What Is a Qualified Electronic Signature?

A Qualified Electronic Signature is an e-signature accompanied by a qualified certificate to ensure the highest levels of authenticity & originality. A QES verifies the signer’s identity with a legitimacy level that equals the legal value & effect of a traditional handwritten signature in Europe.

Among the various types of electronic signatures defined under the eIDAS Regulation, a Qualified Electronic Signature guarantees the highest level of security. A user signs a document based on a qualified digital certificate. This certificate gives a trustworthy digital representation of the person’s identity, due to a highly regulated identity verification process. For example, the ID document information is extracted by reading the NFC chip, and the owner of the passport is recognized and identified via a sophisticated facial recognition and liveness check process. 

What Different Types of Electronic Signatures Are There?

When exploring the different levels of electronic signatures available across Europe, companies needing an electronic signature offering need to review the legal requirements specific to the documents and legal acts they intend to use Sign for. The eIDAS Regulation offers three options of electronic signatures, all covered by Sign, the digital signing solution of CM.com:

(Simple) Electronic Signatures

Article 3 of the eIDAS Regulation defines an “electronic signature” or “simple electronic signature” as follows: “electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. This most basic form of electronic signing does not require complex technical implementation to deliver digital verification or protect against forgery. Due to the relatively low levels of authenticity guaranteed by this type of signature, it is usually reserved for low-value sales agreements or documents of lesser importance.

Advanced Electronic Signatures (AdES)

“An advanced electronic signature is an electronic signature which is additionally:

  • Uniquely linked to and capable of identifying the signatory;
  • it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and;
  • linked to the document in a way that any subsequent change of the data is detectable.

This technology relies on the use of so-called key pairs consisting of a “public key” and mathematically corresponding “private key”, as well as certificates. The keys can be used to encrypt (i.e. the data becomes unreadable) or to sign data (i.e. the data is readable but a hash of it is generated that can be used to detect subsequent changes to the data and the hash is then encrypted with the private key - the result of which can be used to verify the identity of the signatory).

Qualified Electronic Signatures (QES)

As mentioned previously, a QES guarantees the highest level of security for electronic signatures due to the digital certificate granted by a Qualified Trust Service Provider (QTSP). The authenticity offered by a QES means they are ideal for highly regulated transactions and are considered the legal equivalent of wet ink signatures.

What Are the Legal Requirements for Electronic Signatures?

The eIDAS Regulation provides the legal justification for electronic signatures. Even for Simple Electronic Signatures, eIDAS stipulates that a signature should not be denied legal effect within legal proceedings “solely on the grounds that it is in an electronic form.” In light of this regulation, a QES is viewed as the legal equivalent of a handwritten signature.

Outside of the EU, the legal validity of electronic signatures may be slightly different, but an increasing number of markets worldwide recognize electronic signatures as legally robust and follow the eIDAS standards.

One of the differences between a Simple and an Advanced electronic signature is the required level of authenticity. A Simple Electronic Signature (SES), for example, is defined by eIDAS as “any piece of electronic data that is attached to or logically associated with other forms of electronic data used by the signatory to sign a document.” As such, including your name below your email could qualify as a SES.

An Advanced Electronic Signature is subject to some additional requirements, for example that it must be “uniquely linked to and capable of identifying the signatory, created in a way that allows the signatory to retain control, and is linked to the document in a way that any subsequent alteration of the data is detectable.” Finally, a QES must be created by a Qualified Signature Creation Device (QSCD) and be based on a Qualified Certificate for electronic signatures.

How to Get a Qualified Electronic Signature?

Although acquiring a Qualified Electronic Signature may sound relatively complicated, the process is surprisingly simple. Mobile-enabled Qualified Electronic Signature solutions, like CM.com’s Sign solution, can verify the signer's identity using data extraction from an ID document, facial recognition technology and a liveness check fully automatically. After this step, a qualified certificate is created to verify that the signature is associated with the relevant document.

According to eIDAS, a Qualified Certificate must include information such as the signatory’s name, corresponding electronic signature validation data, information identifying the certificate’s period of validity from start to finish, and the Qualified Trust Service Providers’ (QTSP) unique certificate identity code. This certificate is automatically attached to the Qualified Electronic Signature at hand.

Does Sign by CM.com offer a Qualified Electronic Signature?

Sign is a Software-as-a-Service (SaaS) provided by CM.com that enables customers to upload documents and then invite signatories to review and sign them. Sign can be used through the web interface designed by CM.com or through an API. The first option provides the full functionality of Sign via the standard interface accessible via any browser as-intended by CM.com and the second option enables customers to integrate Sign’s features into 3rd party software (e.g. their own DMS).

CM.com also provides additional authentication options for Dossier Owners. Signatories can be authenticated by means of just their e-mail address, but also their phone number (One Time Password via SMS), IBAN verification, or iDIN. CM.com has stated that it intends to roll out an additional service in Q4 2022 that its customers may use to verify a signatory’s identity: Global ID Scan.

CM.com Sign in its default configuration generates electronic signatures that meet and exceed the requirements imposed by the eIDAS Regulation for simple electronic signatures as meant in Article 3 (10). Furthermore, CM.com Sign is capable of generating electronic signatures that meet and exceed the requirements imposed by the eIDAS Regulation for advanced electronic signatures in Article 26, provided that additional authentication options are selected by the customer for the signing process, and the means employed by the customer to identify the signatories – prior to providing that information to CM.com - are sufficiently reliable

Sign by CM.com, our Digital Signing solution, will be ready to offer Qualified Electronic Signatures within the next few months, supporting identity verification in the HR, rental, legal, and insurance industries, as well as many others. With the Qualified Electronic Signature CM.com offers all levels of Electronic Signature according to the eIDAS regulation. With QES functionality, our Sign solution provides users with the highest levels of authenticity, integrity, and trust.

Related Products and Solutions

Is this region a better fit for you?