Do you wonder what is the qualified electronic signature? Many people share this doubt and although at first they believe that it is the most suitable because it provides the maximum legal guarantees, later we will see that it is also the most complex to perform.
What is a qualified electronic signature?
It is one in which the qualified Digital Certificate is generated in a secure signature creation device (QSCD). This means that once created it cannot be exported to any other device.
A QSCD is, for example, a Smartcard. The best known is the DNI card and there are also USB tokens. In addition, since the entry into force of the eIDAS Regulation, cloud systems or systems for centralizing digital certificates on external servers are allowed. The latter will require the introduction of a double authentication factor each time the user signs (such as an SMS OTP, a one-time key sent to the cell phone).
In summary, using qualified electronic signature implies having a physical device, such as a cryptographic card or USB token, or a centralized qualified digital certificate system with a double authentication factor to secure the access and use of the remote digital certificate.
Greater legal certainty and validity, its main distinguishing factor
According to the eIDAS Regulation, there are 3 types of signatures according to their security level:
- Simple electronic signature: Electronic data attached to, or logically associated with, other electronic data used by the user to sign. It is admissible evidence in court, although it may need to be supplemented with other elements.
- Advanced electronic signature: It is the one that is uniquely linked to the signatory, allowing its identification. It has been created using electronic signature creation data that the user can use, with a high level of confidence and under his exclusive control. It is linked to the data signed by it so that any subsequent modification of the data is detectable. It ensures the identity of the person signing and the integrity of the data, thus offering more legal guarantees than the previous one.
- Qualified electronic signature: An advanced electronic signature that is created by means of a qualified electronic signature creation device and is based on a qualified certificate. It enjoys the highest possible level of security and will have a legal effect equivalent to that of a handwritten signature.
IMPORTANT: If the qualified digital certificate is not generated in a QSCD (Secure Signature Creation Device), it will be an advanced signature, not qualified. Therefore, the security level will be lower and it will not have the equivalent legal effect of a handwritten signature.
Is qualified electronic signature overrated, and is qualified electronic signature always the best option?
When we are faced with a digital transformation project, the client usually tells us the following: “I want to carry out this electronic signature process because I know that it is the one that has the maximum legal validity”.
As we have already explained, the qualified signature is not the most functional and operative. Once the needs of each digital transformation project are well analyzed, alternatives and other electronic signature systems are studied, which, although not having the maximum legal validity, are more operative and usable. In this sense, the type of procedure or document to be signed must always be taken into account. Nowadays, in the vast majority of telematic procedures or due to the type of documents to be signed, the advanced signature is sufficient.
It is true that with the qualified signature the burden of proof is reversed, and it is up to the person who challenges it to prove that the signature is not valid. But if we analyze the legal implications between the two, we will see that in most projects we can dispense with the qualified signature.
If sufficient evidence is gathered when making the advanced signature to prove the identity and will of the signatory, as well as the integrity of the document, the burden of proof is not so critical or relevant.
In this sense, our solutions keep the traceability of the whole signing process and we will be able to demonstrate how and by whom it was done.
Versatile and secure solutions beyond qualified signatures
An example of this is our Viafirma Documents solution , where there is the possibility of incorporating electronic evidence to the signature process, which makes it very difficult to repudiate.
Some examples of evidence in the process and collected by Viafirma Documents are the signature by OTP/SMS or qualified digital certificate, geolocation, a qualified time stamp, a photograph of the signatory’s ID card, a single-use token, an audio file, a video file, a fingerprint or even facial biometric validation.
In short, with the advanced signature we can also achieve very high levels of security and legality; giving full legal validity to the process but without losing sight of the functionality and ease of signature processes and logically offering an excellent user experience.