud solutions: Personal data is collected and processed in the cloud. StepOver attaches great importance to data protection, which is why we offer various options. Customers can choose the location of the server in Europe from different providers. It is also possible to have your own server (Hosting on Premesis) to guarantee companies full data control.

Do you need help?

We are happy to help!

Contact us without obligation about our products or about electronic signatures in general.

By sending the contact form you agree that your data will be used to process your request. You can find more info in the Privacy Policy.

Shopping Cart
Scroll to Top