Back to latest resources

ESIGN and eIDAS: Understand eConsent Regulations in Clinical Trials

Regulatory Compliance

eConsent has become a critical component in clinical trials, offering improvements in efficiency, data quality, comprehension, and patient engagement.

Two key regulations governing electronic transactions and signatures are the Electronic Signatures in Global and National Commerce (ESIGN) Act in the United States and the Electronic Identification, Authentication and Trust Services (eIDAS) in the European Union. This article provides a closer look at these regulations as they pertain to eConsent in clinical trials.

The ESIGN Act establishes a uniform standard for electronic transactions across the United States, promoting the use of electronic signatures, contracts, and records by granting legal certainty when parties adhere to its guidelines.

ESIGN and Clinical Trials
The ESIGN Act equated electronic signatures with handwritten ones nationwide, significantly streamlining the process of collecting, monitoring, and managing eConsent signatures for organizations.

eIDAS Regulation
eIDAS is a European Regulation that created a single framework for electronic identification (eID) and trust services, promoting interoperability across the 27 EU Member States. The regulation ensures that the EU member countries mutually recognize each other’s notified electronic identification schemes.

eIDAS and Clinical Trials
In clinical trials, an electronic signature must adhere to the eIDAS Regulation, which distinguishes between three types: Simple Electronic Signature (SES), Advanced or digital Electronic Signature (AES), and Qualified Electronic Signature (QES). Typically, clinical trial applications necessitate an advanced or qualified certificate as mandated by eIDAS, rather than a standard electronic signature.

Advanced Electronic Signatures (AES) are electronic signatures uniquely linked to the signatory, allowing the signatory to retain control. The AES must be linked to the document in a way that can detect any subsequent changes to the document.

The most widely used technology meeting these requirements typically relies on a public-key infrastructure (PKI), using certificates and cryptographic keys.

Qualified Electronic Signatures (QES) are advanced electronic signatures created using a qualified signature creation device (QSCD) and a qualified certificate for electronic signatures, and they hold the same legal weight as handwritten signatures.

A qualified certificate must be issued by a trust service provider that is on the EU Trusted List (ETL) and certified by an EU member state.

While both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are based on Qualified Certificates. Qualified Certificates can only be issued by a Certification Authority which has been accredited and supervised by authorities designated by the EU member states and meet the requirements of eIDAS.

A Certification Authority is a trusted third-party entity responsible for verifying the identities of individuals, organizations, or devices and issuing digital certificates that confirm the authenticity of the entities and enable secure online transactions.

The primary role of a Certification Authority is to vouch for the legitimacy of digital identities and ensure the confidentiality, integrity, and authenticity of data transmitted over the internet. They do this by digitally signing and issuing digital certificates, which contain information about the certificate holder, the public key associated with the certificate, and the CA’s own digital signature.

ESIGN: As a U.S. federal law, ESIGN governs the use of electronic signatures and records in interstate and foreign commerce. For clinical trials operating within or having a nexus with the U.S., understanding ESIGN’s provisions is essential.

eIDAS: Clinical trials taking place within the European Union or involving EU participants must adhere to eIDAS, an EU regulation that applies uniformly across all member states without requiring national laws for implementation.

Electronic Identification:
ESIGN: ESIGN offers limited guidance on electronic identification, focusing primarily on the validity of electronic signatures.

eIDAS: This regulation is especially pertinent for clinical trials, as it establishes a framework for electronic identification. When consenting participants from various EU countries, sponsors now benefit from harmonized electronic ID schemes recognized across member states.

Levels of Assurance:
ESIGN: ESIGN remains silent on classifying electronic signatures based on security or assurance levels.

eIDAS: Clinical trial stakeholders should be particularly aware of eIDAS’s three-tiered classification.

Trust Services:
ESIGN: There is no explicit regulation of trust services or their providers under ESIGN.

eIDAS: Sponsors and their eClinical platform partners aiming to operate in the EU should be fluent with eIDAS’s regulatory framework for trust services. Trust service providers must meet exacting standards to ensure the sanctity and security of electronic transactions.

ESIGN: For clinical trials operating in multiple jurisdictions, it is noteworthy that ESIGN does not specifically address interoperability issues across states or nations.

eIDAS: eIDAS promotes seamless electronic transactions across the EU. Its emphasis on interoperability ensures electronic ID schemes function seamlessly across member states, which is advantageous for multinational clinical trials.

Optimizing Clinical Trials: ESIGN and eIDAS Compliance
Both ESIGN and eIDAS provide the legal framework for using electronic signatures for consent for clinical trials in the US and EU. By ensuring your eClinical trial partner leverages these regulations effectively, sponsors can benefit from improved efficiency, data quality, comprehension, and compliance.

Learn how Alethium’s Intelligent Consent System is fully compliant with both ESIGN and eIDAS.

Schedule a demo today!