Electronic signatures are a fundamental part of today’s digital economy. They are a key component of digital transformation and a major instrument for growth through remote services and optimization of operational costs. To guarantee the legality and security of using e-signatures, the EU has put in place the eIDAS Regulation.
What is an Electronic Signature?
An electronic signature is a digital representation of an individual's intention to agree to the contents of a document and prove authorship. Similar to a traditional signature, it provides legal proof for authenticity, identity, integrity, and intent. Electronic signatures are commonly used in various online contexts, such as signing contracts, applications, forms, official documents, etc. Electronic signatures can take various forms, including typed names, digital images of handwritten signatures, encrypted codes, or biometric identifiers like fingerprints or facial scans. The legality and acceptance of electronic signatures vary by jurisdiction, often subject to specific regulations and standards.
Legal Framework for Electronic Signatures in the EU
The EU Regulation No 910/2014, commonly known as the eIDAS Regulation, provides a regulatory environment for electronic identification and trust services for electronic transactions in the European Union. This law regulates the use of electronic signatures, ensuring that they are recognized and legally valid across all EU Member States.
Types of Electronic Signatures
The eIDAS regulation defines 3 types of electronic signatures:
Basic Electronic Signature (BES) - The simplest form of electronic signature, offering minimal security features. With no technical requirements, the basic e-signature can be a scanned signature image, a signature under an email, or clicking an “I accept” button on a website. Parties involved need to agree to accept the signature for it to have the value of a handwritten one.
Advanced Electronic Signature (AES) - A more secure option, that makes it possible to identify the signatory and is uniquely linked to them. It is created in a way that allows the signatory to retain control and secures the integrity of the signed data in a way, that any changes are detectable. Usually, those signatures are implemented using public key infrastructure (PKI), which involves the use of certificates and cryptographic keys. Like the basic e-signature, consent from the parties is required for legal validity.
Qualified Electronic Signature (QES) - The most advanced form of electronic signature, and the only one that is equal to a handwritten signature by law. It requires that a Qualified Trust Service Provider (QTSPs) verifies the identity and issues a qualified certificate for the signature owner. The signature must be created in a secure environment using a qualified signature creation device. Unlike the other two types, if anyone wants to challenge the validity of the signature, it’s up to them to provide proof for their claim.
Qualified vs. Advanced and Basic Electronic Signatures
All three BES, AES, and QES have legal recognition according to eIDAS. However, QES holds far greater weight in legal disputes and is usually required for important agreements or between parties that are unfamiliar with each other. The main difference is that if QES is challenged, the challenger bears the burden of proof that the signature is not valid or authentic. The legal value of BES and AES should be regulated by law in every single country, while QES must be treated as equal to a handwritten signature across all EU countries.
Also, QTSPs are responsible for correctly identifying individuals and attesting to the personal data of the signatory into a qualified certificate. Certificates for QES are issued by QTSPs in a highly protected environment. QTSPs are legally obligated to have insurance that covers any negligence in issuing qualified certificates to the right persons. Because of the measures used to guarantee the highest levels of security and trust, QES implementation is often less affordable compared to AES or BES.
AES and BES are sufficient for many types of transactions. However, for transactions involving financial agreements, property purchases, e-government, e-justice, or other high-stakes contracts, a QES is often required. In some legislations, qualified signatures are required for labor contracts and other HR use cases.
The Value of a Qualified Electronic Signature (QES)
The QES is the only legally recognized form of electronic signature that holds the same legal weight as a handwritten signature. This special e-signature adheres to tight regulations and requires a qualified digital certificate to be issued to the signatory by a registered Qualified Trust Service Provider (QTSP). The qualified certificates are created in a certified highly protected environment, following strong cryptography principles and techniques utilizing public-key infrastructure (PKI). To comply with eIDAS requirements, QTSPs verify the signatory's identity and ID documents' authenticity. QTSOs are subject to regular audits and are supervised by the government. The official list of QTSPs in Europe can be found here. QES is often required for high-value contracts and sensitive documents because contracts signed with QES are considered valid and it’s up to the disputing party to prove the signature is invalid.
Qualified eSignatures by Evrotrust
Acquiring a QES by Evrotrust is easy and requires a smartphone and 3 minutes for registration in the Evrotrust app - no USB drives, card readers, or other peripherals. No need for physical visitations for identity verification. Once your qualified certificate for e-signature is issued you can use it unlimited times to remotely e-sign any documents anywhere, at any time!
Features of QES by Evrotrust
Authentication - QES by Evrotrust employs robust authentication mechanisms to verify the identity of the signatory. This involves multi-factor authentication, facial recognition, and biometric data.
Integrity - QES by Evrotrust guarantees that the content of the document has not been altered since it was signed. Any tampering with the document after the signature invalidates the signature itself.
Non-Repudiation - QES by Evrotrust prevents signatories from denying their participation in the signing process. This is achieved through the use of cryptographic techniques that bind the signature to the signatory.
Regulatory Compliance - Evrotrust is a registered QTSP, officially listed in the Trusted List of the EU Commission and issues qualified certificates for electronic signatures meeting the highest industry standards.
Benefits of Using QES by Evrotrust
- Efficiency: Documents are signed and exchanged electronically, reducing the cost, time, and people needed for moving, printing, and storing. Digital workflows also minimize the risk of errors associated with manually handling data on paper copies.
- Security & Compliance: QES by Evrotrust offers a high level of security through encryption and authentication mechanisms, minimizing the risk of fraud and unauthorized access. QES adheres to international standards, making it suitable for cross-border transactions and collaborations.
- Improved Satisfaction: Happy customers can sign with you remotely at their own convenience and employees can focus on creative tasks and not paper pushing.
Environmental Impact: By eliminating the need for paper-based processes, QES contributes to a more sustainable and eco-friendly business environment, supporting your organization’s ESG strategy. - Interoperability: QES by Evrotrust is recognized across the EU since it’s based on standardized technologies. Our signatures can be used across borders with the same legal effect.
The Easiest QES Registration
1. The user needs to register in the Evrotrust mobile application (iOS / Android / Huawei) or in your organization’s mobile app, through Evrotrust white label SDK integration.
2. Using the phone camera, the user scans their ID document and takes a biometric selfie with a face match.
3. Evrotrust performs identity verification of the user in real time and issues their qualified certificate in a few seconds.
4. Done! The user is ready to e-sign with QES the required documents directly into your organization’s or Evrotrust’s app.
*Whether you're a multinational corporation or an ambitious startup, understanding the significance of qualified electronic signatures is a pivotal step toward staying competitive in the evolving landscape of electronic business transactions.