In an increasingly paperless and digitized world, qualified electronic signatures are steadily gaining in importance. But what exactly is a QES, and what makes it different from any other electronic signature? In short, it is a reliable method to ensure the authenticity and legal validity of electronic documents.
What is a Qualified Electronic Signature?
A qualified electronic signature, or QES for short, is an advanced electronic signature that is legally recognized as equivalent to a handwritten signature. Generated through cryptographic processes, it verifies the identity of the signatory and the integrity of the signed document.
Unlike conventional digital signatures, the QES meets strict security and authenticity standards stipulated by law to ensure the immutability and binding nature of electronic documents.
Qualified electronic signatures are used across all industries - e.g. in commerce, healthcare, legal departments and public administrations - as a trustworthy and secure method of exchanging digital documents. With a QES, you can sign contracts, apply to authorities or send electronic invoices.
The use of qualified electronic signatures can significantly accelerate the closing of contracts and other business transactions, as documents may be signed in real time, regardless of location. In addition, QES significantly reduces administrative and paper costs; time-consuming processes such as printing, signing, scanning, and mailing documents are no longer necessary.
Types of Electronic Signatures
Electronic signatures are used around the world, with different regulations depending on region or country. Thus far, the EU has one of the stricter and more detailed sets of regulations, the eIDAS Regulation, governing the use of electronic signatures. The eIDAS Regulation defines and distinguishes between the following types of electronic signatures:
- Simple Electronic Signature (SES): Simple electronic signatures include all forms of electronic identification or confirmation to ensure the integrity of a document. You can create them by email, a mouse click or with a digital signature pad, and they are legally binding. However, as the identity of the signatory can only be verified with limited certainty and SES are easier to manipulate than advanced signatures, the safety can be rather questionable. A SES offers basic protection, but it is less suitable for critical or sensitive transactions.
- Advanced Electronic Signature (AES): Advanced electronic signatures (AES) are a modern alternative to handwritten signatures for online business transactions. With an AES, you can be sure that a document remains unchanged after signing and is protected against manipulation. A signature key is used to this end. Legally, the AES is considered equivalent to a handwritten signature; it reliably secures electronic transactions and business procedures.
- Qualified Electronic Signature (QES): Qualified electronic signatures are the safest form of electronic signatures as per the eIDAS Regulation. They require the signatory to be authenticated by a certified service in addition to protecting the document against manipulation. As QES meet strict legal requirements, they have the same legal validity as handwritten signatures and guarantee maximum security and legal compliance.
Essentially, the biggest difference lies in the verification of the signatory's identity. For a qualified electronic signature, an accredited certification service is responsible to complete this step. A QES promises greater reliability and legal certainty than a simple electronic signature, which primarily protects the integrity of the document.
Why Do You Need a Qualified Electronic Signature?
As more transactions and procedures are digitized in our modern world, many industries and governing authorities require legally binding and verifiable proof of authenticity for digital documents to be legally binding. This is where the QES comes into play, as it guarantees authenticity of remote signatures used on legally sensitive documents.
The qualified electronic signature is essential for electronic transactions. It not only ensures that electronic documents are legally binding, but also enables the secure exchange of information and business details between the parties involved. This is particularly important in business relationships or official matters, where legal compliance and authenticity of documents are essential.
Another crucial purpose of the QES is proof of identity. During the process, the identity of the signatory as well as the integrity of the signed document is verified, confirming the liability of the person who signed it. This increases the security and trustworthiness of electronic transactions and helps prevent identity fraud.
The use of a QES is also necessary when conventional electronic signatures don't meet required security standards. This applies mostly to sensitive contracts, official documents or financial transactions where maximum security and legal compliance are expected.
How Do You Create a Qualified Electronic Signature?
To create a qualified electronic signature, you will need a signature card with an electronic certificate from a certification service as defined by the eIDAS Regulation. This certificate verifies the identity of the signatory and contains encrypted information required to create and verify the signature.
Qualified certificates for electronic signatures are provided by providers (public and private) who have been granted qualified status by a competent national authority and are listed in the national 'trusted lists' of the EU Member States. These lists are accessible through the Trusted List Browser.
Encryption plays a crucial role in the creation of a qualified electronic signature. The process is based on a pair of cryptographic keys: the private signature key and the corresponding public key.
The private signature key is accessible only to the signer and is part of this key pair. It is cryptographically encrypted and provided by the provider of the qualified certificate on a qualified signature creation device.
The public key is derived directly from the private signature key. This public key is accessible to everyone and can be used to verify the signature. It can decrypt documents that have been signed with the corresponding private signature key; thus, confirming the authenticity of the signature as well as the signatory's identity.
The qualified certificate issued by the trust service provider serves as a link between the two keys and confirms both their association with and the identity of the signatory. It ensures that the public key actually matches the respective private signature key when the owner tries to generate an eIDAS signature, i.e. QES, on official documents.
Concluding Contracts with Qualified Electronic Signatures
Now that we understand why using electronic signatures makes sense, let’s walk through a practical example of how to do it. To sign a contract with a Qualified Electronic Signature (QES), for instance, you will need to observe the following steps:
- Select a trustworthy provider: Look for a trustworthy provider of e-signature services that is certified by a recognized certification authority (Trust Service Provider), like D-Trust, SwissSign or GlobalSign.
- Registration and identification: Register with the provider and go through the identification process. You can do this in person or remotely with the help of video- or auto-identification tools. You will need an official document such as an ID card or passport to verify your identity.
- Installation of signature software: Install the provider software or application on your computer or mobile device, and sign all electronic signature agreements. You will use this software to sign documents electronically.
- Receipt of a signature certificate: After successful identification, you will receive a qualified certificate, which will be used for your electronic signature. This certificate will be saved to a secure signature creation device (e.g. chip card, USB token or cell phone, depending on your e-signature service provider).
- Prepare your document: Open the document to be signed in the electronic signature software.
- Sign the document: In the software, select the option to sign the document. Depending on the provider and device, you may need to enter a PIN or password to confirm the signature. The document has now been signed electronically and linked to your certificate.
-
Verifying the signature: After you have signed it, any electronic signature software or special verification service can verify the validity of your QES to ensure that the signature is genuine and the document unchanged.
Requirements for a Qualified Electronic Signature
There are certain qualifications eIDAS requires for a signature to be classified as qualified. The following table is a summary of these requirements:
|
Requirement
|
Explanation
|
|
1. Qualified certificate for electronic signature
|
Required certificate from a recognized certification service meeting legal standards.
|
|
2. Electronic key combination
|
Use of an electronic key combination on a qualified signature creation device, such as a signature card.
|
|
3. Unambiguous verification of signatory
|
Clear and unambiguous identification of the signatory to ensure identity verification.
|
What is eIDAS: Legal Basis for Qualified Electronic Signature
The legal basis of the qualified electronic signature has been established in all EU member states as well as in Switzerland and guarantees its legal validity. For legal purposes, the QES is considered to be on par with a traditional signature on paper. Consequently, it is also accepted as a binding form of electronic signature in legal contexts.
Since 2016, the eIDAS Regulation stipulates the QES. Section 4 Article 25 (2) specifically states the following:
“A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.”
The eIDAS Regulation replaced the previously inconsistent signature laws of the EU member states with a standardized regulation. It establishes clear expectations that guarantee the validity and legally binding nature of the QES throughout the European Union, a consistent and reliable basis for the use and recognition of the QES:
“A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognized as a qualified electronic signature in all other Member States.” (Section 4 Article 25 (3))
Conclusion
Qualified electronic signatures play an increasingly important role in ensuring the confidentiality, legal validity and integrity of documents. The eIDAS Regulation has established clear standards for electronic signatures, with the QES representing the highest level of security.
By requiring a qualified certificate, an electronic key combination and the identification of the signatory, the QES offers a high level of security and reliability that is equal to a handwritten signature.
Qualified electronic signatures allow for a secure and legally compliant exchange of documents; they also facilitate more efficient digital work processes in many industries and jurisdictions. The acceptance and use of qualified electronic signatures are important to advance digital transformation and enable secure and trusted electronic transactions.
With the integration of Skribbel, PXL Vision already facilitates simple electronic signing of documents. You can expand the PXL Ident auto-ID process to include the simple electronic signature module, which simplifies the signing of contracts in the verification process, for example. We are able to offer QES, PXL eSign, to our customers from now on.
Are you interested in the topic of qualified electronic signatures or looking for a solution? Please feel free to contact us!
FAQ
.
