What Is a Qualified Electronic Signature?

Among the various types of electronic signatures defined under the eIDAS Regulation, a Qualified Electronic Signature guarantees the highest level of security. A user signs a document based on a qualified digital certificate. Due to a highly regulated identity verification process, this certificate gives a trustworthy digital representation of the person’s identity. For example, the ID document information is extracted by reading the NFC chip, and the passport owner is recognised and identified via a sophisticated facial recognition and liveness check process.

What Different Types of Electronic Signatures Are There?

When exploring the different levels of electronic signatures available across Europe, companies needing an electronic signature offering must review the legal requirements specific to the documents and legal acts they intend to use Sign for. The eIDAS Regulation offers three options for electronic signatures, now all covered by Sign, the digital signing solution of CM.com:

(Simple) Electronic Signatures

Article 3 of the eIDAS Regulation defines an “electronic signature” or “simple electronic signature” as follows: “electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. This most basic form of electronic signing does not require a complex technical implementation to deliver digital verification or protect against forgery. Due to the relatively low levels of authenticity guaranteed by this type of signature, it is usually reserved for low-value sales agreements or documents of lesser importance.

Advanced Electronic Signatures (AdES)

“An advanced electronic signature is an electronic signature which is additionally:

• Uniquely linked to and capable of identifying the signatory;

• Created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and;

• Linked to the document so that any subsequent data change is detectable.

This technology relies on using so-called key pairs consisting of a “public key” and mathematically corresponding “private key” and certificates. The keys can be used to encrypt (i.e. the data becomes unreadable) or to sign data (i.e. the data is readable, but a hash of it is generated that can be used to detect subsequent changes to the data and the hash is then encrypted with the private key - the result of which can be used to verify the identity of the signatory).

Qualified Electronic Signatures (QES)

As mentioned, a QES guarantees the highest level of security for electronic signatures due to the digital certificate granted by a Qualified Trust Service Provider (QTSP). Our partner, Digidentity, delivers this digital certificate. The benefit of these types of digital signatures is that they are time efficient, reduce the number of errors made in the process and, due to the high level of trust that a QES carries, ensure a safe feeling for all parties involved. With Digidentity’s user-friendly service, CM.com can offer Qualified Electronic Signatures without compromising convenience and security. The authenticity provided by a QES means they are ideal for highly regulated transactions and are considered the legal equivalent of wet ink signatures.

What Are the Legal Requirements for Electronic Signatures?

The eIDAS Regulation provides the legal justification for electronic signatures. Even for Simple Electronic Signatures, eIDAS stipulates that a signature should not be denied legal effect within legal proceedings “solely on the grounds that it is in an electronic form.” In light of Outside of the EU, the legal validity of electronic signatures may be slightly different. Still, an increasing number of markets worldwide recognise electronic signatures as legally robust and follow the eIDAS standards.

One of the differences between a Simple and an Advanced electronic signature is the required level of authenticity. For example, a Simple Electronic Signature (SES) is defined by eIDAS as “any piece of electronic data attached to or logically associated with other forms of electronic data used by the signatory to sign a document.” Including your name below your email could qualify as an SES.

An Advanced Electronic Signature is subject to some additional requirements; for example that it must be “uniquely linked to and capable of identifying the signatory, created in a way that allows the signatory to retain control, and is linked to the document in a way that any subsequent alteration of the data is detectable.”

Finally, a QES must be created by a Qualified Signature Creation Device (QSCD) and be based on a Qualified Certificate for electronic signatures. According to eIDAS, a Qualified Certificate must include information such as the signatory’s name, corresponding electronic signature validation data, information identifying the certificate’s period of validity from start to finish, and the Qualified Trust Service Providers’ (QTSP) unique certificate identity code. This certificate is automatically attached to the Qualified Electronic Signature at hand. According to eIDAS, a QES is considered the legal equivalent of a handwritten signature.

Does Sign by CM.com offer a Qualified Electronic Signature?

Sign is a Software-as-a-Service (SaaS) provided by CM.com that enables customers to upload documents and then invite signatories to review and sign them. Sign can be used through the web interface designed by CM.com or through an API. The first option provides the full functionality of Sign via the standard interface accessible via any browser as intended by CM.com, and the second option enables customers to integrate Sign’s features into third-party software (e.g. their own DMS).

In its default configuration, Sign by CM.com generates electronic signatures that meet and exceed the requirements imposed by the eIDAS Regulation for simple electronic signatures as meant in Article 3 (10). Furthermore, Sign by CM.com is capable of generating electronic signatures that meet and exceed the requirements imposed by the eIDAS Regulation for advanced electronic signatures in Article 26, provided that the customer selects additional authentication options for the signing process and the means employed by the customer to identify the signatories – before providing that information to CM.com - are sufficiently reliable. Additional authentication options include One Time Password via SMS, IBAN verification, or iDIN, and, expected in Q2 2023, ID Scan.

Sign by CM.com now also supports Qualified Electronic Signature; Qualified Signing by CM.com. Supporting identity verification in the HR, rental, legal, and insurance industries and many others. With the Qualified Electronic Signature, CM.com offers all levels of Electronic Signature according to the eIDAS regulation. With QES functionality, our Sign solution provides users with the highest levels of authenticity, integrity, and trust.

If you are interested in Qualified Electronic Signing, please get in touch with your Account Manager for more information regarding subscriptions and pricing.