Definition and Legal Framework
Under the eIDAS Regulation, which sets the legal framework for electronic and digital signatures in the EU, a qualified electronic signature (QES) is considered the most secure form of electronic signature. It holds the same legal status as a handwritten signature, making it a legally valid signature in Switzerland and the EU. Specific technological procedures are used in its creation to ensure the signatory’s identity and guarantee the document’s integrity.
If you want to offer qualified electronic signatures, whether due to formal local signature law requirements or for secure identification of signatories, it’s important to understand how your e-signature solution facilitates signing with a qualified signature.
Technical Details and Trust Service Providers
Modern solutions typically offer the qualified electronic signature as a remote signature based on a special certificate issued by an approved provider of qualified trust services, which contains the signatory’s identity (at least the name). Often, a visual representation of the signature is attached to the document for easier recognition, although this is neither legally necessary nor relevant. Additional data, such as email addresses or company logos, can also be included.
Certifaction Signature Card
QES utilizes asymmetric cryptography or public key encryption. This involves two keys: a private signature key and a public key. The signature key signs the document’s hash value (its unique digital fingerprint). The public key, stored in the certificate, is used to verify authenticity by decrypting the checksum encrypted during signature creation and comparing it with the document’s recalculated hash value.
With remote signatures, the Trust Service Provider (TSP) generates and manages the key pairs in a qualified signature creation device (HSM). The TSP ensures that only the signatory can access the private key, typically secured by a second security factor. Additionally, the TSP must securely identify signatories before creating a signature key and store their identity data.
Use Cases and Legal Validity
The qualified electronic signature is essential where legal regulations or specific business processes require it, such as for contracts typically executed in written form but now processed digitally. As the highest standard of e-signature, QES offers a digital, legal, secure, and efficient solution. The probative value of each electronic signature type is defined by framework guidelines and respective federal laws – in Switzerland by the Federal Assembly and in Germany by the Federal Network Agency.
Legal Regulations in the EU and Switzerland
The legal validity of QES is well-established. In the EU, it’s regulated by the eIDAS Regulation, and in Switzerland by the ZertES (Federal Act on Certification Services in the Field of Electronic Signatures). Both legislations equate QES with a handwritten signature, giving it a full probative force in court. A significant advantage of QES is the reversal of the burden of proof: if a contracting party disputes the signature’s validity, they must prove forgery. The signature initiator needs only to submit the signed PDF as evidence. It’s important to note that QES can comply with either eIDAS or ZertES, but not both simultaneously. Specialized eSigning providers in Switzerland allow selection between these variants.
Requirements and Implementation of the QES
QES must meet various requirements from the eIDAS Regulation or ZertES. Like the AES (Advanced Electronic Signature), it must be clearly linked to the signatory, enable unique identification, and be connected to the data to detect subsequent changes. Identification can be in-person or, in some cases, online via video or auto-ident. Additionally, a recognized certification authority, the Trust Service Provider, must issue the qualified certificate for electronic signatures using a qualified signature creation device. These technical specifications are essential for the validity of QES.
User-Friendliness and Software Solutions
Signing with QES is highly user-friendly, with solutions like Swisscom or Cryptomathic facilitating the process. The document is added in a specific format, and the signature software creates the signature using the signature key. Our company solution uses Swisscom as an identification partner, with Swisscom issuing certificates for the signature creation device (smart card).
The Certifaction QES solution is noted for its user-friendly interface, simplifying the identification process to a maximum of 10 minutes. If users have NFC-enabled passports, identification can be completed in 2 to 4 minutes. However, our solution still strictly adheres to European signature laws and regulations.
Advantages of Qualified Electronic Signature
QES offers significant advantages: high security, legal clarity, and enhanced business process efficiency. It ensures a rigorous identity check and maintains document integrity. Moreover, its use is strongly encouraged by law.
Registration and Identification Procedure
Registering for QES is straightforward but requires meticulous identification. This may include presenting a valid ID card, address confirmation, and other details.
Security and Legal Clarity with QES and SES
Using QES for signing important contracts provides additional security and legal clarity, even if only a simple electronic signature (SES) is required. An automatic time stamp when affixing a QES provides further legal certainty.
Differences Between QES and AES
Unlike the advanced electronic signature (AES), QES offers greater security and legal validity. While AES identifies the signatory via email and mobile number and ensures document integrity, QES is legally equivalent to a handwritten signature.
Verification and Data Security
The validity of a QES and data integrity can be verified with tools from Trust Service Providers. For example, Swiss mobile number users can verify their electronic signature registration on the Swisscom website.
Ensuring a document remains unaltered post-signing, especially for digitally signed contracts later printed, is crucial. Our digital twin solution uses a QR code added before printing, enabling authenticity verification and secure digital copy downloads.
Documentation and Clarity in Signing Process
When one party uses QES and the other signs by hand, it’s advisable to document the process thoroughly. Both signatures should appear on the same document for clear legal standing.
Data Security Through End-to-End Encryption
Certifaction not only offers a business solution for every type of remote signature specified in the Digital Signature Act but also makes high demands on data security. With the qualified signature and every other signature possible with our eSigning solution, your data and that of your customers and partner companies are only loaded locally. We use zero-document-knowledge technology, meaning we have no insight into the documents you want to sign. Everything transmitted is encrypted and you can password-protect and send the key to your signing partner.
We Are Here to Advise
The qualified electronic signature is crucial in Switzerland and Europe. As a privacy-first provider, we ensure seamless implementation. We are eager to support your digital transformation journey!
Inhalt
- Definition and Legal Framework
- Technical Details and Trust Service Providers
- Use Cases and Legal Validity
- Legal Regulations in the EU and Switzerland
- Requirements and Implementation
- User-Friendliness and Software Solutions
- Advantages of Qualified Electronic Signature
- Registration and Identification Procedure
- Security and Legal Clarity with QES and SES/span>
- Differences Between QES and AES
- Verification and Data Security
- Data Security Through End-to-End Encryption