Modulo 04 · Firma

eIDAS digital signature — FES, FEA, FEQ

Three-level electronic signature: simple, advanced and qualified, compliant with eIDAS 910/2014 and CAD.

Request a personalised demo Back to all modules

What is eIDAS electronic signature in insurance?

The eIDAS electronic signature is the digital signing system compliant with EU Regulation 910/2014 that grants legal validity to electronically signed policies and contracts across the European Union. The regulation distinguishes three levels (FES, FEA, FEQ); FEQ has legal equivalence to a handwritten signature (eIDAS art. 25). NewPicass 14.Net natively implements all three levels, with SPID/CIE integration as identity provider, Actalis TSA timestamping, incremental PAdES seals on PDFs and multi-signer workflows. Also compliant with the Italian CAD (D.Lgs. 82/2005) and IVASS Distribution Regulation (Reg. 40/2018).

For whom

Who signs insurance documents

PrincipalsBond signing via OTP, SPID, CIE — also on mobile, paperless
BeneficiariesAcceptance signing, payment receipts, release deeds
Internal staffUnderwriters, claims handlers: signing with remote qualified certificate
Brokers & coverholdersBinding-authority contracts, operational delegations, delivered BDX
Key features

Three levels, one integrated workflow

Signature levels
  • FES: OTP via SMS or email for fast low-criticality signing
  • FEA: document identification + selfie liveness + graphometric
  • FEA: upgrade via SPID L2/L3 or CIE identification
  • FEQ: remote qualified certificate via CSC API
  • FEQ: USB token support for autonomous signer signing
  • Multi-signer: signature chain with incremental PAdES seals
Compliance & standards
  • Actalis TSA timestamp (RFC 3161)
  • PAdES, CAdES, XAdES electronic seals
  • SHA-256 hashing, RSA-2048 keys
  • eIDAS 910/2014 compliance, art. 25-26
  • Italian CAD compliance (D.Lgs. 82/2005)
  • AgID-compliant long-term preservation via certified partners
Typical workflow

From "TO BE SIGNED" status to the final PAdES document

01

Policy PDF generation

The back-office generates the policy PDF using carrier templates. Required signature level (FES/FEA/FEQ) is identified based on policy type and amount.

02

Send to signer

Email/SMS to principal with secure link to the signing page. Document is displayed in-browser with signing points and accepted clauses highlighted.

03

Signer identification

FES: SMS OTP. FEA: SPID/CIE or video identification with document recognition. FEQ: remote qualified-certificate PIN at the signer's TSP.

04

Signature application

The PDF is signed server-side (for FEQ) or client-side (for graphometric). PAdES seal applied in incremental mode: previous signatures remain valid.

05

TSA timestamp

Actalis TSA request certifying date and time of the signed document. Timestamp is applied as a separate seal in the PDF.

06

Preservation & notification

Signed PDF + timestamp is archived in the document store, indexed and available for search. Push notification to producer, email to beneficiary.

Technologies

Technical stack

Signature & PDF
iText7 pyhanko microservice SHA-256 · RSA-2048 PAdES · CAdES · XAdES
Identity & TSA
SPID SAML 2.0 CIE · AgID ID CSC API (Cloud Signature) Actalis TSA · RFC 3161
FAQ

Frequently asked questions about eIDAS signing

What's the difference between FES, FEA and FEQ?

FES (Simple Electronic Signature) is any electronic data associated with a signer, e.g. a checkbox tick. FEA (Advanced Electronic Signature) provides unique signer identification, is under their exclusive control and detects post-signing modifications (e.g. graphometric signature + document identification). FEQ (Qualified Electronic Signature) is an FEA based on a qualified certificate issued by a qualified Trust Service Provider — per eIDAS art. 25 it has legal equivalence to a handwritten signature.

When do I need to use FEQ in insurance?

FEQ is required when the document has significant contractual effects and maximum legal certainty is needed: surety bonds to public administration (CIG, L210, AGEA), binding-authority contracts, underwriting delegations, high-premium policies. For retail policies and operational items an FEA is normally sufficient.

Does NewPicass 14.Net use SPID or CIE for signing?

Both. SPID (Italian Public Digital Identity System, SAML 2.0) and CIE (Italian Electronic Identity Card) are integrated as identity providers for the identification step that upgrades the signature to FEA. For FEQ the platform integrates with qualified Italian Trust Service Providers (Actalis, InfoCert, Aruba, Namirial) via CSC API (Cloud Signature Consortium API).

What is a TSA timestamp and why is it needed?

A timestamp is an encrypted attestation that certifies the existence of a document at a specific date and time, issued by a certification authority (TSA = Time Stamping Authority) according to RFC 3161. In insurance it provides reliable dating for signed policies and contracts. NewPicass integrates with Actalis TSA and other AgID-certified TSAs.

Do signed PDFs remain valid over time if signatures are added later?

Yes, thanks to the PAdES format with incremental seals. When a second signer adds their signature, the PDF is modified in append mode (without rewriting the sections signed by the first): previous signatures remain valid and independently verifiable. Same mechanism applies to subsequent timestamps.

Related modules
Modulo 01

Surety bond back-office

Full surety bond lifecycle: issuance, renewal, endorsements, release, with immutable audit trail.

Open module page Modulo 12

KYC & digital onboarding

SPID/CIE/eIDAS identification, AML/PEP/sanction screening, beneficial owner check and continuous refresh.

Open module page Modulo 05

Blockchain verification — Polygon

Immutable policy notarization on Polygon with public QR-code verification.

Open module page
Let's talk · 45 minutes

Want to see eIDAS digital signature — FES, FEA, FEQ in action on your real flows?

45 minutes with one of our engineers, no sales script. You show us your current process and we show you concretely how this module would solve the critical points.

Request demo Talk to an engineer