Qualified Electronic Signature (QES)

What is a Qualified Electronic Signature (QES)?

A qualified electronic signature (QES) is a special form of electronic signature that meets the strictest EU requirements for authenticating the identity of the signatory and the integrity of the document. It is recognized under the European Union’s eIDAS regulation (electronic identification and trust services for electronic transactions in the internal market) as legally equivalent to a handwritten signature.

The QES is based on a qualified certificate for electronic signatures, which is only issued by an authorized trust service provider (TSP). This certificate contains data to identify the signatory and is linked to electronic signature creation data that the signatory has under their sole control.

To create a QES, the signatory requires a digital certificate issued by a qualified trust service provider. The process usually involves a rigorous identity check of the signer by the provider. After verification, the signatory can electronically sign documents using a secure signature creation tool (e.g., special software or a special hardware device).

The qualified electronic signature offers a high level of security. Therefore, it is often used for official documents, contracts and other legally binding documents in a digital format where the identity of the signatory must be proven beyond doubt, and the immutability of the document must be guaranteed.

How do you create a qualified electronic signature?

The creation of a qualified electronic signature (QES) via WebID follows a multi-step process that aims to securely verify the user’s identity and provide them with a qualified certificate for signature creation. WebID offers an online identity verification that simplifies and accelerates the process of creating a QES by enabling the necessary identity verification and certificate issuance digitally and remotely.

1. Identity verification: Identification can be carried out using various methods, including video call (VideoID), online banking (AccountID), online ID card (eID) or on-site, for example, at the point of sale. These methods are MLA-compliant and provide a legally secure basis for creating a QES.
2. View contract and accept terms of use: After successful identification, customers can view the contract and accept the terms of use. This step ensures that all parties understand and agree to the terms of the contract.
3. Sign the contract by entering an OTP: Finally, the contract is signed by entering a One-Time Password (OTP), which is sent by SMS. The contract is legally signed when the OTP is entered. This step confirms the user’s consent to the contract and completes the creation of the qualified electronic signature.

The entire process is designed to offer users a user-friendly, legally compliant and fast way to sign contracts online, with the security and legal validity of a qualified electronic signature.

What is the legal significance of a qualified electronic signature?

The qualified electronic signature (QES) has a fundamental legal significance within the European Union. It is defined by the eIDAS regulation (regulation on electronic identification and trust services for electronic transactions in the internal market). This regulation aims to strengthen trust in electronic transactions in the European internal market by creating a common framework for electronic signatures and related services.

One of the most important legal characteristics of the QES is its equivalence with handwritten signatures. This means that documents signed electronically with a QES enjoy the same legal validity and recognition as traditionally hand-signed documents. This equality facilitates the use of electronic signatures in a wide range of legal and business processes and promotes digitization.

The QES enjoys a high level of trustworthiness due to the strict requirements that apply to its creation. This includes the identification of the signatory by a qualified trust service provider and the use of secure signature creation devices. These measures guarantee the authenticity and integrity of the signature and the signed document, which in turn strengthens the trust of the parties involved in electronic transactions.

Another key aspect of the QES is cross-border recognition within the EU, which simplifies electronic commerce and digital transactions. QES contributes to non-repudiation by providing strong evidence of the identity of the signatory and the immutability of the document, which further increases the legal certainty of electronic transactions.

In addition, QES and its providers must meet specific technical and organizational security requirements set out in the eIDAS regulation and associated technical standards. These high security standards ensure the secure creation, management and storage of qualified electronic signatures.

Finally, in accordance with the General Data Protection Regulation (GDPR), strict data protection measures must be observed, especially with regard to the processing of personal data necessary for the creation and management of QES. This ensures that users’ privacy remains protected while they enjoy the benefits of digital signatures.

What are the differences between a QES and other types of electronic signatures?

The eIDAS regulation of the European Union defines three main types of electronic signatures: the simple electronic signature (SES), the advanced electronic signature (AES) and the qualified electronic signature (QES). Each of these signatures has specific characteristics and areas of application that make them suitable for different purposes. Here are the main differences:

Simple Electronic Signature (SES): The SES is the most basic form of electronic signature. It includes any type of electronic data that is used to identify the signatory or to express approval of an electronic document. Examples include a scanned signature, a clicked checkbox or an e-mail signature. The SES does not provide a basic level of security as it does not prescribe a specific technology for verifying the identity of the signatory or the integrity of the signature.

Advanced electronic signature (AES): An AES offers a higher level of security than an SES. It must be created in such a way that clear identification and authentication of the signatory is possible. It must also ensure that the data used to create the signature is exclusively under the control of the signatory and that any subsequent changes to the document are recognizable. The AES offers more security and trustworthiness than an SES, as it binds the identity of the signatory more strongly to the signature and protects the integrity of the signed document.

Qualified electronic signature (QES): The QES is the most secure and legally binding form of electronic signature in accordance with the eIDAS regulation. It meets all the requirements of an AES and is also based on a qualified certificate for electronic signatures issued by an approved trust service provider. The QES offers the highest level of security and is recognized throughout the EU as equivalent to a handwritten signature. This makes it particularly suitable for legally binding transactions and documents where a high level of trustworthiness is required.

To summarize, the differences between these signatures are mainly found in the security levels, the legally binding force, the specific requirements for the identification of the signatory and the integrity of the signature. While SES may be sufficient for everyday low-risk transactions, AES and especially QES offer additional security and authentication features that make them essential for more confidential and legally binding electronic transactions.

How does the QES differ from the digital signature?

The distinction between a qualified electronic signature (QES) and a digital signature is mainly based on legal frameworks and security standards. The digital signature generally refers to technologies that use cryptographic methods to ensure the authenticity and integrity of electronic data and is not specifically defined by legal requirements. In contrast, a QES is a special type of digital signature that is subject to strict requirements in accordance with the European Union’s eIDAS regulation. It requires a qualified certificate from an approved trust service provider and must be created using a secure signature creation device, which gives it the same legal effect in the EU as a handwritten signature. As such, QES represents the highest standard for the security, legal validity and trustworthiness of electronic documents and transactions within the EU, while digital signatures cover a broader category of technologies without specific legal requirements.

What types of transactions and documents can a QES be used for?

A qualified electronic signature (QES) can be used for a wide range of transactions where a legally binding signature is required. This includes, but is not limited to:

1. Conclusion of contracts: Sales contracts, rental agreements, service contracts, employment contracts and other types of agreements between businesses or between businesses and consumers.
2. Financial transactions: Credit agreements, bank documents, financial statements and other financial obligations.
3. Legal documentation: Court filings, legal filings, powers of attorney and other official documents submitted to authorities.
4. Human Resources: Signing employment contracts, privacy statements, consent forms and other personnel-related documents.
5. Government and administrative documents: Applications, permits, licenses and other documents required as part of interactions with state and local authorities.
6. Healthcare: Patient consents, medical reports and other documentation in the healthcare sector.
7. Corporate governance: documents related to corporate governance, such as minutes of board meetings, annual reports, and shareholder resolutions.

The flexibility and legal recognition of QES make it possible to digitally sign and validate almost any transaction or documentation that traditionally requires a handwritten signature, significantly simplifying and speeding up processes.

How can qualified electronic signatures optimize business processes between companies?

Qualified electronic signatures (QES) are revolutionizing business processes between companies by significantly accelerating and simplifying them. By enabling contracts and documents to be signed quickly and securely online, the need for physical meetings and the sending of paper documents is eliminated, resulting in a considerable acceleration of contract conclusions. Reducing paperwork through digital documents not only lowers material and administrative costs but also improves document management through easier archiving, searching and access. In addition, the use of QES increases the security of documents by providing strong authentication and ensuring immutability, minimizes the risk of forgery and supports compliance with legal and regulatory requirements thanks to the legal recognition of QES under the eIDAS regulation.

In addition, QES promotes international business through its recognition in the EU and beyond. It also improves the customer experience by digitizing processes and contributes to environmental friendliness and sustainability by reducing paper consumption. Implementing QES in business processes enables companies to increase efficiency and reduce costs while ensuring the security and compliance of their transactions.

How long is a qualified electronic signature valid?

The validity period of a qualified electronic signature (QES) depends on the validity period of the underlying qualified certificate used to create the signature. An authorized trust service provider issues a qualified certificate, which usually has a limited period of validity, often between one and three years. At the end of this period, the certificate must be renewed in order to continue to create a valid QES.

It is important to note that the validity of the signature itself – i.e., the fact that a document was signed at a certain point in time – does not expire. Once signed, documents remain legally binding even if the certificate with which the signature was created expires. The only thing that changes is the ability to create new signatures after the certificate expires until a new certificate is purchased.

Additional measures such as time stamps and archiving solutions can be used to ensure the long-term verifiability of QES, especially for documents that must remain legally relevant for many years. These techniques help to preserve the integrity and authenticity of signed documents over time, even when the original certificates have long since expired.

Are there restrictions on the use of QES in certain industries or countries?

Industry-Specific Restrictions

• Healthcare: In some countries, patient data and medical reports can only be electronically signed under certain conditions due to strict data protection regulations and security requirements. Therefore, the use of QES may be subject to specific regulations in those countries.
• Financial Sector: Banks and financial institutions are often subject to stringent compliance requirements that can impact the use of QES. For example, additional security measures or verification processes may be required for certain financial transactions.
• Public Sector: Although QES can be used in many areas of public administration, there are cases where physical signatures or special forms of electronic signatures are required.

Country-Specific Restrictions

• EU Member States: Within the EU, the use of QES is regulated by the eIDAS regulation, which ensures broad recognition and interoperability among member states. However, individual countries may have additional specific regulations.
• Outside the EU: The recognition and legal effectiveness of QES vary widely. Some countries have their own standards and laws for electronic signatures that may differ from eIDAS standards. This can affect the cross-border recognition of QES.
• Jurisdictions with Special Requirements: In some jurisdictions, additional certifications or accreditations may be required to enable trust service providers to offer QES.