Qualified electronic signatures (QES) are digital signatures that enable organisations within the European Union (EU) and the UK, to digitally sign documents securely and, most importantly, legally.
A QES, backed by UK and EU legislation and secure online security and trust networks, enables a financial services, professional services and other organisation to trade online confident that the documents signed within the QES framework are legally enforceable.
There were two original drivers for a QES framework:
The whole point was ultimately confidence and redress. Organisations could sign an agreement with another party electronically and be confident that agreement was legally executed and could be recognised by and enforced in a court of law if a dispute arose.
In 2014, the EU introduced EU Regulation No 910/2014, also known as the electronic IDentification, Authentication and trust Services (eIDAS) Regulation, and in 2016 it became law. To be an eIDAS qualified electronic signature, then it must meet the requirements of being an advanced electronic signature:
Next, a QES must be generated by a qualified signature creation device (QSCD). The device qualifies the signature with dedicated hardware and software that has a private key. The unique and protected signature data must be managed by a qualified trust service provider, which could be a financial services or telecoms organisation, or a business dedicated to trust services. There are just under 600 eIDAS-regulated trust service providers across the EU.
The European Telecommunications Standards Institute (ETSI) created three digital signature standards with which the QES must be implemented, and which the trust service providers must use. A qualified digital certificate is the public key issued by the trust service provider to confirm the data integrity and authenticity of the signature. To use QES, an organisation must have the hardware and software from an approved and regulated trust service provider and a digital certificate for every transaction.
When the UK left the EU, much of the EU legislation was incorporated into UK law through the EU Withdrawal Act. There are UK eIDAS Regulations that, according to the Information Commissioners Office (ICO), set out the UK legal framework for UK trust service providers and also integrate with EU trust service providers.
QES is an essential component of digital transactions in the EU, requiring signatories to obtain hardware and software solutions and digital certificates from an authorised trust service. It is still relevant for UK organisations with EU-based counterparties.
Bonafidee digital engagement platform enables organisations and individuals to engage online in a safe, compliant and fully evidencable way. To find out more about digital signature and customer verification solutions, download our guide, or contact our team.