Electronic Identification (eID): What It Is and When You Need It
Understanding eID for e-Signing — And When You Do Not
Electronic Identification (eID) is one of the most misunderstood concepts in e-signing. Many businesses assume they need government-grade identity verification for every signature, when in reality, most documents require far less. Understanding the different levels of identification helps you choose the right approach — and avoid paying for security you do not need.
What is Electronic Identification (eID)?
Electronic Identification (eID) is any digital method used to verify that a person is who they claim to be. The term covers a wide spectrum, from a simple email verification to a government-issued digital identity card.
At its most basic, eID answers one question: is this person really who they say they are?
The methods range from simple to complex:
| Level | Method | Example |
|---|---|---|
| Basic | Email address verification | Signer receives link at known email |
| Standard | One-time password (OTP) | SMS or email code sent to signer |
| Enhanced | Biometric verification | Passkey with Face ID or fingerprint |
| Advanced | Bank ID or mobile ID | Nordic BankID, Belgian itsme |
| Qualified | Government-issued digital ID | Estonian ID card, German eID |
eID in Europe: The eIDAS Framework
The EU's eIDAS Regulation (Electronic Identification, Authentication and Trust Services) created a formal framework for electronic identification across member states. Under eIDAS, there are three levels of assurance:
- Low — reduces the risk of identity misuse (e.g., username and password)
- Substantial — reduces the risk to a significant degree (e.g., two-factor authentication)
- High — prevents identity misuse to the highest degree (e.g., government-issued eID with a physical card or mobile app)
These levels matter because EU regulations tie them to three types of electronic signatures:
-
Simple Electronic Signature (SES) — any electronic data attached to a document to indicate agreement. A typed name, a drawn signature, clicking "I agree." No specific eID requirements.
-
Advanced Electronic Signature (AES) — uniquely linked to the signer, capable of identifying them, and created with data under their sole control. Requires stronger identification but not necessarily government eID.
-
Qualified Electronic Signature (QES) — created using a qualified certificate issued by a trusted authority. Requires government-level eID. This is the only type that EU law considers automatically equivalent to a handwritten signature in all member states.
Do You Actually Need Qualified eID?
This is the critical question, and for most businesses the answer is no.
Qualified electronic signatures (QES) are required for:
- Certain real estate transactions in specific EU countries
- Some government procurement processes
- Specific regulated industries (depending on national law)
- Documents where national law explicitly requires a "handwritten signature equivalent"
Simple or advanced electronic signatures are sufficient for:
- Commercial contracts between businesses
- Employment agreements
- Non-disclosure agreements
- Vendor and supplier contracts
- Client onboarding documents
- Internal approvals and policies
- Sales agreements and purchase orders
Under both EU law and the laws of most countries worldwide (US ESIGN Act, UK Electronic Communications Act, Australia's Electronic Transactions Act), a simple electronic signature cannot be denied legal effect solely because it is electronic. The practical standard for most business documents is not what level of eID was used but can you prove who signed and that they intended to sign?
eID Methods That Work for Most Business Documents
For the majority of commercial and business documents, these identification methods provide sufficient evidence of signer identity:
Email-based identification. The signer receives the document at their known email address. The fact that they accessed the document from that email — combined with timestamps and IP logging — establishes identity for standard business agreements.
SMS verification. A one-time code sent to the signer's phone number adds a second factor. The signer must have access to both their email (to receive the document) and their phone (to enter the code). This satisfies "substantial" assurance under eIDAS.
Biometric passkeys. Modern platforms support WebAuthn passkeys, where signers verify their identity using Face ID, Touch ID, or a fingerprint reader on their device. This ties the signature to a specific person through their biometric data — a strong form of identification that signers already use daily.
IP and device logging. Recording the signer's IP address, browser, operating system, and timestamp creates a detailed record that can be used as evidence if a signature is ever disputed.
How GoodSign Approaches Signer Identification
GoodSign offers practical signer identification that covers the needs of most business documents — without the complexity and cost of government-grade eID infrastructure.
Email verification. Every signer receives a unique, secure link to their email address. Document access is tied to that link, creating a clear chain of evidence.
SMS verification. Enable SMS one-time passwords for signers who need an additional layer of identity verification. The signer must enter a code sent to their phone before they can access or sign the document.
Passkey authentication. GoodSign supports biometric passkeys — signers can verify their identity with Face ID, Touch ID, or a fingerprint. This is one of the strongest consumer-grade identity verification methods available, and signers already know how to use it.
Comprehensive audit trail. Every document includes a detailed record of signer identification: email address, IP address, device information, timestamp, and verification method used. This audit trail is embedded in the completed document and stored permanently.
No account required for signers. Signers do not need to create a GoodSign account to sign. They receive a link, verify their identity through the method you choose, and sign. This removes friction while maintaining a clear identification record.
GoodSign pricing is simple: $1.50 per envelope sent, with all verification methods included. There is no extra charge for SMS verification or passkey authentication, and no per-user fees for your team.
When to Choose Stronger Identification
Be honest about your requirements. If your documents require qualified electronic signatures under EU law — certain real estate transactions, specific government submissions, or regulated industry requirements — you will need a platform that integrates with government eID providers and qualified certificate authorities. GoodSign does not offer QES or eIDAS qualified signatures.
However, if your use case is standard business documents — contracts, agreements, approvals, onboarding paperwork — then email verification, SMS OTP, and biometric passkeys provide more than sufficient identification. The legal validity of your signed documents depends on proving intent and identity, not on having the highest possible level of eID.
Most businesses overestimate their eID requirements. A commercial contract signed with email verification and a timestamped audit trail is legally binding in virtually every jurisdiction. Save the government-grade eID for the documents that actually require it.