electronic-signature

QES signature: Meaning and Application

A QES signature (qualified electronic signature) is an advanced electronic signature (AES) based on a qualified certificate and created by a qualified electronic signature creation device (QSCD).

Blog post cover image: cover.jpg

What is an electronic signature?

An electronic signature is an electronic indication of a person’s intention to agree to the content of a document to which the signature relates. This means that an electronic signature, just like its handwritten counterpart, is a proof of identity and intent in a digital environment and a legitimate means of obtaining approval of electronic documents. A QES signature is one of 3 types of electronic signature (standard, advanced, qualified).

The regulation standardizing electronic signatures in the EU is called eIDAS, which stands for electronic identification, authentication and trust services. This legislation creates a legal structure for electronic identification in Europe and outlines EU standards and compliance.

What is a QES signature?

A QES signature (qualified electronic signature) has all the security features of an advanced electronic signature, but also uses a qualified certificate and multi-factor verification to identify the signer. It is the only signature that is explicitly recognized in all EU member states as the legal equivalent of a handwritten signature. A QES signature is secured by a third party and requires verification and standardized methods that imply the highest level of security and trust protocols.

Qualified certificates for the QES signature are provided by providers (public and private) that have been granted a qualified status by a competent national authority, as indicated in the national lists of the EU Member State. These lists can be accessed via the browser.

While different levels of electronic signatures may be appropriate in different contexts, only QES signatures are explicitly recognized to have the same legal effect as handwritten signatures throughout the EU.

When should I use a QES signature?

To determine which electronic signature meets my needs, consider the following four key elements:

  1. authenticity: does the signature need to be unique?
  2. identity: does the signature require identity verification?
  3. integrity: should the signature be able to detect subsequent data changes?
  4. authentication: does the signer have complete control over the signature?

If the answer to all of the above questions is yes, then a QES signature is the right solution. And even if this is not the case, a QES signature is still the most secure method and can even be considered more secure than a handwritten signature. The reversal of the burden of proof, the ability to validate the signature and the guaranteed verification of identity provide additional security benefits.

A QES signature can only be issued by a Qualified Trust Service Provider (QTSP) that is supervised by a Member State regulator and included in national trust lists. QTSPs are highly regulated and must pass all eIDAS compliance checks.

In addition, QES signatures can only be created using a Qualified Signature Creation Device (QSCD) with specialized software and hardware.

Use cases for a QES signature

The QES signature is suitable for signature operations that pose significant risks or take place within a strict legal framework, for example:

  • Signing electronic contracts or documents that require a QES signature (e.g., consumer credit agreement).
  • Signing of documents with high risk/value
  • Signing a legal authorization
  • Signing confidential or legal documents

For all other types of documents, the QES signature is not strictly required.

It is perfectly acceptable to use an advanced electronic signature, which is easier to set up, more flexible for signers, and yet sufficiently secure. Thus, the use of a QES signature should be limited to specific uses and areas of activity. Finally, given the cumbersome nature of the process of a QES signature, it is essential to strike a balance between the security needs of the organization and the flexibility of implementation and use.

How do I know if a document has been signed with a QES signature?

Validation is one of the biggest benefits of using a QES signature. Cryptographic proof combined with guaranteed verification of identity is an essential basis to verify and validate an electronic signature.

There are two ways to validate a QES signature:

1. Adobe Reader

As long as the software is updated with a current version of the EU Trusted List, Adobe Reader can be used to validate a QES signature free of charge. This action occurs automatically when Adobe Reader is launched and requires no user interaction. You can also open the Signatures panel to examine the signatures and associated certificates in more detail.

2. EU DSS Tool

The EU DSS Tool is a demonstration web application managed directly by the European Commission. To validate a QES signature, one simply uploads the signed document and receives a report of the validation.

There are different benefits to using the two tools. Adobe Reader is a widely integrated software and can validate documents with QES signature in an offline environment as long as it is updated. This option is best suited for desktop use and in cases where a validation report is not needed. The EU DSS tool is mobile friendly and since it requires an internet connection, documents can be uploaded and the report then downloaded directly to the device. This report can then be used as a paper QES signature validation certificate.

Date published:
Author: Portrait
Markus Presle

Contracts can be enjoyable. Get started with fynk today.

Companies using fynk's contract management software get work done faster than ever before. Ready to give valuable time back to your team?

Schedule demo