eu regulation 910/2014 - edicomgroup · eu regulation 910/2014 electronic identification and trust...

EU Regulation 910/2014 Electronic identification and trust services for

e-transactions in Europe.The case for electronic storage .

The case for electronic storage | 2

In an increasingly digital Europe, citizens, businesses and the public sector need a regulatory framework that provides security and legal certainty to electronic activities taking place daily both in public and private scopes. These security mechanisms are set out in Regulation Nº 910/2014 on electronic identification and trust services for e-transactions in the internal market. The regulation, known as eIDAS, is applicable from July 1, 2016. In this Expert Analysis we explain what it contributes and how it can assist businesses in the EU.

Table ofcontents

1. The eIDAS regulation 2. Trust services provider 3. Trust services4. Long Term Storage5. EDICOMLta - the electronic document safekeeping solution6. Practical case studies

37

11182026

3The case for electronic storage |

The eIDAS regulation 1

The latest Digital Economy & Society Index (DESI)1 states that the European Union as a whole achieves a score of 0.52 out of 1 on the digitization scale. The figure is growing gradually, as are online services. However, for the online environment to be consolidated and develop all its potential, it is necessary to build a climate of trust.

To this end, Regulation Nº 910/2014 on electronic identification and trust services for e-transactions in the internal market came into being. Known as eIDAS (electronic ID and Services), this ruling lays the foundation for more secure e-transactions between citizens, businesses and the public sector.

The European regulation provides all the cited stakeholders with a regulatory framework for identification mechanisms when accessing services online or engaging in e-transactions. We refer to identification processes such as e-signature or time stamping. This way, secure interaction in any digital environment is possible, doing away with regional legal barriers and facilitating online management of transactions which previously required physical presence.

Regulation 910/2014 provides a continent-wide framework for more secure e-transactions between citizens, businesses and

the public sector

1 The Digital Economy & Society Index, known as DESI, is a study conducted periodically by the European Commission, summarizing the most relevant indicators on digital performance in Europe and recording the progress of Member States in the field of digital competitiveness.

https://ec.europa.eu/digital-single-market/desi

https://www.boe.es/doue/2014/257/L00073-00114.pdf


The eIDAS regulation creates a cross-border legal framework, which ensures interoperability of electronic identification mechanisms in all Member States

1.1. Initial situation

Concern regarding security and interoperability assurances in the digital scope is not a new issue. The different B2G e-billing models developed in European Union countries are an example of this concern for monitoring and control in the management of certain critical electronic transactions.

The possibilities offered by today's communication networks to streamline and simplify certain e-transactions securely and reliably led to a revision of the legislative framework, albeit insufficient in several respects.

EU Directive 1999/93/EC was the first regulation on identification in the digital scope and remained in force from 1999 until 2014. This directive laid the legislative basis governing e-signature, certification services and the suppliers authorized to provide these electronic identification services. The aim was to simplify this mechanism and spread its use throughout the continent, so that Member States would legally acknowledge electronic signature as a method of identification.

Nevertheless, certain technical and legal issues remained considerably open to interpretation by each State. Consequently, each EU member country transposed the rules differently, imposing their own restrictions, limitations and exceptions. This fragmentation of technical standards made it very difficult to achieve interoperability among regions.

https://www.boe.es/buscar/doc.php?id=DOUE-L-2000-80059


To overcome these shortcomings, in 2012 the European Commission put forward a new regulation on electronic identification. Directive 1999/93/EC did not approach the needs of the new cross-border digital environment, not only due to the lack of interoperability, but also because it focused exclusively on electronic signature. The new ruling was rolled out in order to improve three key points not considered in the 1999 directive:

Instead of a directive, European commission decided to approve a regulation to be directly applied by all European Union countries with no need for transposition to the national legislation of each member state.

In addition to e-signature, the regulation also covers other trust services such as the electronic seal, electronic time stamping, web authentication and electronic delivery services.

The ruling creates a European legal framework that ensures the security of e-transactions throughout the Union and enables cross-border interoperability.


1.2. What does the eIDAS Ruling contain?

Regulation Nº 910/2014 was published on July 23, 2014. Two years later, on July 1, 2016, it came into force in all Member States and as of that point replaced Directive 1999/93/EC on e-signature. Now businesses, citizens and public agencies have more effective alternatives to make their digital operations reliable and are able to engage in a greater number of e-transactions. But what are the main provisions of this regulation? We can sum them up in these three key points:

Establishing a legal framework for e-signature, electronic seal, electronic time stamp, electronic delivery services and website authentication

Regulating the figure of the qualified trust services provider: from the security requirements demanded to fulfil this function to the auditing processes.

Determining the conditions whereby EU countries must accept the electronic means of identification for persons and businesses belonging to other member states, thereby assuring interoperability.

Each State imposes its own exceptions

Only governs e-signature Other electronic identification mechanisms in addition to e-sig-

nature

All States must adopt the provisions of the regulation

Establishes a legal framework that ensures cross-border

interoperability

Directive 1999/93/EC Regulation 910/2014

The different technical interpreta-tions and security levels hamper

cross-border interoperability


To provide legal guarantees and security in electronic transactions, qualified trust service providers are audited by a supervisory body accredited by the competent authority in each European Union Member State

Trust services provider2

One of the most relevant aspects of the eIDAS ruling is the regulation of the so-called trust service providers. This is the figure of the technology provider with the required certifications and technical capacity to provide e-transactions with the trust mechanisms mentioned in the previous section: e-signature, time stamping, etc.

Trust service providers may be qualified or unqualified. The main difference between them is that the former have met a series of requirements and are audited by a supervisory organ accredited at national and European level to carry out said activity. This is also why they provide greater legal and technical security guarantees in e-transactions than their non-qualified peers.

For businesses engaging in e-transactions with other companies or the public sector where sensitive or confidential information is exchanged, having a qualified trust service provider

ensures that the operation will be reliable. But, in addition to this, it provides legal and judicial validity to the documents, granting them the status of burden of proof* before third parties in the frame of the European Union.

«Trust Services Provider», a natural or legal person who provides one or more trust services, either as a qualified or non-qualified provider of trust services.

Regulation Nº910/2014 - Article 3/19


One of the most relevant aspects of the eIDAS ruling is the regulation of the so-called trust service providers. This is the figure of the technology provider with the required certifications and technical capacity to provide e-transactions with the trust mechanisms mentioned in the previous section: e-signature, time stamping, etc.

Trust service providers may be qualified or unqualified. The main difference between them is that the former have met a series of requirements and are audited by a supervisory organ accredited at national and European level to carry out said activity. This is also why they provide greater legal and technical security guarantees in e-transactions than their non-qualified peers.

For businesses engaging in e-transactions with other companies or the public sector where sensitive or confidential information is exchanged, having a qualified trust service provider

ensures that the operation will be reliable. But, in addition to this, it provides legal and judicial validity to the documents, granting them the status of burden of proof* before third parties in the frame of the European Union.

* The burden of proof is the procedural obligation of the duty to demonstrate a fact. Whoever bears the burden of proof is the party that must prove the legal breach. It is the so-called Onus Probandi and its basis is that the person (A), which involves another (B) in the authorship of a legal infringement, must prove it. In the legal scope, we talk about "reversal of the burden of proof", i.e., it shall be the defendant who must make the

corresponding demonstration.


2.1. Which trust service providers are qualified?

The eIDAS regulation states that a supervisory body ² shall be responsible for determining which technology providers are authorized to operate as qualified trust service providers. To receive this approval, companies must first meet the requirements set forth in article 24 of the regulation.

Among other things, the supervisory body assesses staff training, financial resources, system reliability or the security of data storage. If the evaluation is positive, the qualified service provider becomes part of the trusted list.

All Member States are required to publish trusted lists that include the qualified trust service providers. This way companies that hire one of these providers can rest assured that they have successfully completed the necessary qualification processes.

In Spain, the trust list is published and updated by the Ministry of Energy, Tourism and Digital Agenda. EDICOM, as qualified trust services provider, is registered in this list3 of intra-community scope.

Nevertheless, to continue to form part of the trust list, the service providers must submit to a new assessment, at least every 24 months, by the supervisory organ. The aim of this permanent audit is to confirm that both the service providers and the trust services they provide continue to meet the requirements set out in the regulation.

EDICOM is a qualified provider of trusted services for certificate issuance and time stamp creation. Moreover, it is currently in the accreditation process for new qualified services anticipated in the regulation, such as certified electronic delivery and long-term archiving.

2 Each country shall determine the responsible supervisory body in accordance with the regulation specifications.

3 The list of qualified trust services providers is available on the Ministry of Energy, Tourism and Digital Agenda website. Users can consult it here and subscribe to receive notification if any change occurs.

https://sede.minetur.gob.es/Prestadores/TSL/TSL.pdf

https://sede.minetur.gob.es/Prestadores/Paginas/Inicio.aspx


2.2. What is the EU trust label?

In addition to creation of the trust lists, the eIDAS regulation includes another element to certify the qualification of providers and their services. This is the EU trust mark (or “label”) for qualified services.

With this label, providers can indicate in an easily recognizable way what the qualified trust services they provide are and distinguish them from the rest. In this example, we can clearly see the difference:

TRUST SERVICES

CERTIFIED E-SIGNATURE & ELECTRONIC SEAL

ELECTRONIC TIME STAMPING SERVICES

ELECTRONIC DELIVERY SERVICES

Electronic signature certificate issuance (TLS)

Issuing of qualified electronic signature/seal

Qualified electronic signature/seal validation service

Qualified safekeeping service for qualified e-signature/seal

Remote creation of qualified electronic signature/seal

Certified electronic delivery services

Qualified electronic delivery service

Qualified electronic time stamp creation service


Trust services3

Now we know who the qualified providers are and how they are approved, it’s time to discuss the trust services they provide. As stated in the eIDAS regulation, a trust service is an e-service that is usually provided in exchange for remuneration and consists of:

Creation, verification and validation of e-signatures, electronic seals or electronic time stamps, certified e-delivery services and certificates related with the same.

Creation, verification and validation of certificates for website authentication.

Preservation of e-signatures, seals or certificates related with said services.

Now, we shall explain the five trust services defined in the eIDAS regulation. However, the regulation allows Member States to also define other types of trust services, at all times subject to subsequent approval.

The e-signature, electronic seal, electronic timestamp, certified electronic delivery and website authentication of the 5 trust services governed by the eIDAS regulation


3.1. Electronic signature

Secure, complete and reliable. These three conditions must be present in any commercial, legal or similar administrative relationships. When these transactions are carried out by electronic means and we want to ensure this takes place under secure and legal conditions, we must resort to electronic signature processes of the documents.

They provide physical and legal persons with secure electronic identification mechanisms to enable them to engage in activities where e-signature replaces the handwritten, with identical legal guarantees.

Everything referring to the issue of e-signature is extensively covered in section 4 of the new regulation.

The eIDAS differentiates this service into three groups:

Basic or simple e-signatureThe regulation defines it as “data in electronic format annexed to other electronic data or logically linked with them and used by the signer to sign.” This would also include, for example, the scanned signature. For this service, the eIDAS regulation makes no changes compared to the previous legislation.

Advanced e-signatureIdentifies the user, is unique and added to the document in such a way that it is invalidated if the content is modified. Advanced electronic signature has been around for years, but this regulation goes one step further and allows the signer to use the latest technologies, such as mobile devices or cloud services.

Signatures are generated from a digital certificate issued by an accredited provider in the name of the signer. Signers start using it after identifying themselves by a private key known only to them, thus applying encryption mechanisms that prevent any changes being made in the contents and guarantee the integrity and authenticity of the documents signed.


The qualified electronic signature is the only one legally equivalent to a handwritten signature and with the same

validity throughout the European Union

Qualified e-signatureAn advanced electronic signature created by means of a qualified e-signature creation device and based on a qualified e-signature certificate. These certificates may only be issued by accredited Certification Authorities meeting the eIDAS regulation requirements.

The main advantage of this type of e-signature that is the only one deemed equivalent to the handwritten signature with the same legal validity in all member countries of the Union. Moreover, it includes these three features:

Authentication: Allowing identification of the data source and the signer.

Integrity: Prevents changes being made in the signed document.

Non-rejection: at source and destination Provides proofs of sending and receipt, so the sender and receiver cannot deny sending or receipt of the document. This enhances the legal security.


3.2. Electronic seal

The e-seal is another electronic identification system that works in a similar way to the physical stamping on paper documents. The service is used to guarantee the authenticity of e-documents.

Regulation 910/2014 governs electronic seals in section 5. Here, the regulation states that they shall be admitted as legal proofs in judicial proceedings. In addition, as with e-signature, qualified seals have the same validity in all Member States of the Union.

Qualified e-seal certificates must contain the information stipulated in annex III of the regulation:

A statement that the certificate is issued as a “qualified electronic seal certificate”.

Details unambiguously representing the qualified trust service provider that issued the certificate.

Name of the seal creator and, where indicated, the registration number.

The e-seal validation data corresponding to the e-seal creation data.

Information on the start and end dates of the certified validity period.

Identity code of the certificate, which must be unique for the qualified trust service provider.

Advanced e-signature or advanced electronic seal of the issuing trust services provider.

Place where the certificate endorsing the advanced e-signature or advanced electronic seal is freely available.

Location of services that can be used to check the validity status of the qualified certificate.

When the electronic signature creation data related with the e-signature validation data are lodged in a qualified e-signature creation device, an appropriate indication of the fact, at least in a form suitable for automatic processing.

The regulation further states that in transactions requiring a qualified e-seal from a business or institution, the qualified e-signature of an authorized representative of said entity shall also be admissible.


By means of electronic time stamping, the qualified trust services provider certifies that certain given data have existed

from a specific date and time

3.3. Electronic time stamp

The electronic time stamp serves to demonstrate that a series of data have existed and remain unaltered since a specific point in time. The eIDAS regulation states that a qualified electronic time stamp must meet these requirements:

Linking the date and time with the data in such a way that the possibility of altering the data without detection is reasonably prevented.

Based on a temporary information source linked to Coordinated Universal Time (UTC).

Signed using an advanced e-signature or sealed with an advanced e-seal from the qualified trust services provider, or by any equivalent method.

In electronic time stamping, the qualified trust service provider acts as a third party that testifies to the existence of certain electronic data at a specific date and time. This mechanism applies to numerous e-documents such as invoices, orders, business transactions or financial bookkeeping records.

3.4. Certified electronic delivery services

Certified e-delivery service enables transmission of data between third parties by electronic means and provides proofs related with management of the data transmitted. Among them, evidence of data sending and receipt, which protects the information transmitted against the risk of loss, theft, deterioration or unauthorized alteration.

Article 44 of the eIDAS regulation stipulates the requirements to be met by qualified certified e-delivery services. They are as follows:

They shall be carried out by one or more qualified trust service providers.

Assuring sender identification with a high degree of reliability.

Ensuring identification of the recipient prior to delivery of the data.

Data sending and reception protected by advanced e-signature or advanced electronic seal from a qualified trust services provider, preventing any undetected changes being made to the data.

Clear indication to sender and receiver of any modification of the data needed in order to send or receive the information.

Notifying the date and time of sending, receipt and occasional modification of data by means of qualified electronic time stamp.

3.5. Website authentication

Website authentication certificates guarantee users that behind a website there is a legitimate natural or legal person. This is a fundamental service for online business, as it boosts user confidence in a website. Nevertheless, the use of these certificates is voluntary.

When website authentication certificates are qualified, they are valid throughout the European Union, the same as all other qualified trust services.


In electronic time stamping, the qualified trust service provider acts as a third party that testifies to the existence of certain electronic data at a specific date and time. This mechanism applies to numerous e-documents such as invoices, orders, business transactions or financial bookkeeping records.

3.4. Certified electronic delivery services

Certified e-delivery service enables transmission of data between third parties by electronic means and provides proofs related with management of the data transmitted. Among them, evidence of data sending and receipt, which protects the information transmitted against the risk of loss, theft, deterioration or unauthorized alteration.

Article 44 of the eIDAS regulation stipulates the requirements to be met by qualified certified e-delivery services. They are as follows:

They shall be carried out by one or more qualified trust service providers.

Assuring sender identification with a high degree of reliability.

Ensuring identification of the recipient prior to delivery of the data.

Data sending and reception protected by advanced e-signature or advanced electronic seal from a qualified trust services provider, preventing any undetected changes being made to the data.

Clear indication to sender and receiver of any modification of the data needed in order to send or receive the information.

Notifying the date and time of sending, receipt and occasional modification of data by means of qualified electronic time stamp.

3.5. Website authentication

Website authentication certificates guarantee users that behind a website there is a legitimate natural or legal person. This is a fundamental service for online business, as it boosts user confidence in a website. Nevertheless, the use of these certificates is voluntary.

When website authentication certificates are qualified, they are valid throughout the European Union, the same as all other qualified trust services.

How doeseIDAS

Regulationhelp companies?

Imagine that a Spanish company wants to take part in a public tender in ItalyNow let’s look at the differences in the process…

BEFO

RE NO

W

Risk of accessing an uncertified website Impossibility of

authenticating identity of the Spanish company.

What if it were false?

Access to a secure web with authentication certified.The company is electronically identified and its identity assured

¿?¿?¿?

!

Physical exchange of documents begins… along with the problems!

The entire process takes place remotely

¿?Lostfiles

Outlay onphysical

infrastructure

Difficulty ofsubsequently

consulting files

No physicalinfrastructure needed

All documents exchan-ged with a given

administration are linked in a single

archive which can easily be consulted.

File movements are recorded as proof before third parties

Companies have the legal status of qualified trust services

Traceability is lost

Loss of documentsmay occur

Process may lastfrom 1 to 2 weeks

50-100 € 10-20 €

Only a few hours or days to complete the entire process

Postal Servicedelays

Waitingtimes

High economiccosts

e-Signature and electronic timestamp included in the document

The company keeps an electronic record of delivery

@Upon reaching its destination, administration

sends an e-receipt acknowledgement

¿?¿?¿?

EXPED.1

Physical storage vs Electronic safekeeping

Less time

Lower costs

vs

Source: Data in this infographic are taken from the European Commission and are based on this document.


https://ec.europa.eu/futurium/en/system/files/ged/eidasinfographic.jpg


Long Term Storage4

The eIDAS not only constitutes a breakthrough in e-identification methods, but also a definitive boost to the digitization of businesses and administrations. The application of trust services equates e-documents to the traditional ones on paper. This means that companies no longer need to print out and handle large volumes of documents physically, such as contracts, salaries, invoices or orders.

The switch to digitization has great advantages. On one hand, it reduces the costs of printing and physical storage. On the other, it is more environmentally sustainable and enhances productivity. Moreover, electronic document management automates a great many tasks, making it easier to subsequently check data, preventing losses and providing extra security guarantees

However, to preserve the legal condition of documents and files processed with qualified trust services, secure digital safekeeping will be necessary.

Many accounting or tax documents managed by companies contain confidential information that must be archived for years. To this end, the eIDAS regulation also considers one of the defining features of a trust service is the capacity to preserve e-signatures, seals and certificates recurrently in time.

Secure digital storage is needed to ensure legal validity of documents over time


EDICOMLta - the electronic document safekeeping solution5

EDICOMLta (EDICOM Long term archiving) is the long-term storage service offered by EDICOM as a qualified trust services provider.

The service applies the methods of identification, digital signature and electronic timestamping provided in the eIDAS regulation, submitting the documents stored in the system to permanent audits by trusted third party EDICOM, to ensure the integrity and authenticity of the files archived over time.

EDICOMLta deploys a platform certified for the safekeeping of e-documents for the period of time required by companies or set by the legislation in each case. The solution ensures permanent access and retrieval of 100% of documents loaded in the platform, as well as managing proofs endorsing the integrity of stored documents.

EDICOMLta is a certified e-storage solution that preserves the documents while maintaining their integrity and

authenticity over time

EDICOM’s active role as trusted third party involves carrying out permanent audits on the records uploaded, in accordance with international (XSADEsLT and ISO14641) and local standards, whenever such legislation is in force (Conservazione Sostitutiva in Italy). All with the sole purpose of raising the status of the documents preserved to electronic originals with burden of proof, to be used in the event of requirements by third parties and authorities.

The long-term safekeeping service is currently being assessed to obtain the rank of qualified trust service, but already holds the endorsement of the Certification Authority. In addition, it is further endorsed by these other accreditations:


EDICOMLta (EDICOM Long term archiving) is the long-term storage service offered by EDICOM as a qualified trust services provider.

The service applies the methods of identification, digital signature and electronic timestamping provided in the eIDAS regulation, submitting the documents stored in the system to permanent audits by trusted third party EDICOM, to ensure the integrity and authenticity of the files archived over time.

EDICOMLta deploys a platform certified for the safekeeping of e-documents for the period of time required by companies or set by the legislation in each case. The solution ensures permanent access and retrieval of 100% of documents loaded in the platform, as well as managing proofs endorsing the integrity of stored documents.

ISO 27001ISAE 3402 TIER II

EDICOM’s active role as trusted third party involves carrying out permanent audits on the records uploaded, in accordance with international (XSADEsLT and ISO14641) and local standards, whenever such legislation is in force (Conservazione Sostitutiva in Italy). All with the sole purpose of raising the status of the documents preserved to electronic originals with burden of proof, to be used in the event of requirements by third parties and authorities.

The long-term safekeeping service is currently being assessed to obtain the rank of qualified trust service, but already holds the endorsement of the Certification Authority. In addition, it is further endorsed by these other accreditations:


Integrity and authenticity

EDICOM implements advanced e-signature and electronic time stamping systems, which meet the requirements set by the eIDAS regulation for qualified trust services.

Checking and traceability

All e-documents stored on the platform are based on basic metadata that define the traceability between them. This archiving with metadata also provides consultation and immediate retrieval of information by a simple search from a private web environment available 24x7.

Prioritization of documents

EDICOMLta lets you safeguard the full cycle followed by each e-document. For example, in a business relationship, the electronic invoice is stored linked to the order and despatch advice or shipping note. All these documents will be accessible through any of their links.

Legal archiving

The electronic files are stored in the EDICOM Data Processing Center (DPC) under stringent security measures. Moreover, the safekeeping service implements the technical specifications of different international standards, in accordance with local legislations where indicated. For example, in Italy the requirements of Conservazione Sostitutiva are applied, or in Mexico, those of NOM151.

5.1. EDICOMLtafeatures


EDICOM stores electronic files in two redundant DPCs to enhance security and provide 99.9%

service availability

Document auditing

The e-signatures and seals of the files are submitted to periodical control processes in order to maintain the attributes of integrity and authenticity provided. This auditing also monitors the interactions of each user on the documents preserved.

Accessibility and management

EDICOMLta can be integrated with the internal management system of companies or with Edicom’s EDI and Electronic Invoicing solutions, automating the safekeeping and preservation of your e-documents. The entire process takes place in accordance with the directives of the qualified long-term storage service. In addition, new files can be uploaded manually through a web interface for the storage of documents generated with local applications or scans of physical documents created at source.

Smart processing of files through their links with the metadata streamlines classification of the documents for swift and simple retrieval and checking at any time.

USER

ERPid Doc.

Dept. n...

XML

PDF

JPG

XML

PDF

JPG

Metadata

<Id><doc><Dept>

<n>Metadata

<>

http://www.edicomgroup.com/es_ES/solutions/edi/what_is.html

http://www.edicomgroup.com/es_ES/solutions/einvoicing/what_is.html


Redundancy

All e-documents are safeguarded in parallel in two DPCs belonging to EDICOM, with their respective backups. Both Data Centers are located in different physical facilities, although they run synchronously and keep a permanent real-time replica of all resources and data. This ensures high security conditions and 99.9% availability.

XAdEsLTISO 14641

UE 910/2014SOSTITUTIVA

USERACCESS

TIME STAMP DIGITAL SIGNATURE

INFORMATIONSYSTEM

BROWSER

W.SERVICES

USER ADMINISTRATION

DOCUMENT SEARCH AND CLASSIFICATION

METADATA RECORDING

PLATFORM ADMINISTRATION

EXTERNAL BALANCEDACCESS BGP4

HIGH SPEEDCONNECTION

+

DATAPROCESSING

CENTER

DATA BACKUP

DPC 1

+

DATAPROCESSING

CENTER

DATA BACKUP

DPC 2


5.2. Why use a long-term archiving service?

The digital transformation of businesses is advancing at an unrelenting pace and, in many cases, is an obligation. It’s not just about modernizing processes to boost efficiency, but the fact that increasing numbers of countries are now demanding electronic data interchange in the private sector to encourage economic savings and simplify transactions with the public sector. This is the case, for example, of e-invoicing with public administrations being developed throughout the European Union and which is already up and running in countries such as Spain, France, Italy or Portugal, among others.

These fiscal and tax obligations are an open door to paperless management in all areas of the company. Managing paper documents takes up a multitude of resources, both economic and human. However, for the digital leap to take place with full guarantees and legal validity, it is essential to use qualified trust services and store the documents securely for the time required by the legislation, or due to aspects related with business activities, such as agreements reached with customers, suppliers and employees, among others.

26

PRAC

TICA

L CA

SE S

TUDY

The case for electronic storage |

6. PRACTICAL CASE STUDIES6.1 Electronic VAT

bookkeeping

The Immediate Information Sharing (SII) system is a new model developed by the State Tax Administration Agency (AEAT) in Spain, which is used to manage VAT record books electronically.

The SII system requires mandatory electronic issuance and submission of the list of invoices sent and received, within a maximum term of 4 days (excluding Saturdays, Sundays and national public holidays). The obligation also extends to other VAT ledgers with a different periodicity, such as those for investment goods, intra-Community transactions or cash amount record books.

Finally, with this system, which comes into force on July 1, 2017, drawing up the VAT books is done electronically and resides in the AEAT systems. To this we must add that it will include a two-way communication with the agency, allowing VAT record book operations such as authorization, cancellation and modification.

Given this situation, the more than 62,000 companies affected by the new Immediate Information Sharing (SII) system need to manage a large volume of critical data to be sent to and exchanged with the AEAT. So, it is highly recommendable to have a service that guarantees quick, safe and certified preservation of these operations. Thus, in the event of any discrepancy with the information registered in the AEAT books, the company will have legal proofs to endorse the records communicated to the agency.

Businesses affected by the SII need to store their transactions with the AEAT securely and certified, to serve as legal evidence in the event of any incident or third party claims.

What is the solution?Through the EDICOMLta long-term storage service, it is possible to preserve each transaction exchanged with the AEAT under criteria of integrity and authenticity. EDICOMLta is integrated with the EDICOM electronic data interchange platform and your in-house enterprise management systems, storing both a detailed record of communications sent to the Tax Agency and its responses to each transaction declared.

In addition to ensuring the integrity and authenticity of the archived records, EDICOMLta prioritizes the different movements uploaded to the platform, relating them to each other, while providing a replica of the VAT books held in the AEAT electronic office for comparison with the in-house records of your company’s accounting systems.

The specific features that EDICOMLta grants to any document safeguarded in the platform elevate the rank of each VAT movement stored in the solution to that of a binding electronic original.

http://www.edicomgroup.com/es_ES/solutions/edicom-sii/what-is.html?gclid=CM732O7pltACFUmeGwodnrwHNg


PRAC

TICA

L CA

SE S

TUDY

6.1 Electronic VAT bookkeeping

Through the EDICOMLta long-term storage service, it is possible to preserve each transaction exchanged with the AEAT under criteria of integrity and authenticity. EDICOMLta is integrated with the EDICOM electronic data interchange platform and your in-house enterprise management systems, storing both a detailed record of communications sent to the Tax Agency and its responses to each transaction declared.

How does it work?

1

2

3

4

XML

The company in-house information system or ERP receives all the invoices issued and submitted by its suppliers. These data are linked with the solution ready to construct the new format of the electronic VAT books.

The SII solution translates the data extracted from the ERP into the XML format developed by the AEAT, regardless of your system’s own format.

The duly constructed XML are forwarded to the AEAT electronic office within the legally stipulated period.

The AEAT may return different status reports regarding validation of the files submitted (full acceptance, partial acceptance or total rejection).

5 The XML files, along with the VAT books forwarded to the AEAT and all the pertinent responses, are safeguarded in the long-term storage service, with the guarantee of the figure of the qualified trust service provider defined by Regulation EU 910/2014.

In addition to ensuring the integrity and authenticity of the archived records, EDICOMLta prioritizes the different movements uploaded to the platform, relating them to each other, while providing a replica of the VAT books held in the AEAT electronic office for comparison with the in-house records of your company’s accounting systems.

The specific features that EDICOMLta grants to any document safeguarded in the platform elevate the rank of each VAT movement stored in the solution to that of a binding electronic original.


PRAC

TICA

L CA

SE S

TUDY

XML

XML XML XML

XML

AEAT

VAT BOOK

ELECTRONIC OFFICE

INVOICES

VAT BOOK

ACCOUNTING SYSTEM

SUPPLIER

ACK

MISMATCHDETECTION

REPORTING

USER

IN-HOUSEVAT BOOK

AEATVAT-BOOK

1

23

4

5

6

7

6

7

EDICOMLta makes it easy to locate a record of invoices and associated operations (authorization, modification or cancellation), as well as the responses received.

TDICOMLta lets you request a detailed report on balancing of the books. In the event of any discrepancy between the company’s in-house accounting records and the AEAT self-assessment, the LTA can extract a detailed report in multiple formats for quick consultation of the mismatch.

6.1 Electronic VAT bookkeeping

PRAC

TICA

L CA

SE S

TUDY

6.2 Document preservation in theHuman Resources department

Managing Human Resources in a company involves administering a large number of documents related with the people making up the company. Obviously, this volume increases the bigger the size of the business. The problem is compounded due to the heterogeneity of the documents processed (payroll, reports for the tax authorities, tax rebates, etc.).

The challenges faced by human resources managers in great variety of formats and types, classification, preservation, retrieval, etc.

It is quite common to find digital documents preserved under scant security conditions in the internal servers of companies, and with documents on paper, which moreover are archived by physical means. As a result, traceability between documents forming part of the file of the same employee is lost.

This scenario can make workforce documentation management inefficient, hindering apparently simple tasks. For example, delivery and storage of critical documents such as employee payrolls, contracts, tax reporting and withholding certificates, among others

The volume of documents to be managed also varies depending on the sector or activity, but the need for legal, efficient and secure safekeeping which preserves the integrity of the documents remains in all cases.

With EDICOMLta, Human Resources departments unify all the documents generated by an employee in their relationship with the company, in a unique and centralized electronic archive


PRAC

TICA

L CA

SE S

TUDY

6.2 Document preservation in the Human Resources department

What is the solution?With EDICOMLta, corporate Human Resources departments can preserve, archive and quickly consult all documents related to the working life of an employee. This process is carried out with an integral solution that lets you unify all your documentary management electronically, granting e-documents originally preserved in EDICOMLta the same legal value as their counterparts on paper.

The solution now has the assurance of the EDICOM Certification Authority and implements storage and safekeeping of e-documents in accordance with XADEsLT and ISO 14641. This means that 100% of the documents stored are accredited by a trusted third party such as EDICOM, with the status of electronic originals that can be used as required by authorities and third parties to settle any dispute.

How does it work?

1

2

3

Documents in any format, both electronic in origin and image type (scanned), are entered in the solution through a direct link with the client’s ERP, enabling the sending of large batches of documents and their storage under worker ID efficiency criteria.

Documents may also be uploaded accessing the solution interface by a drag-and-drop system.

The e-signature and time stamp are applied to the documents to ensure their integrity and authenticity. These services are acknowledged by the EU as qualified trust services.

ERP


PRAC

TICA

L CA

SE S

TUDY

4Documents are classified in the solution through a metadata structure agreed with the client, which contains the employee ID. This creates a trace unifying all an employee’s documents in a single electronic file.

5 The solution sends a notification to the worker with a secure private link to download the document stored.

USER

ERP

XML

PDF

JPG

EMPLOYEE

EXPED.1 EXPED.2

EXPED.3 EXPED.1

1

2

3

4

5 6

EXPED.1

6Each employee has a private environment where they can consult the file at any time. Additionally, all actions taken on each document, whether viewing or downloading, are recorded as evidence.



PRAC

TICA

L CA

SE S

TUDY

Providing added valueIntegration with other applications - Business@Mail Payrolls

EDICOMLta can be integrated with EDICOM’s own e-messaging applications, such as B@M Payrolls. This solution enables confidential, direct and reliable delivery of workers’ payrolls electronically. The document and receipt acknowledgement generated are digitally signed prior to integration with EDCOMLta. EDICOM, as qualified trust services provider, issues the worker’s e-certificate with which the document is signed.

This way, the original and/or signed document will be automatically preserved in LTA and safeguarded over time with full guarantees and legal evidence that they have been delivered and accepted.



PRA

CTIC

AL C

ASE

STUD

Y

6.3 Preservation of e-invoices sent to theSpanish Public Administration

As of 2015, e-invoicing is compulsory for all suppliers to the public administration. These documents must be forwarded to the pertinent agency in a structured XML data format, with the Facturae model determined by the standard, and delivered via the designated General Entry Points.

This system also includes the management of a series of acknowledgements that inform the supplier of the different stages through which each of the invoices submitted passes. These data are likewise reported in electronic format and considerably increase the number of files to be managed by the supplier.

Other key documents handled in this area are purchase orders or despatch advices (delivery notes), as they are linked with the contractual framework in which a given transaction is generated.

Applying trust services and e-storage of invoices and trade documents enhances the company’s legal security



PRA

CTIC

AL C

ASE

STUD

Y

What is the solution?

With EDICOMLta, suppliers to the administration can file and retrieve their invoices and business documents through time, which is essential given the long payment periods usually found in the public sector. Moreover, the files are safeguarded in linked format. This means that all the documents belonging to the same contractual relationship between the company and the pertinent Administration are linked, which makes subsequent consultations or checks easier.

The application of qualified trust services and the recording of each interaction with electronic invoices act as legal evidence in the event of any procedure, which enhances corporate legal certainty.

1

2

3

Public Administrations, with an integrated EDI system, maintain a permanent communication flow with their suppliers which includes the exchange of purchase orders and despatch advices.

EDICOMLta safeguards the purchase orders received by EDI. The service automatically generates metadata to index and rank the linked documents.

The user uploads the purchase orders received by e-mail or fax. In this case, the metadata are recorded manually.

How does it work?

6.3 Preservation of e-invoices sent to the Spanish Public Administration


PRA

CTIC

AL C

ASE

STUD

Y

USER

EDICOM Platform

EDICOM Platform

PlatformManagement

NON-INTEGRATEDPUB. ADMIN.

NON-INTEGRATEDPUB. ADMIN.ERP

+

ORDER PDF

EDI ORDER

EDI DESDAV INVOICE

INVOICE

ACK’s

ACK’s

ACK’sORDERSetc.

INVOICES

</>

1

2

3

4

5

5

6

4The EDICOM platform integrates with the ERP to issue the invoice in Facturae format. EDICOMLta takes custody of this document and automatically relates it to the rest of the linked files.

5 The e-invoice is forwarded to the General Entry Point for e-Invoicing of the recipient Public Administration.

6The different ACKs (receipt acknowledgements) issued by the administrations reporting the status of each invoice are also safeguarded in the service. This completes the record of each transaction.

+

6.3 Preservation of e-invoices sent to the Spanish Public Administration

www.edicomgroup.com

**Solo para llamadas desde el país indicado

[email protected]

Brasil

Argentina +54 (11) 5443 8050 [email protected]

+55 (11) 3154 5100 [email protected]

Colombia +57 (1) 795 3970 [email protected]

España +34 961 366 [email protected]

France +33 (0)1 53 76 37 50 [email protected]

Italia +39 02 0064 0402 [email protected]

México +52 (55) 52 12 15 66 [email protected]

U.S.A. +1 212 889 1909 [email protected]

EDICOM GLOBAL

Deutschland +49 1801 000 111

België

Chile

Ecuador

Guatemala

Nederland

Morocco

Peru

Polska

Portugal

Russia

United Kingdom

Uruguay

+32 (0) 78 790 052

+56 2 2595 2823

+593 1800 000441

+502-23784851

+31 (0) 207086282

212520426058**

+51 17052264

+48 22 307 15 05

+351 707 786 678

+7 (495) 463 17 01

+44 (0) 871 277 0028

000 416 205 1339**

INTERNATIONAL PHONES

**Calling only from the country associated to the phone number

**Seulement pour les appels réalisés depuis le pays

**Solo per chiamate dal paese indicato

**Apenas para chamadas do país referenciado

Honduras 800 5041 0061**