Documents signed with a qualified electronic signature (QES) benefit from the highest level of security and legal certainty under the eIDAS Regulation. Furthermore, qualified electronic signatures have the same legal value and effect as handwritten signatures across the EU.
With Penneo Sign, users can easily create QES through itsme®, a trusted digital identity solution available in 16 countries.
What is a qualified electronic signature?
A qualified electronic signature is a highly secure type of electronic signature that meets the following requirements set by the eIDAS regulation:
- It is uniquely linked to the signer.
- It is capable of reliably identifying the signer.
- It is connected to the signed data in such a way that any changes to the data after signing are detectable.
- It is created using signature creation data that is under the exclusive control of the signer.
- It is generated by a qualified electronic signature creation device.
- It is based on a qualified certificate issued by a Qualified Trust Service Provider (QTSP).
What sets qualified electronic signatures apart from other types of electronic signatures?
Although all electronic signatures allow for the digital signing of documents, their probative value is determined by the level of security they provide.
The eIDAS Regulation defines three types of electronic signatures, each offering different levels of security and legal effect, as shown in the table below.
Signature type | Level of security | Signer authentication | Content integrity | Non-repudiation | Based on a qualified certificate issued by a QTSP | Created by a qualified electronic signature creation device | Legal effect | Based on ETSI Standards | Sealed under PAdES Standard (by Penneo) |
---|---|---|---|---|---|---|---|---|---|
Standard electronic signatures (SES) | Low | No | No | No | No | No | Yes, but only in some cases | No | Yes |
Advanced electronic signatures (AES) | Medium | Yes | Yes | Yes | No | No | Yes, in most cases | Yes | Yes |
Qualified electronic signatures (QES) | High | Yes | Yes | Yes | Yes | Yes | Yes, in all cases | Yes | Yes |
Qualified electronic signatures stand out from other types of electronic signatures due to their high level of security, granting them the same legal validity as handwritten signatures throughout all European countries.
What is a qualified certificate?
A qualified certificate is a digital certificate issued by a qualified trust service provider (QTSP) and contains the following elements:
- ❶ an indication that it is a qualified certificate for electronic signature;
- ❷ an indication of the qualified trust service provider issuing the certificate and the Member state where the QTSP is established;
- ❸ the name of the signatory, or a pseudonym;
- ❹ electronic signature validation data that corresponds to the electronic signature creation data;
- ❺ details of the beginning and end of the certificate’s period of validity;
- ❻ the certificate identity code, which must be unique for the qualified trust service provider;
- ❼ the advanced e-signatures or e-seal of the issuing qualified trust service provider and location.
Qualified certificate for electronic signature ❶ | |
---|---|
Subject name ❸ | John Doe |
Certificate serial number ❻ | 01946783 |
Public key info ❹ | |
| RSA |
| 013N5S8L40FKS |
| 2048 |
| 65437 |
| EE:GE:69:7A:32:A l:D6:4E:F8:Q2… |
Validity period ❺ | 2 years |
| 26/12/2021 |
| 25/12/2023 |
Issuer Name ❷ | |
| US |
| Let’s encrypt |
| FH02NT83625BF |
| RSA |
Certificate Authority’s digital signature ❼ | 10904J871N7903MH82G43KO… |
What is a qualified electronic signature creation device (QESCD)?
A Qualified Electronic Signature Creation Device (QESCD) is the hardware or software used to create qualified electronic signatures. It becomes „qualified“ when it meets the requirements laid down in Annex II of the eIDAS regulation.
Using a QESCD enhances the security of digital certificates, reducing the risk of forgery or unauthorized replication. It also provides higher legal certainty for the qualified electronic signatures generated with it.
A QESCD can take different forms:
- Physical devices: These include objects like smartcards or USB tokens that the signer physically possesses, often used in combination with a PIN code for signing (similar to a one-time code viewer for online banking access)
- Remote devices: These are electronic, intangible objects that do not need to be in the physical possession of the signer but are managed remotely by a QTSP. Remote qualified e-signature creation devices offer a more convenient user experience while maintaining the same high level of legal certainty.
What are the key benefits of qualified electronic signatures?
Here are some of the key benefits that qualified electronic signatures bring to organizations and individuals:
- Cross-border interoperability: QES are legally recognized across all EU member states, making them ideal for international transactions within Europe.
- Higher levels of trust and confidence: QES offer the highest level of security, allowing for safe, trustworthy, and convenient electronic transactions.
- Enhanced security: QES mitigate the risk of fraud, forgery, and tampering by identifying the signer(s) and ensuring the integrity of the signed document(s).
- Improved signing experience: With faster, secure, and convenient signing processes, QES improve the overall experience for everyone involved.
- Improved efficiency: By digitizing signing processes, organizations can reduce manual work and significantly cut operational expenses.
How can you tell if a document has been signed with a qualified electronic signature?
When viewing a signed PDF, you typically won’t see any explicit reference to the type of e-signature (simple, advanced, or qualified) used. The signing software usually doesn’t display this information directly on the document.
However, this information can still be accessed through other means. To determine if a document has been signed with a qualified electronic signature, you can use a PDF reader or a signature validation tool (such as Penneo’s validator or the EU Commission’s signature validator).
Read more on how to verify the validity of a digital signature.
Creating qualified electronic signatures (QES) via Penneo Sign
Penneo Sign enables users to create qualified electronic signatures (QES) using itsme®, a secure digital identity solution. Initially launched in Belgium, itsme® has expanded to 16 countries, providing more individuals with a trusted and reliable method for digital signing.
As a result, Penneo users can now generate digital signatures that hold the same legal standing as handwritten signatures and are fully recognized for cross-border transactions across Europe.