See https://support.esign-app.com for eSign Documentation and Support

eIDAS Electronic Signature Assessment

This page highlights the primary requirements of eIDAS (electronic IDentification, Authentication and trust Services) advanced electronic signatures and how they are addressed by eSign with Atlassian Jira.

At a high level eSign for Jira (combined with the Atlassian Cloud Platform) meets the requirements for Advanced Electronic Signatures as defined by eIDAS.

At the current time eSign for Jira does not support the eIDAS Qualified Electronic Signatures.

From Regulation (EU) No 910/2014

Article 26 Requirements for advanced electronic signatures

An advanced electronic signature shall meet the following requirements:

eSign for Jira
Assessment Information

Article 26 Requirements for advanced electronic signatures

An advanced electronic signature shall meet the following requirements:

eSign for Jira
Assessment Information

(a) it is uniquely linked to the signatory;

The eSign signature is linked to the Signatory through Atlassian’s unique internal account Id in addition to the Signee name.

(b) it is capable of identifying the signatory;

The Signee name is displayed with every rendering of the Signature.

(c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and

Signatures are executed within the Atlassian cloud environment only after two authentication steps have been completed:

  1. The signatory has authenticated to their Atlassian account with credentials (e.g. username/password)

  2. The signatory must enter their personal eSign Pin for every Signature execution.

The Atlassian account credentials (password) and the eSign pin are under the user’s sole control.

(d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

Contained within each executed signature is a cryptographic hash of current Jira issue data, including attachments. Any data change will invalidate the signature which is detectable on the verification and signature archive reports.