ETSI (European Telecommunications Standards Institute) is an independent, non-profit standardisation organisation recognised by the European Union. Its mission is to develop globally applicable standards for information and communication technologies, including electronic signatures.
In the context of eIDAS, ETSI plays a central role by defining the technical standards that ensure the interoperability, security, and legal validity of electronic signatures across Europe.
ETSI's role in eIDAS compliance
The eIDAS regulation establishes legal requirements for electronic signatures, but does not specify the technical details of how those requirements should be implemented. This is where ETSI comes in: it translates the legal obligations of eIDAS into concrete technical standards.
These standards define, among other things:
The formats in which electronic signatures must be created and stored
The algorithms and cryptographic mechanisms to be used
The procedures for validating signatures and verifying their integrity over time
The four signature formats defined by ETSI
ETSI has standardised four main electronic signature formats, each adapted to different document types:
CAdES (CMS Advanced Electronic Signatures): Based on the CMS (Cryptographic Message Syntax) standard, this format is mainly used for binary files. It allows signatures to be embedded directly within the signed file.
XAdES (XML Advanced Electronic Signatures): Based on XML, this format is designed for signing XML data. It is widely used in electronic invoicing and public administration systems.
PAdES (PDF Advanced Electronic Signatures): Specifically designed for PDF documents, PAdES is the most common format for signing contracts and official documents electronically. It integrates the signature directly into the PDF file.
JAdES (JSON Advanced Electronic Signatures): The most recent format, based on JSON, designed for modern web services and APIs. It is particularly suited to digital and cloud-based environments.
Key ETSI technical standards
Among the most important standards published by ETSI in relation to electronic signatures:
ETSI TS 119 312: Defines the cryptographic algorithms recommended for creating and validating electronic signatures. It specifies the acceptable key lengths and hash functions to guarantee long-term security.
ETSI EN 319 102-1: Establishes the procedures for creating and validating Advanced and Qualified electronic signatures in accordance with eIDAS. It ensures that signatures can be verified reliably and uniformly across the EU.
ETSI EN 319 142: Specifies the PAdES profile for PDF signatures, ensuring their compliance with eIDAS requirements. It defines how signatures must be embedded in PDF documents to be legally valid.
ETSI: a guarantee of trust for European electronic signatures
Through its standardisation work, ETSI ensures that electronic signatures used across Europe are secure, interoperable, and legally recognised. Its standards form the technical backbone of the eIDAS ecosystem, enabling individuals and organisations to sign documents with full confidence in their legal and technical validity.
Tomorro's electronic signature is built in compliance with these ETSI standards, ensuring that every contract signed through our platform meets the highest requirements of European regulations.