InstantSign.

Summary

InstantSign is a remote electronic signature process that enables digital signing of documents with varying levels of security and legal validity, including Qualified Electronic Signature (QES), Advanced Electronic Signature (AES), and Simple Electronic Signature (SES).

Service Description

IDnow InstantSign Process (“process”) allows natural persons (“User(s)”) to sign documents digitally on behalf of the Customer. Users can provide electronic signatures remotely through API-based integration, with AES and QES in accordance with eIDAS Regulation (EU) No 910/2014 on electronic identification and trust services.

The product is module-based and configurable, allowing Customers to adapt it according to their specific use case and regulatory compliance requirements in accordance with the regulatory framework applicable to them. For instance, eIDAS regulation for qualified and advanced electronic signatures, and applicable national laws governing electronic transactions. To understand its potential limitations, customers must refer to the specific technical documentation of the product.

Key Capabilities

Product Configuration: Customers may configure the product in terms of:

Electronic Signature Types

Three types of electronic signatures with varying levels of security and authentication requirements:

• QES (Qualified Electronic Signature)
  • QES in accordance with eIDAS
  • Carries the same legal weight as a handwritten signature; requires identity verification of the User prior to signing
• AES (Advanced Electronic Signature)
  • AES in accordance with eIDAS
  • Ensures authenticity and integrity of signed data; provides higher security than Simple Electronic Signature; User authentication may be sufficient
• SES (Simple Electronic Signature)
  • SES is a basic form of electronic signature indicating agreement or approval
  • No specific requirements on User authenticity

Document Signing Process

• API-based document sharing and process creation
• Document review display for User (optional)
• Certificate issuance for signing
• Digital signature application to document
• Reusable identity data – use of pre-identified User data from Customer
• Data validation by IDnow (optional)
• Integration with qualified trust service provider (QTSP) certified identification schemes
• Support for AML compliant identification data

Personal Data Collection

• QES certificate (minimum required)
  • Full name
  • Identification number
• AES certificate (minimum required)
  • Full name
• SES certificate
  • No minimum data set required
• Additional data points (collected if available during identification process)
  • Date of birth
  • Place of birth
  • Nationality
  • Address (Street, Street Number, City, Zip Code, Country)
  • Type of identity document
  • Issuing country
  • ID card number
  • Validity date / Date of expiry of the document
  • Date of issue of the document
  • Language of identification
  • Mobile phone number
  • Email address
  • Gender
  • Colour of eyes

Additional requirements

• Document format: PDF only
• Maximum documents per certificate: 25
• Maximum signatures per request: 25
• Maximum total size per signature request: 50 MB (including all documents)
• Fair use limitations: additional fees may apply if limits exceeded
• Pre-identified User data must comply with QTSP-certified identification scheme (Customer responsibility)
• Evidence data storage required for QES in accordance with eIDAS regulation
• Secure data communication via HTTPS/REST/mTLS protocols
• Data protection (according to Art. 4 No. 8 of GDPR where IDnow acts as Processor)
• Customer responsibility to verify chosen modules meet regulatory requirements and use case
• Reference to product-specific technical documentation for technical limitations

Optional Modules and Configurations

Validation of Pre-Identified User Data

• Validation of pre-identified User data via document expiry date verification (if available)
• Automatic initiation of compliant identity verification if validation fails:
  • Expert-assisted identification (e.g., VideoIdent), or
  • Automated identification (e.g., AutoIdent or eID), or
  • In-person identification (e.g., POS)
• Capture of new compliant User data set
• Automatic information update for Customer

Archiving (optional as additional add-on)

Mandatory storage of evidence data required for QES certificate issuance can be outsourced to IDnow (additional fees may apply)

Standard Data Retention and Deletion

• Standard data retention: signature data and process records made available to Customer and unless otherwise agreed in writing; deleted from production system within 60 days and from backup within 30 days
• Evidence data for QES: storage required in accordance with eIDAS regulation (Customer or QTSP responsibility)
• Extended data retention (optional)

Service Hours

• General service hours: 00:00–24:00 CET, seven days a week
• Maintenance periods: excluded from Service Hours
• Automated signing service: available 24/7 subject to technical availability

Compliance Summary

InstantSign supports regulatory frameworks including the eIDAS Regulation (EU) No 910/2014 on electronic identification and trust services, where Qualified Electronic Signatures (QES) carry the same legal weight as handwritten signatures when preceded by compliant identity verification. The service integrates with qualified trust service provider (QTSP) certified identification schemes, enabling use of pre-identified User data including AML-compliant identification data. Evidence data storage is mandatory for QES issuance in accordance with eIDAS regulation. Therefore, InstantSign offers flexible electronic signature capabilities (QES, AES, SES), where customers must verify that chosen modules meet their specific regulatory requirements and ensure pre-identified User data complies with applicable QTSP-certified identification schemes when omitting the identification step.