A Qualified Electronic Signature is an e-signature accompanied by a qualified certificate to ensure the highest levels of authenticity & originality. A QES verifies the signer’s identity with a legitimacy level that equals the legal value & effect of a traditional handwritten signature in Europe.
Among the various types of electronic signatures defined under the eIDAS Regulation, a Qualified Electronic Signature guarantees the highest level of security. A user signs a document based on a qualified digital certificate. This certificate gives a trustworthy digital representation of the person’s identity, due to a highly regulated identity verification process. For example, the ID document information is extracted by reading the NFC chip, and the owner of the passport is recognized and identified via a sophisticated facial recognition and liveness check process.
When exploring the different levels of electronic signatures available across Europe, companies needing an electronic signature offering need to review the legal requirements specific to the documents and legal acts they intend to use Sign for. The eIDAS Regulation offers three options of electronic signatures, now all covered by Sign, the digital signing solution of CM.com:
Article 3 of the eIDAS Regulation defines an “electronic signature” or “simple electronic signature” as follows: “electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. This most basic form of electronic signing does not require complex technical implementation to deliver digital verification or protect against forgery. Due to the relatively low levels of authenticity guaranteed by this type of signature, it is usually reserved for low-value sales agreements or documents of lesser importance.
“An advanced electronic signature is an electronic signature which is additionally:
Uniquely linked to and capable of identifying the signatory;
created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and;
linked to the document in a way that any subsequent change of the data is detectable.
This technology relies on the use of so-called key pairs consisting of a “public key” and mathematically corresponding “private key”, as well as certificates. The keys can be used to encrypt (i.e. the data becomes unreadable) or to sign data (i.e. the data is readable but a hash of it is generated that can be used to detect subsequent changes to the data and the hash is then encrypted with the private key - the result of which can be used to verify the identity of the signatory).
As mentioned previously, a QES guarantees the highest level of security for electronic signatures due to the digital certificate granted by a Qualified Trust Service Provider (QTSP). This digital certificate is delivered by our partner Digidentity. The benefit of these types of digital signatures is that they are time efficient, they reduce the number of errors made in the process and, due to the high level of trust that a QES carries, ensure a safe feeling for all parties involved. With Digidentity’s user-friendly service, CM.com can offer Qualified Electronic Signatures without compromising on convenience and security. The authenticity offered by a QES means they are ideal for highly regulated transactions and are considered the legal equivalent of wet ink signatures.
The eIDAS Regulation provides the legal justification for electronic signatures. Even for Simple Electronic Signatures, eIDAS stipulates that a signature should not be denied legal effect within legal proceedings “solely on the grounds that it is in an electronic form.” In light ofOutside of the EU, the legal validity of electronic signatures may be slightly different, but an increasing number of markets worldwide recognize electronic signatures as legally robust and follow the eIDAS standards.
One of the differences between a Simple and an Advanced electronic signature is the required level of authenticity. A Simple Electronic Signature (SES), for example, is defined by eIDAS as “any piece of electronic data that is attached to or logically associated with other forms of electronic data used by the signatory to sign a document.” As such, including your name below your email could qualify as a SES.
An Advanced Electronic Signature is subject to some additional requirements, for example that it must be “uniquely linked to and capable of identifying the signatory, created in a way that allows the signatory to retain control, and is linked to the document in a way that any subsequent alteration of the data is detectable.”
Finally, a QES must be created by a Qualified Signature Creation Device (QSCD) and be based on a Qualified Certificate for electronic signatures. According to eIDAS, a Qualified Certificate must include information such as the signatory’s name, corresponding electronic signature validation data, information identifying the certificate’s period of validity from start to finish, and the Qualified Trust Service Providers’ (QTSP) unique certificate identity code. This certificate is automatically attached to the Qualified Electronic Signature at hand. According eIDAS, a QES is seen as the legal equivalent of a handwritten signature.
Sign is a Software-as-a-Service (SaaS) provided by CM.com that enables customers to upload documents and then invite signatories to review and sign them. Sign can be used through the web interface designed by CM.com or through an API. The first option provides the full functionality of Sign via the standard interface accessible via any browser as-intended by CM.com and the second option enables customers to integrate Sign’s features into third party software (e.g. their own DMS).
In its default configuration, Sign by CM.com generates electronic signatures that meet and exceed the requirements imposed by the eIDAS Regulation for simple electronic signatures as meant in Article 3 (10). Furthermore, Sign by CM.com is capable of generating electronic signatures that meet and exceed the requirements imposed by the eIDAS Regulation for advanced electronic signatures in Article 26, provided that additional authentication options are selected by the customer for the signing process, and the means employed by the customer to identify the signatories – prior to providing that information to CM.com - are sufficiently reliable. Examples of additional authentication options are One Time Password via SMS, IBAN verification, or iDIN, and expected in Q2 2023, ID Scan.
Sign by CM.com now also supports Qualified Electronic Signature; Qualified Signing by CM.com. Supporting identity verification in the HR, rental, legal, and insurance industries, as well as many others. With the Qualified Electronic Signature, CM.com offers all levels of Electronic Signature according to the eIDAS regulation. With QES functionality, our Sign solution provides users with the highest levels of authenticity, integrity, and trust.
If you are interested in Qualified Electronic Signing, please contact your Account Manager for more information regarding subscriptions and pricing.
Select a region to show relevant information. This may change the language.
