Qualified Electronic Signatures (QES)

Documents signed with a qualified electronic signature (QES) benefit from the highest level of security and legal certainty under the eIDAS Regulation. Furthermore, qualified electronic signatures have the same legal value and effect as handwritten signatures across the EU.

With Penneo Sign, users can easily create QES through itsme®, a trusted digital identity solution available in 16 countries.

What is a qualified electronic signature?

A qualified electronic signature is a highly secure type of electronic signature that meets the following requirements set by the eIDAS regulation:

  • It is uniquely linked to the signer.
  • It is capable of reliably identifying the signer.
  • It is connected to the signed data in such a way that any changes to the data after signing are detectable.
  • It is created using signature creation data that is under the exclusive control of the signer.
  • It is generated by a qualified electronic signature creation device.
  • It is based on a qualified certificate issued by a Qualified Trust Service Provider (QTSP).

What sets qualified electronic signatures apart from other types of electronic signatures?

Although all electronic signatures allow for the digital signing of documents, their probative value is determined by the level of security they provide.

The eIDAS Regulation defines three types of electronic signatures, each offering different levels of security and legal effect, as shown in the table below.

Signature typeLevel of securitySigner authenticationContent integrityNon-repudiationBased on a qualified certificate issued by a QTSPCreated by a qualified electronic signature creation deviceLegal effectBased on ETSI StandardsSealed under PAdES Standard (by Penneo)
Standard electronic signatures (SES)LowNoNoNoNoNoYes, but only in some casesNoYes
Advanced electronic signatures (AES)MediumYesYesYesNoNoYes, in most casesYesYes
Qualified electronic signatures (QES)HighYesYesYesYesYesYes, in all casesYesYes

Qualified electronic signatures stand out from other types of electronic signatures due to their high level of security, granting them the same legal validity as handwritten signatures throughout all European countries.

What is a qualified certificate?

A qualified certificate is a digital certificate issued by a qualified trust service provider (QTSP) and contains the following elements:

  1. an indication that it is a qualified certificate for electronic signature;
  2. an indication of the qualified trust service provider issuing the certificate and the Member state where the QTSP is established;
  3. the name of the signatory, or a pseudonym;
  4. electronic signature validation data that corresponds to the electronic signature creation data;
  5. details of the beginning and end of the certificate’s period of validity;
  6. the certificate identity code, which must be unique for the qualified trust service provider;
  7. the advanced e-signatures or e-seal of the issuing qualified trust service provider and location.
Qualified certificate for electronic signature
Subject name John Doe
Certificate serial number 01946783
Public key info  
  • Algorithm identifier
RSA
  • Public key value
013N5S8L40FKS
  • Key size
2048
  • Exponent
65437
  • Modulus
EE:GE:69:7A:32:A l:D6:4E:F8:Q2…
Validity period 2 years
  • Not before
26/12/2021
  • Not after
25/12/2023
Issuer Name  
  • Country
US
  • Organization
Let’s encrypt
  • Issuer identifier
FH02NT83625BF
  • Algorithm identifier
RSA
Certificate Authority’s digital signature 10904J871N7903MH82G43KO…

What is a qualified electronic signature creation device (QESCD)?

A Qualified Electronic Signature Creation Device (QESCD) is the hardware or software used to create qualified electronic signatures. It becomes „qualified“ when it meets the requirements laid down in Annex II of the eIDAS regulation.

Using a QESCD enhances the security of digital certificates, reducing the risk of forgery or unauthorized replication. It also provides higher legal certainty for the qualified electronic signatures generated with it.

A QESCD can take different forms:

  • Physical devices: These include objects like smartcards or USB tokens that the signer physically possesses, often used in combination with a PIN code for signing (similar to a one-time code viewer for online banking access)
  • Remote devices: These are electronic, intangible objects that do not need to be in the physical possession of the signer but are managed remotely by a QTSP. Remote qualified e-signature creation devices offer a more convenient user experience while maintaining the same high level of legal certainty.

What are the key benefits of qualified electronic signatures?

Here are some of the key benefits that qualified electronic signatures bring to organizations and individuals:

  • Cross-border interoperability: QES are legally recognized across all EU member states, making them ideal for international transactions within Europe.
  • Higher levels of trust and confidence: QES offer the highest level of security, allowing for safe, trustworthy, and convenient electronic transactions.
  • Enhanced security: QES mitigate the risk of fraud, forgery, and tampering by identifying the signer(s) and ensuring the integrity of the signed document(s).
  • Improved signing experience: With faster, secure, and convenient signing processes, QES improve the overall experience for everyone involved.
  • Improved efficiency: By digitizing signing processes, organizations can reduce manual work and significantly cut operational expenses.

How can you tell if a document has been signed with a qualified electronic signature?

When viewing a signed PDF, you typically won’t see any explicit reference to the type of e-signature (simple, advanced, or qualified) used. The signing software usually doesn’t display this information directly on the document.

However, this information can still be accessed through other means. To determine if a document has been signed with a qualified electronic signature, you can use a PDF reader or a signature validation tool (such as Penneo’s validator or the EU Commission’s signature validator).

Read more on how to verify the validity of a digital signature.

Creating qualified electronic signatures (QES) via Penneo Sign

Penneo Sign enables users to create qualified electronic signatures (QES) using itsme®, a secure digital identity solution. Initially launched in Belgium, itsme® has expanded to 16 countries, providing more individuals with a trusted and reliable method for digital signing.

As a result, Penneo users can now generate digital signatures that hold the same legal standing as handwritten signatures and are fully recognized for cross-border transactions across Europe.

Explore more resources

eIDAS 2.0

Die Novellierung der eIDAS-Verordnung: Bedeutung für digitale Transaktionen und Identitätsverifizierung

READ MORE

9 Empfehlungen für die Wahl eines geeigneten KYC-Systems

READ MORE

Geldwäschegesetz-Konformität in der Buchhaltungsbranche

READ MORE