Advanced or qualified electronic signature for B2B companies

eIDAS: Differences between AES and QES

The QES from a technical perspective: the role of the trust service provider

The trust service provider (TSP) is a state-recognized certification authority. It provides physical or digital signature cards or offers the option of remote signing. With remote signatures, certificates encrypt the signature process and no special hardware or software is required.

With the qualified electronic signature as a remote signature, trust service providers create and administer the key pairs in a qualified signature creation device. It is the responsibility of the TSP to make the private key (signature key) available exclusively to the signatory. As a rule, this is achieved with an additional security factor. Before generating a signature key, the TSP must identify the signatory and securely store the captured identity data.

To determine whether a document has been signed with a QES, the certificate must be checked. Programs such as Adobe Reader have this function. Once you have opened the PDF file there, you will receive a message at the top about the validity of the signature. You can also receive further data such as the signature type (QES), the name of the signatory and the time of signature.

Advantages of the electronic signature

Instead of high printing, paper, and postage costs and long waiting times, electronic signatures are cost-effective and efficient. Companies benefit from faster signature processes and contract conclusions. You enjoy complete flexibility, as your contractual partners do not have to be in the same place and can sign at any time of day.

With the advanced electronic signature, identification can be checked using the signatory’s cell phone number. The AES is completed in a short time but still guarantees the integrity of the document. This is because a change to the file would invalidate the verification key and would therefore be recognized immediately.

The great advantage of the qualified electronic signature lies in its legal validity and forgery-proof identification, as this is carried out using an ID document. The QES meets all the requirements of the advanced electronic signature and additional security criteria. With the right tool, documents can still be signed intuitively and quickly – with our QES Ident solution, identity verification is possible without video agents or additional app downloads.

Legal validity and application for B2B companies

The use of a qualified electronic signature is always necessary if you require a high level of probative value or if the document to be signed is subject to the written form requirement. This is the case, for example, with annual financial statements or fixed-term employment contracts. The QES is legally equivalent to a handwritten signature – this is stipulated by the eIDAS Regulation for all EU member states. However, companies must ensure that the implementation of the signature complies with the laws of the respective country.

In addition to the mandatory use of a QES, there may be further regulations. For example, employment contracts in Germany can be signed digitally, but due to the “Act on Proof of the Existence of an Employment Relationship” (Nachweisgesetz), the essential contractual conditions are also required in paper form. In rare cases, the electronic form is also completely excluded by law – as is the case with the termination of an employment contract in Germany.

The advanced electronic signature is recognized as a legally valid alternative to the handwritten signature if no formal requirement for the signed document is stipulated by law. For B2B contracts, there is often no formal requirement, which is why the AES is well suited here. For example, it can be used for purchase contracts, orders or the conclusion of an open-ended rental agreement. Although a simple electronic signature (SES) would also be possible here, it does not offer the desired probative value and integrity of the document.

In addition to complying with the requirements for eSignatures, companies must also ensure that the signature process complies with data protection regulations. To meet the requirements of the GDPR or the Swiss New Federal Act on Data Protection (nFADP) you should obtain detailed information about the security of your data from your desired eSignature provider.

Electronic signature providers: How to choose the perfect tool

There are numerous providers of electronic signatures. This makes it all the more important to check whether the tool meets your company’s requirements and whether it fulfills certain quality features. These include:

• certifications such as ISO 27001
• the availability and location of the servers
• the availability of the support team
• the scope of the signature standards offered
• the type of data processing and encryption

Local data processing is always more secure than storage in the cloud. In addition, documents should always be sent end-to-end encrypted. Because as soon as your documents leave your company’s IT environment, you must rely on your eSigning provider to provide adequate protection.

At Certifaction, on the other hand, we rely on secure processes that make access by third parties impossible “by design”. Only you have control over your data, documents and their content. At the same time, both advanced and qualified electronic signatures are quick and intuitive with us.

Conclusion

Electronic signatures offer many advantages for B2B companies. To choose the right type of signature, you should consider the respective use case and legal requirements. While the advanced electronic signature (AES) is well suited for B2B contracts, other documents require the written form and therefore the qualified electronic signature (QES).