When it comes to electronic signatures, we have already explained that there are various types of electronic signatures, each offering a different level of security. A Qualified Electronic Signature (QES) is arguably the most secure method for signing digitally. In this article we will talk you through the when and why you should sign with a qualified electronic signature. Let’s get into it!
What is a Qualified Electronic Signature?
Before we dive in, let’s clearly define what a QES exactly is. A Qualified Electronic Signature is an advanced electronic signature with a qualified digital certificate, signed using a qualified signature creation device (QSCD). The QSCD entitles that none other than the signer is able to access and use their personal key and that the signature creation data is unique, confidential and protected from forgery.
For an electronic signature to be considered as qualified, it must meet 3 main requirements:
- The signer must be linked and uniquely identified to the signature
- The data used to create the signature must be under the sole control of the signer
- Must be able to identify if the data accompanying the signature has not been tampered with since signing
If the signature meets all requirements listed above, it is officially recognized as a qualified electronic signature, which offers multiple advantages that we’ll discuss further in this article.
Identify the signer with absolute certainty
One of the key advantages of a Qualified Electronic Signature is that it links the signer’s identity to its signature by means of a personal, qualified certificate, which is issued by a Qualified Trust Service Provider (QTSP). Before being able to link these two, a face-to-face verification process or other equivalent process is required. This makes it the only type of electronic signature that is 100% capable of identifying the signer.
Valid across the European Union
The personal, qualified certificate we talked about earlier ensures that the signature is not only valid in the EU-country where the certificate has been assigned, but is also recognized as a valid, legally binding signature across all member states of the European Union. Thanks to its powerful legal status, a Qualified Electronic Signature is the go-to alternative for signing the most sensitive, high-risk documents such as credit applications, life insurance documents or (international) deposits, depending on the local legislation.
The highest level of security with the press of a button
The great thing about all this is that a qualified signature is easily available for companies and end users. If you have a personal certificate linked to you, whether that be in the shape of an electronic identity card, smart card, USB token or other, you have the ability to use a qualified electronic signature. And let’s be honest, why would you not choose for the highest level of security if all it takes is just a simple setup process? In a few steps, you can have your certificate linked to your signature and that’s all it takes.
Let’s take the Belgian initiative itsme® as an example here: itsme® is a platform created by Belgian Mobile ID, that offers a way of logging in securely on multiple online services. It replaces the need for a card reader or remembering dozens of usernames and passwords. All it takes is linking itsme with a verified identity (your bank data or your .beID) and you are ready to sign governmental documents, secure bank deposits and other online transactions in a hassle-free way.
Legally (almost) indisputable
One of the key differences between a Simple, Advanced and a Qualified Electronic Signature is that the burden of proof lies with the party that initiated the signature (simple and advanced) versus the burden of proof lies with the signer (qualified). Let’s explain this with an easy example:
Say your company has sent an online order to a customer and at delivery, it’s been signed off with a Simple Electronic Signature. A few days later that same customer contacts your company saying the delivery never took place and the package did not arrive at his/her house. In this case, it’s up to your company to prove that the package has been indeed signed off by that exact person. If it is signed with a Qualified Electronic Signature, the customer has to be able to prove that he/she did not sign for that package (for example, my electronic ID got stolen and they somehow were able to guess my pin-code).
This example clarifies that as initiator of multiple signing processes, you are in a more secure position using a qualified electronic signature than you would be using simple or advanced electronic signatures. The certificate adds another layer of security that you lack with other alternatives, making it legally indisputable without any clear evidence.
Qualified Electronic Signature methods in Connective eSignatures
At Connective, we are continuously working towards offering a multitude of signature methods that can be used across the globe. Besides Simple and Advanced Electronic Signature methods, we also offer quite some Qualified Electronic Signature methods in our digital signature solution.
For instance, in Belgium we offer itsme® and .beID (the Belgian electronic identity card) as a qualified signature method. We also offer the electronic identity cards, as well as smartcards and tokens with signature certificates, from numerous other countries as a signature method.
To see our complete offer of Simple, Advanced and Qualified Electronic signature methods, please head over to our singing methods overview.
To conclude, we can safely say that the Qualified Electronic Signature is the most secure signature option available. The level of reliability is significantly higher than the other options and as a company, you put yourself in a more secure position in case of disputes. The best part is, it does not even require a complicated setup process. Using a qualified electronic signature is almost as easy in setup as the other methods, with the key difference being that you need a personal certificate attached to a verified identity, coming from a governmental or financial institution. So with little effort, you get a lot in return when it comes to reliability and security.
That being said, the type of electronic signature you should use depends entirely on the use case. Often a Simple or Advanced Electronic Signature offers enough security and reliability for companies to implement in their day-to-day operations. If the transactions or documents are not high-risk ones, it is absolutely fine to have these two electronic signature types installed. Many electronic signature providers, including Connective, offer a wide range of signing methods including all 3 types of signatures, so you are free to choose which is the most adequate to use with every other signing.
If you have any questions regarding Qualified Electronic Signatures, or you want to more about the options we offer here at Connective, don’t hesitate to contact us.
Questions? Don't hesitate to contact us!