Qualified electronic signatures – what else?

It is impossible to imagine an efficient digital workflow without electronic signatures. With TRUST2GO®, we offer you a so called “qualified” electronic signature as a digital alternative that completely replaces your handwritten signature in technical, organizational and legal terms. But what exactly is an electronic signature, and what is a “qualified” e-signature? In accordance with the EU eIDAS Regulation, a basic distinction is made between three levels of digital signature: the simple, the advanced and the qualified e-signature.

In simplified terms, trustworthy digital signatures involve data being identified by a forgery-proof electronic feature – the signature in the cryptographic sense. This makes it possible to trace who the data records come from and whether they have been changed during the digital transaction. Any attempt to change even one point or modify hidden text in the document will invalidate the electronic signature. But the question of “by whom”, “with what technology”, “with what means” and “under what guidelines” the signature or the signature tool were created depends on whether the signature in case of doubt is a useless scribble, or just a legally tenable evidence.

As a rule, we speak of the “quality classes” simple, advanced and qualified. The “qualified” e-signature is particularly trustworthy. The EU eIDAS Regulation define its requirements and effects.

The “simple” electronic signature

Simple electronic signature stands for signature services with low trustworthiness and evidential value that are not at advanced or qualified level. The simple e-signature is not regulated by law and can be generated without special verification and authentication steps. It is therefore easy to forge and is, for example, merely the graphic image of a handwritten signature.

The advanced electronic signature

In contrast, the eIDAS clearly regulates the advanced e-signature. The identity of the signatory must be verified by a body approved for this purpose, the so-called Trust Service Provider (TSP). Only uniquely identified persons are provided with the corresponding signature tools. Standardized and approved methods are used to unambiguously prove the identity of the signatory – for example, video identification with subsequent activation by cell phone. Furthermore – and this is a decisive difference to the simple signature – it must be created with tools that the signer can keep under his control. These are, for example, password-secured crypto files or special hardware. Simple signatures, on the other hand, can simply be copied by anyone, so they are worthless in the event of a dispute.

The qualified e-signature

The qualified electronic signature is the highest signature level and is considered the most secure level of a digital signature. It is subject to all the requirements of the advanced signature plus some additional criteria and can only be issued by a qualified entity approved by the national regulator. These qualified TSPs are regularly audited to ensure that their solutions comply with European regulations. In addition to personal identification, the use of specific hardware is also required, making the compromise of signature data extremely unlikely.

Recipients of signed documents can be sure that a qualified certificate is issued to a natural person whose identity matches that stated on the certificate. Contracts signed with a qualified e-signature are as legally valid as those signed by hand, according to the eIDAS specifications.

Selection criteria in the search for the right signature solution

Of course, all three signature levels are legally permissible. They must be selected depending on the application and the relevance of the documents to be signed – we will be happy to advise you!

One thing is certain: where legal requirements for written form (wet ink signatures) apply, a qualified signature only meets the formal requirement. Also, numerous constellations are known in which declarations can only be submitted with a qualified signature and the written form – in the sense of a paper based handwritten signature – is no longer accepted.

Where declarations can also be made informally, as is the case externally for quotations, invoices and delivery bills, for example, the advantages of an advanced signature may outweigh the disadvantages (full automation – no need for hardware and 2-factor authentication).

Other considerations for selecting the right signature instrument that we have often encountered in our consulting practice to date:

• Qualified signature for transactions above a certain value threshold, below advanced.
• Qualified signature for external declarations, internally only advanced signature.
• Qualified signature for persons registered in the commercial register.
• Qualified signature for foreign transactions, otherwise advanced signature.

Electronic signature – digital signature, E-signature – digital signing

Honestly: Did you already stop thinking at the headline? Not entirely without reason, these terms are usually used synonymously.

While e-signature and digital signing are undefined terms of a rather promotional nature, electronic and digital signature mean two different approaches. Strictly speaking, the two concepts must be distinguished -not all electronic signatures are necessarily digital signatures.

“Electronic signature” is a legal term defined in the eIDAS Regulation as follows: “[..]data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;.” (Art 3 eIDAS Regulation)

A digital signature, on the other hand, refers to a mathematical and cryptographic process used (not only, but also) to produce electronic signatures. The definition in ETSI TR 119 100 reads:
“Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit”.
Unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient”.

Whether advanced or qualified: With TRUST2GO® you can easily digitize your contract management. The integration into existing backend systems (SAP, Microsoft, Oracle, …) is just as easy as the application with our free software TRUST2GO® Client.