Qualified electronic signatures

What are qualified electronic signatures? Many people share this question, and though at first they believe that it is the most suitable because it provides full legal guarantees, we will see below that it is also the most complex to use.

What is a qualified electronic signature?

Is an electronic signature that is based on a qualified Digital Certificate that is generated on a qualified signature creation device (QSCD). This means that once created it cannot be exported to any other device.

A QSCD is, for example, a Smartcard. The best known is the ID card, as well as USB tokens. In addition, since the implementation of the eIDAS Regulation, cloud systems or systems for centralizing digital certificates on external servers are permitted. The latter requires a two-factor authentication each time the user signs (e.g., SMS shortcodes, a one-time password sent to the mobile phone).

Greater legal security and validity that truly makes the difference

According to the eIDAS Regulation, there are three types of signatures, depending on their level of security:

• Simple electronic signature: Simple electronic signature means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. It has legal effect and can hold up in a court of law, although it may have to be backed with other type of evidence.
• Advanced electronic signature: A signature that is uniquely linked to the signatory, allowing their identification. Created using signature creation data that only the signatory can use, with a high level of confidence, under their exclusive control and linked to the data signed by them so that any possible further changes are detected. This type of signature certifies the identity of the signatory, integrity of data, providing more legal guarantees.
• Qualified electronic signature: It is an advanced electronic signature created using a qualified electronic signature creation device and based on a qualified certificate. It enjoys the highest possible level of security and will have a legal effect similar to the handwritten signature.

NOTE: If the qualified digital certificate is not created using a QSCD it would be considered advanced signature, not qualified. Therefore the level of security will be lower and will not have the same legal effect to a handwritten signature.

Are qualified e-signatures overrated? Are they always the best choice?

When facing a digital transformation project our clients usually ask: “I would like to adopt this type of electronic signature as I know it has the highest legal validity”.

As we have already explained, the qualified type is not the most practical and operational signature. After analyzing the needs of each digital transformation project, we start to consider alternatives and other electronic signature systems that, despite not having the highest legal validity, are indeed more usable and practical. However, it is always necessary to take into account the type of formality or document to be signed. Nowadays, for most online procedures or given the type of documents to be signed, the advanced signature is the ideal choice.

However, it is true that with the qualified signature the burden of proof is reversed, and it falls on the person that claims that the signature is not valid. However, if we analyze the legal implications between the two, we will see that in most projects we can waive the qualified signature.

If we use the advanced signature, plus adequate evidence to prove the identity and will of the signatory and the integrity of the document, the burden of proof it’s not that important.

In this sense, our solutions keep track of the entire signing process allowing to prove how and who signed the documents.

Versatile and secure solutions beyond qualified signatures

Our solution Viafirma Documents allows to add electronic evidence to the signing process, thus making it hard to repudiate.

Evidence collected by Viafirma Documents can be the OTP SMS signature, qualified digital certificate, location, qualified timestamp, photo of the signer’s ID Card, one-time passoword, audio file, video file, fingerprint or biometric facial recognition

In short, the advanced signature can also provide high levels of security and legality; providing full legal support to the process while maintaining ease of use during the signing process, and offering an excellent user experience.