If you are a small or large business, an international company, or just an individual person, you need to be certain your digital transactions are fully legal, accepted across borders, and completely secure. But in reality what you are signing, when making a deal, is just ones and zeros on a computer. You never sign the actual, physical document, so you need to be extra certain that you are able to trust that those bits and bytes are handled securely.
You don’t want to make a business deal, have it fully signed and delivered and discover that you have no grounds to enforce it. This is why when making these types of agreements, you should always use electronic trust service providers (TSPs) which operate under the EU regulations.
But for the highest level of security, using a qualified trust service provider (QTSP) should be involved for your peace of mind.
There are three main types of electronic signatures according to eIDAS, the european regulation for electronic identities and trust services. Each type represents an increased level of legally binding signatures, but national laws decide which type of signature is binding in the end.
First of all, a Standard Electronic Signature (SES) - sometimes also called a Simple Electronic Signature - which is a scribble on a screen or an e-mail message, for example. This could be a signature drawn on an iPad, for example, or with a mouse. In some regions, a Standard Electronic Signature can be a legal way to get approval on electronic documents and transactions, but it’s important to keep in mind that with SES, there is no evidence that the signee is who they say they are. Nor is there a binding to the information you are signing, or protection against changes.
Then, there is Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) which both require a digital signature. This means that the document and signature are protected by cryptographic means.
The requirements of an AES are:
A Qualified Electronic Signature (QES), however, is the most secure type of electronic signature. The official definition is that it is an AES using a QSCD (Qualified Secure Signature Creation Device) and is based on a qualified certificate. It allows you to sign documents with high-security assurances, making them recognized and legally valid across the European Union. A QES has the following requirements:
The need for qualified electronic signatures depends on the legal framework of the country you are in. If advanced electronic signatures are considered binding, you do not need to use qualified electronic signatures. It may not even be available yet. If QES are available they should be used in any business where there is a high risk of fraud or scam, from financial institutions to telecommunications, to military and Government documents. Having a secure signing system is particularly vital today, as scams during the COVID-19 pandemic are at an all-time high.
Various sectors of the economy, for example finance, banking, insurance and health, are obligated by law to protect a customer’s identification and personal information. With more and more business now being done online, it’s more important than ever to invest in a secure signing solution. According to eIDAS (Electronic Identification, Authentication and Trust Services) regulation QES shall be recognised at the same level of assurance as the ‘wet signature’, i.e. a handwritten signature. However, it is up to the legal system of a country to decide whether an AES is accepted or not, but a QES shall always be undisputed.
QES can be used in circumstances involving the signing of contracts or loans where there are two or three various parties from different areas involved. Some relevant examples are bedrock agreements of life, such as labour contracts, corporate documents, tax returns and applications, consumer credit contracts, notaries, and inheritance documents.
For example in Belgium, the law requires QES for employment contracts or a will.
Along with being a very safe form of electronic signing, a QES has many other benefits. In general, electronic signatures provide a faster turnaround time. However, with the high levels of assurance a QES provides, choosing this type of electronic signature can mean a quick turnaround of higher-risk documents or contracts. For example, when dealing with a leasing company for cars or other vehicles. During COVID-19, some car companies have halted production. Customers tend to visit dealers in person to do test drives and sign contracts. The faster you can order a car, the faster it can go into production. If a company has a number of documents that need to be signed by various parties, the usage of QES through a QTSP (Qualified Trust Service Provider) would accelerate that business at a high rate.
This is because dealers can send everything under the most secure electronic method, documents can be countersigned by both parties, sent to the bank for loan countersign. The transfer of documents is instantaneous and you won’t have to wait for days to complete the deal. This saves time and can help to avoid the delayed purchase of products. You can email a copy to everyone with the final signatures on it. It also leads to electronic archiving of your contracts, which in the future will be very important for using Artificial Intelligence into analysing the data, or for keeping a record of the contracts.
In some countries, QES is a requirement in certain cases. For example, there are countries with their own State-sponsored QES methods, like Belgium.
Belgium has an eID (electronic identification) signature method. The eID card is essential in Belgium and it has two certificates: a certificate for authentication and a certificate for electronic signing. The eID card allows holders to sign documents electronically through a third party and the signature that is produced is a QES. It has the same legal validity as the traditional handwritten signature.
Simply put, when the cost or risk of a problem for you and your customer is high, you need Qualified Electronic Signatures. You need to assess the likelihood of:
Qualified Electronic Signatures are regulated through eIDAS (Electronic Identification, Authentication and Trust Services), which sets out EU regulations for electronic transactions in the internal market.
eIDAS defines trust services for supporting electronic signatures, electronic seals, electronic time stamps, electronic registered delivery services and website authentication. It provides one common legal framework for all parties relying on, or providing those types of services.
This makes it much easier for you and your customers to conduct secure digital transactions in your own country, and across European Union (EU) member states.
Under eIDAS, a QES produced through qualified trust service providers (QTSPs), carries the highest value of identity evidence. QES does not need any additional proof in the case of a dispute.
As the digital equivalent of a handwritten signature, if a QES is used as evidence in a court of law, it cannot be easily disputed because of the non-repudiation nature of the QES. This means the signatory cannot deny they are responsible for the creation of the signature. Other forms of electronic signatures may need more information or supporting documents in the case of a dispute.
A QES is secure due to the fact that the actual signature process is usually done in dedicated hardware – even if the signature is distributed through a network later.
This dedicated hardware is known as a Qualified Signature Creation Device (QSCD) and it is a specific, complex hardware used to create a QES. The device must meet the requirements laid out under eIDAS. These are the following: