What is a Qualified Electronic Signature (QES)?
ZealiD’s mission is to empower natural persons to leverage their first legally recognized digital identity in relation to digital service providers from all industries
The current digital transformation of many businesses, coupled with the growing environment of remote operations, has changed the way people work and interact with each other. As a result, electronic signatures are on the rise and expected to reach a market value of $5 billion in 2023.
However, the lack of awareness about legality, different kinds of signatures and when and how to use them is a major challenge for would-be users.
ZealiD’s mission is to empower natural persons to leverage their first legally recognized digital identity in relation to digital service providers from all industries. This means the freedom of entering into agreements, accessing accounts safely and registering for regulated services across the EU.
ZealiD has put together a guide for both users and service providers to help them navigate the benefits and intricacies of electronic signatures.
- What is an electronic signature?
- Are there different types of electronic signatures?
- Why should I use a Qualified Electronic Signature?
- When should I use a Qualified Electronic Signature?
- What are the legal effects of a Qualified Electronic Signature?
- What are the most common use cases for Qualified Electronic Signatures?
- How do I know if a document has been signed with a Qualified Signature?
What is an Electronic Signature?
The European Union defines an Electronic Signature as the electronic equivalent of a handwritten signature. This means that just like its handwritten counterpart, an electronic signature is a proof of identity and intent in a digital environment and a legal way of acquiring consent or approval of electronic documents.
The regulation standardising electronic signatures in the EU is called eIDAS, which stands for electronic Identification, Authentication and Trust Services. Note that this is a regulation, much like GDPR, and is immediately transposed into national law in all member states. This legislation establishes a legal structure for electronic identification in Europe and outlines the EU standards and compliance required to electronically authenticate things like:
- ID
- Signatures
- Seals
- Documents
Electronic signatures offer many benefits. They allow remote signing of documents at any place and time and provide greater security and integrity because the signed document cannot be altered. They also reduce carbon footprints and operational costs!
“eIDAS is the most important piece of legislation after PSD2 for EU financial service providers. Thanks to ETSI, the first global standard on identity and signatures, it provides very specific guidance on how a service provider should conduct business remotely. There are two reasons why service providers need qualified signature: 1) legislation requires them or 2) risk mitigation requires them. The future infrastructure of financial services is based on a concept of identity with a foundation in eIDAS certificates and esignatures.”
Philip Hallenborg
CEO
Are there different types of electronic signatures?
Yes. According to eIDAS, there are three recognised types of electronic signatures, each offering different levels of assurance and security:
- Simple Electronic Signature (SES)
The least advanced type, this might be something like an ‘I Accept’ button on a desktop browser. While easy to use, it doesn’t guarantee that your signature is linked to you, and it’s not tamper-proof. - Advanced Electronic Signature (AES)
This signature adds another layer of security by identifying each unique signatory and detecting any changes to the document or data. Often using cryptographic keys, this could be something like BankID, which is used in Sweden or Signaturit, which is used in Spain. Advanced signatures have great technical standards and quality, but they are not subject to rigorous requirements in reliability, trustworthiness or assurance. - Qualified Electronic Signature (QES)
This type of signature features all of the security features of an advanced electronic signature, but additionally, it uses a qualified certificate and multifactor verification to identify the signatory. It is the only signature explicitly recognized as the legal equivalent of a handwritten signature across all EU member states. A QES has third party assurance, requiring auditing and standardised methods that requires the highest levels of security and trust protocols. ZealiD is a Qualified Electronic Signature!
Details and differences of each signature type:
Want to get a free consultation?
Get in touch
“Integrity is one of the primary steps from advanced signatures to qualified signatures. The qualified signature is in a controlled, audited environment using trustworthy processes and verified technology.”
Robert Hoffman Quotes
Security Officer ZealiD
Why should I use a Qualified Electronic Signature?
To help determine which electronic signature suits your needs, consider these four key elements:
- Authenticity - Does the signature need to be unique to the signatory?
- Identity – Does the signature require guaranteed identity verification?
- Integrity - Should the signature be able to detect any subsequent data changes?
- Authentication - Is the signatory in complete control of the signing?
If the answer is yes to all of the above, a Qualified Electronic Signature (QES) is the solution. And even if it isn’t, a QES is still the most secure method and represents the highest level signature solution in a digital environment and can even be considered safer than a handwritten signature. The reverse burden of proof, the ability to validate the signature and the guaranteed verification of identity all offer added security advantages. The validation enables an individual to check when a document was signed and provides the cryptographic data to prove it. This is only possible with a QES, meaning it’s the safest form of signature available and the only one providing the legal effect of a handwritten signature.
A QES can only be issued by a Qualified Trust Service Provider (QTSP), which is supervised by a member state supervisory authority (e.g. Bundesnetzagentur in Germany) and included in nationalTrusted Lists. QTSPs are highly regulated and must pass every test of eIDAS compliance. ZealiD is a QTSP and Sweden’s first and only issuer of qualified certificates and signatures.
In addition, Qualified Electronic Signatures can only be created using a qualified signature creation device (QSCD) with specific software and hardware which ensure that:
- Only the signatory is in control of their key.
- The generated signature’s data is managed by a QTSP.
- The created signature data is confidential and protected from forgery.
Currently, very few providers can provide qualified signing in smartphones and instead require the use of an additional smart card or device. Through its unique infrastructure, ZealiD offers a smartphone solution that utilises specific hardware, software and certifications to keep certificates and keypairs on the server-side.
Get in touch
When should I use a Qualified Electronic Signature?
A Qualified Electronic Signature (QES) can often be a legal requirement. In Europe, many situations require a QES by law and depending on the EU member state, it may also be the mandatory standard for electronic signatures.
Because a QES has the same legal effect as a handwritten signature, it can be used in any situation that would typically require a written signature, such as signing a contract.
In situations where a QES is not mandatory, using one is still a good idea. The high degree of security, ability to validate the signature, reverse burden of proof and peace of mind provided by a QES is irreplicable in any other electronic signature.
What are the legal effects of a Qualified Electronic Signature?
Electronic signatures in all forms are legally valid in EU courts, however, non-standardised Simple and Advanced qualified signatories may be required to prove the security of the technology if the signature is disputed in court. A Qualified Electronic Signature (QES) is the only signature that provides the signatory with a standardised, non-repudiative solution.
In practical terms, this means that a Simple or Advanced Signature may be liable to dispute in court - with all the associated costs and resources required to prove the validity. A QES on the other hand is based on the highest standards set by EU regulation and must be proven invalid by the disputing party rather than valid by the signatory. This means that if a QES is disputed, the burden of proof lies with the disputing party rather than the signatory. This makes using a QES a safer and more economical choice than relying on a less advanced electronic signature and risk having to prove its validity in an EU court.
Want to get a free consultation?
Get in touch
When are Qualified Electronic Signatures most commonly used?
All electronic signatures share some common advantages such as saving time, reducing paper and providing the ability to sign a document remotely. Below are some practical examples of when you might use a Qualified Electronic Signature (QES).
- Signing electronic contracts or documents that require a QES. This could be something like a consumer credit agreement, an employment contract or a tax declaration.
- Signing high risk/value documents. Even if a document doesn’t require the use of a QES by law, it’s highly recommended when dealing with documents such as digitized mortgages and loan securities, as this removes the risk of any contractual party challenging the electronic signature.
- Signing a document to confirm its origin. Signing documents within a company could be considered low-risk, however, for outgoing messages and documents, companies and organisations can use a QES to validate these, using the highest degree of security available. In this case, the QES provides peace of mind through its legal validity and the ability to guarantee the identity of the signer.
- Signing commercial proposals. Processes that require a lot of paperwork are often time-consuming, which means they are also costly, resource-heavy and create more room for human error. The use of a QES can improve the reliability of public procurement processes, and save time and money.
- Signing legal authorisation. Transferring the right to legally act on behalf of a signatory to another party can be useful in many situations. For example, a business may wish to provide an accountant with the mandate to transact on their behalf. Other such situations may be signing, opting in, or consenting to terms and conditions when becoming a new client at a bank.
- Signing confidential or legal documents. Documents of high import such as non-disclosure agreements, material transfer agreements, non-compete agreements and employment contracts should always be signed and sealed using a signature that can be fully validated. These contracts and documents could all end up being contested in a court of law, making a handwritten or qualified electronic signature the best choice to ensure non-repudiation.
How do I know if a document has been signed with a Qualified Electronic Signature?
Validation is one of the greatest benefits of using a Qualified Electronic Signature (QES). Cryptographic evidence in combination with the guaranteed verification of identity are aspects that are highly desirable when it comes to checking and confirming an electronic signature.
There are two ways to validate a QES:
- Adobe Reader
As long as the software is updated with a current version of the EU Trusted List, Adobe Reader can be used to validate a QES, free of charge. This action is done automatically when Adobe Reader is started and does not require any user interaction. You can also choose to open the Signature Panel to investigate the signatures and associated certificates more in-depth. - EU DSS Tool
The EU DSS Tool is a demonstration web app managed directly by the European Commission. To validate a QES, you simply upload the signed document and receive a report of validation.