What is a Qualified Electronic Signature (QES)?

In today's digital world, it is important to ensure the authenticity and integrity of electronic documents. One way to achieve this is to use a qualified electronic signature (QES). This article explains the definition and basics of a QES, the different areas of application and benefits, the technical components , the process of creating a QES, and the legal aspects of QES at national and European level.

Definition and basics of the QES

The qualified electronic signature is a special type of electronic signature that provides the highest level of security. It guarantees the authenticity, integrity and confidentiality of electronic documents and is legally equivalent to a handwritten signature.

QES is based on advanced cryptographic techniques and meets certain legal requirements and standards to achieve a high level of trustworthiness.

Legal requirements and standards

According to the European Regulation eIDAS (EU) No. 910/2014, qualified electronic signatures must meet certain requirements. These include

• The signature must be created using a qualified signature creation tool.
• The signatures must be based on a qualified certificate issued by an accredited certification service provider.
• The key pair used to sign and verify the signature must be accessible only to the signer.
• The signature must be linked to the content of the document in such a way that any subsequent changes can be detected.

Various cryptographic techniques can be used to meet these requirements. These include the use of asymmetric encryption, where a public key is used for encryption and a private key for decryption.

In addition, the certificates used to create the signature must meet certain requirements. For example, they must be issued by an accredited certification service provider and have a specified validity period.

Difference between simple, advanced and qualified electronic signature

There are different levels of electronic signatures, with the qualified electronic signature (QES) being the highest level. Some differences between these levels are:

1. Simple Electronic Signature (EES): This is any electronic method that a person uses to identify themselves.
2. Advanced electronic signature (FES): These provide a higher level of security than simple signatures and are bound to the signatory using cryptographic methods.
3. Qualified electronic signature (QES): At the highest level, the signature meets all the legal requirements mentioned above and has the same legal effect as a handwritten signature.

The signatures look almost the same on the surface, but the status of the signature and its binding force are very different. Only the qualified electronic signature is legally comparable to a handwritten signature (see § 4 paragraph 1 Signature and Trust Services Act SVG).

Detailed information about the standards can be found here: QES, FES, EES: All eSignature standards at a glance .

There are many benefits to using qualified electronic signatures. For example, contracts and other documents can be signed quickly and easily online without having to print physical copies. This saves time and money and is particularly beneficial in today's digital world.

Another advantage of the qualified electronic signature is its high level of security. Because the signature is based on cryptographic procedures and must meet certain legal requirements, it is extremely difficult to forge or manipulate. This ensures the integrity and confidentiality of electronic documents.

Areas of application and advantages of the QES

The areas of application of the qualified electronic signature are diverse and range from contracts and legal documents to e-government and public administration to finance and banking. In this context, the QES offers several important advantages:

Contracts and legal documents

The use of QES in contracts and legal documents has the advantage of meeting the requirements of a handwritten signature. This allows for faster and more efficient contract execution, especially in cross-border transactions, saving time and money.

Another advantage of QES is the ability to sign multiple documents simultaneously. This is particularly useful for large contracts or when contracts are signed by multiple parties.

E-government and public administration

In this area too, eGovernment can significantly improve the efficiency and transparency of administrative procedures. It enables citizens and businesses to submit legally valid documents and applications online, providing a simple and time-saving solution for everyday administrative procedures.

QES can also be used to process tax returns and other administrative procedures electronically. This not only makes life easier for citizens, but also for the administration itself, as documents can be processed more quickly and efficiently.

Finance and banking

In the financial and banking sector, the security and confidentiality of transactions play a crucial role. The use of QES increases the security of electronic transactions and thus prevents fraud and cybercrime.

Furthermore, QES can also be used when opening bank accounts or applying for loans. This enables fast and efficient processing without the customer having to appear in person at the bank branch.

Data protection and security

Using cryptographic techniques, QES provides a high level of security, both in terms of authenticating signatories and protecting documents from subsequent modification. This protects the privacy of the contracting parties and ensures the confidentiality of the transactions.

Another advantage of QES is the ability to set a time limit on the signing of documents. This is particularly useful when signing contracts that are only valid for a limited period of time.

Overall, QES provides a fast, efficient and secure solution for signing documents in various areas. It increases the transparency and security of administrative procedures and makes the process easier for citizens and businesses alike.

Technical components of a QES

In order to create and verify a qualified electronic signature, some technical components are required:

Signature Creation Device (SSE).

The signature creation device is the tool or software used to create the QES. This unit must meet certain requirements to be classified as a qualified signature creation tool.

The SSE is an important component of a QES as it enables the signature creation process. The SSE must ensure that the signature can only be created by the person authorised to do so. For this purpose, the SSE may use, for example, biometric data such as fingerprints or facial recognition.

The SSE is also responsible for ensuring that the signature is immutable. This is achieved by using cryptographic procedures to ensure that the signature cannot be manipulated.

Signature verification unit (SPF)

The signature verification unit is responsible for verifying the QES. It verifies the signature against the signer's public key to ensure that the signature and the underlying document are genuine and unaltered.

The SPF is an important part of a QES as it ensures that the signature is valid and trustworthy. The SPF verifies the signature against the signer's public key contained in the certificate. If the signature is valid, the document is considered authentic and unaltered.

The SPF is also responsible for maintaining the integrity of the document. This is achieved by using cryptographic procedures to ensure that the document has not been tampered with.

Certification service provider (CSP)

Certification service providers are organisations that issue qualified certificates in support of QES. These certificates contain information about the signatory and their public key. To be considered a qualified CSP, the organisation must be accredited by a national accreditation body.

The certificates issued by a CSP are an important part of a QES. They contain information about the signer and their public key, which is used to verify the signature.

The certificates must ensure that the signer is who he claims to be. Various methods can be used to do this, such as checking identification documents or personal identification.

Process of QES creation

Before a qualified electronic signature can be created, it must go through a multi-step process that includes identity verification and authentication, signature creation and encryption, and signature verification and validation.

As with many other electronic legal or banking transactions, one's identity must be proven with 100% certainty. The first step is a short (about 10 minutes) Video ID process, where your personal and biometric details are verified by a government-approved service (Trust Service Provider).

You can then use a smartphone app to verify each of your digital signatures. In addition to your email address, which you need anyway to sign and retrieve signatures, your mobile phone becomes your second layer of security.

You can find a detailed overview of the individual steps here: How to obtain a (qualified) electronic signature (QES)

Identity verification and authentication

To obtain a qualified certificate, the signatory must first prove their identity to the CSP. This can be done in person, online or by video identification. After successful identity verification, the signer receives the certificate.

Identity verification is an important step in ensuring that the person creating the signature is who they say they are. There are several ways to verify the identity of the signer. For example, checking identification documents or asking for personal information.

Authentication is another important step to ensure that the signature was created by the person holding the certificate. This involves confirming the identity of the signer through the use of passwords or other security mechanisms.

Creation and encryption of the signature

With the qualified signature creation tool, the signer creates their QES using their private key. The tool binds the signature to the document and ensures the integrity and authenticity of the data.

Creating and encrypting the signature is a complex process involving several steps. First, the signer's private key is used to create the signature. Then the signature is associated with the document and encrypted to ensure it cannot be tampered with.

Encrypting the signature is an important protection mechanism that ensures that the signature cannot be read or manipulated by unauthorised parties. Different encryption technologies are used to ensure the security of the signature.

Verification and validation of the signature

To verify the signature, the Signature Verification Unit uses the signer's public key contained in the qualified certificate. It verifies the signature and ensures that the document is unchanged and has not been subsequently altered.

Signature verification and validation is an important step in ensuring that the signature is valid and trustworthy. It involves comparing the signature to the document to ensure that no tampering or alterations have been made.

The Signature Verification Unit uses a variety of technologies to verify the validity of the signature. These include digital certificates, hash values and cryptographic techniques.

Legal aspects of QES

In the European area, comprehensive legal foundations for QES were created with the eIDAS Regulation (EU) No. 910/2014. These regulations concern, among other things, the recognition, liability and cross-border use of QES:

EU eIDAS Regulation

The eIDAS Regulation creates uniform regulations for electronic identification and trust services in the EU. It also sets out the requirements for QES to be recognised throughout the EU area.

Liability and evidential value

Qualified electronic signatures have the same legal effect as handwritten signatures and thus meet the highest legal requirements. In the event of a dispute, they carry an increased evidentiary value and can thus offer the contracting parties more legal certainty.

Recognition and cross-border use

A central aspect of the eIDAS Regulation is the mutual recognition of QES and other electronic trust services within the EU. This enables the smooth use of qualified electronic signatures across national borders and thus facilitates electronic data traffic in the internal market.