eIDAS & CAD — electronic signature and digital documents
EU Regulation 910/2014 and Italian Digital Administration Code (D.Lgs. 82/2005). FES, FEA, FEQ, TSA timestamping, AgID-compliant long-term preservation.
eIDAS + CAD: e-signature for insurance
eIDAS (EU Reg. 910/2014) and CAD (D.Lgs. 82/2005) are the frameworks governing electronic signature in the European Union and Italy respectively. eIDAS harmonises the three FES, FEA, FEQ levels across the EU and establishes in art. 25 the legal equivalence of FEQ to a handwritten signature. The CAD adopts the principle in Italian law (art. 21) and regulates long-term preservation, corporate electronic seals, digital identity (SPID/CIE). NewPicass 14.Net natively implements all three levels (FES with OTP, FEA with SPID/CIE + graphometric, FEQ with remote qualified certificate via CSC API), produces incremental PAdES seals on PDFs, integrates AgID-qualified Actalis TSA for RFC 3161 timestamps, and interfaces with AgID-certified preservation providers for decade-long storage.
eIDAS + CAD articles applied to software
art. 25-26
FEQ legal validity
FEQ equivalent to handwritten signature. FEQ-signed document admitted as court evidence.
art. 3, 26-29
FES/FEA/FEQ signature levels
Definitions and operational requirements of the three levels. NewPicass natively implements all three.
art. 35-37
Electronic seal (e-seal)
Automatic seal applied by legal person (insurer). Different from physical signer's signature. Configurable in NewPicass for mass issuance.
art. 41-42
Qualified timestamp
Certifies document existence at certain date. Integration with AgID-qualified Actalis TSA.
art. 20 c. 1-bis
Signed electronic document
Legal recognition of electronic documents signed with advanced, qualified or digital electronic signature.
art. 43-44
Long-term preservation
Decade-long preservation via AgID-accredited preservation provider. NewPicass sends signed copies to partner providers.
What NewPicass does vs what remains yours
Covered
- FES with SMS/email OTP
- FEA with SPID/CIE + graphometric signature
- FEQ with remote qualified certificate via CSC API
- Automatic corporate electronic seal (e-seal)
- Actalis TSA RFC 3161 timestamp
- Incremental PAdES seals on PDF
- AgID-certified preservation provider integration
- Public signature-verification API
Customer responsibility
- Qualified Trust Service Provider choice
- AgID-certified preservation provider choice
- Internal policy on required signature levels
- Signer identification for qualified certificate
- Legal preservation of TSP contracts
- Certificate revocation workflow in specific cases
Where this framework lives in the platform
Frequently asked questions on eIDAS & CAD
Does a FEQ-signed policy have the same legal value as paper?
Yes. Art. 25 of EU Regulation 910/2014 explicitly establishes that the qualified electronic signature (FEQ) has the same legal value as a handwritten signature. In Italy, the CAD (D.Lgs. 82/2005, art. 21) implements the principle: an FEQ-signed document is admitted as evidence in court with the same probative force as paper signed by pen.
When should I use FES, FEA or FEQ in insurance?
Practical rule: FES for minor-importance acts (e.g. cookie consents, informational declarations); FEA for most policies (retail insurance, customer management); FEQ for higher probative-risk acts: surety bonds to public administration, binding-authority contracts with insurers, underwriting delegations, high-premium policies. Insurer/broker can raise the required level via internal policy.
Is AgID-compliant long-term preservation included in the platform?
Not natively in NewPicass 14.Net as a final service, but there's integration with AgID-certified preservation providers (Aruba, InfoCert, Postel). The flow: NewPicass keeps the signed document online for operational access + insurance retention (10 years); in parallel sends signed copy + metadata index to the customer-chosen preservation provider for decade-long, court-opposable storage. One-time setup during onboarding.
What is a timestamp and when is it needed?
A timestamp (RFC 3161) is an encrypted attestation certifying the existence of a document at a precise date and time, issued by a qualified Time Stamping Authority (TSA). Key when you need certain date opposable to third parties: bonds attached to public tenders, contracts with critical effective dates, signature evidence in chronological orders. NewPicass 14.Net integrates with Actalis TSA (AgID qualified).
What signature format do you produce on PDFs?
PAdES (PDF Advanced Electronic Signature) as standard, in incremental mode: each added signature creates a new PDF revision without invalidating previous ones. This enables multi-signer workflows (e.g. principal signs → beneficiary counter-signs → insurer applies seal) keeping all signature history verifiable. We also support CAdES (for binary files) and XAdES (for XML).
How is a NewPicass-produced FEQ signature verified?
The signed PDF includes everything needed for offline verification: signer certificate, certification chain, TSA timestamp. Verifiable with: Adobe Acrobat Reader, DSS (EU Digital Signature Service), preservation provider software (e.g. Dike), EU portals (e.g. European Commission Validation Service). NewPicass also exposes a public signature-verification API for third-party integration.
Audit your eIDAS · CAD compliance with us
45 minutes with a compliance engineer. We walk through the platform's coverage on this framework and identify the gaps you still need to close on your side.