AdvisorWhat is a qualified electronic signature (QES)?

Our world is becoming increasingly digital. The business world is shifting its business activities into the digital space, as employees increasingly perform their jobs in their home offices. In our private lives, too, many everyday things take place on the Internet: we buy clothes, groceries or electrical appliances online and prefer to take care of our banking affairs and deal with the authorities from home, without having to take the unnecessary step of going to a branch. A weak point in the digital realm is still the conclusion of online contracts with one’s own manual signature, because this is usually still done on paper. This is where the qualified electronic signature (QES for short) can provide a remedy. This guide informs you about the important properties and advantages of a QES and how it can be used.

Definition of QES

The qualified electronic signature is a secure digital signature with legal basis according to the EU regulation eIDAS and the Swiss federal law ZertES. It has a very high probative value and liability, is equal to the handwritten signature before the law and can be verified via validators. Examples of these legally recognized validation options are the validator of the Swiss Federal Administration or the signature verification of the Austrian Rundfunk und Telekom Regulierungs-GmbH.

Requirement and properties of QES according to EU Regulation eIDAS

Generally, the qualified electronic signature is created in the digital public-private key procedure. The EU eIDAS Regulation, which governs the legal framework of electronic signatures and trust services in the EU, also defines essential requirements for a QES and describes electronic signatures in Article 3 No. 10 as “data in electronic form that is attached to or logically associated with other electronic data and that the signatory uses to sign”. According to the eIDAS Regulation, the QES should meet these requirements. The QES should:

  • Be uniquely identifiable to a person,
  • enable the unique identification of the person,
  • be created by a trust service provider, such as Swisscom Trust Services
  • be based on a qualified electronic certificate, and
  • prove that the document cannot be altered after the signature has been applied.

Differentiation of the QES from the AES or EES

The qualified electronic signature is the most secure type of digital signature, as it has the highest probative value and liability. Based on the legal requirements of the eIDAS Regulation and the Swiss Federal Law ZertES, the QES is distinguished from the advanced electronic signature (AES) and simple electronic signature (SES):

AES

The advanced electronic signature is a digital signature without legal anchoring. According to the eIDAS Regulation, an advanced signature enables unique identification and assignment of the signatory (non-repudiation and authenticity) as well as detection of a subsequent change on an already signed digital document (integrity). This type of signature has a high probative value, but a lower liability, as there are no legally recognized validation options and the legislator allows a wide scope for the design of the advanced signature.

SES

The simple electronic signature is a digital signature with a very low liability and evidential value. There is no legal basis or specified requirements for the creation of this type of signature. For this reason, this type of signature can be forged very easily.

Advantages of QES

Legal validity

Only the QES is equal to the handwritten signature before the law. There are already various legal requirements and regulations that can demand QES from individuals. In Germany, for example, these include the Money Laundering Act and the Employee Transfer Act. In Switzerland, QES is required in certain cases by the responsible person of a company that is controlled by the Swiss Financial Market Supervisory Authority FINMA.

Cost & time saving

With the introduction of a QES, you save enormous costs in paper consumption, logistics, scanning, printing or dispatch by mail. At the same time, you can avoid the time-consuming trip to the office or customer, because with the QES a contract can be signed in the digital space regardless of location and time.

Quality & Safety

Depending on regulatory requirements, certain signed contracts must be stored securely for an extended period of time. If the signature is written on paper by hand, there is a risk that it will no longer be clearly legible after this retention period and will fade. By using QES on a digital contract, the signature quality remains in the original even after many years and can be securely verified via validators.

Areas of application of QES

digitales-onboarding-traiding@2x

Open online bank account

Under the provisions of the Money Laundering Act (GWG), a customer must be identified when opening an account. Traditionally, this was done in person at the bank branch. Although direct and online banks have been offering the option of online identification for some time, they provide the necessary applications and documents for opening an account to the customer by mail so that the customer signs them by hand. This media disruption can be prevented with the help of an electronic signature, as the customer can submit a legally secure and digital declaration of intent in this way.

The industry experts at Swisscom Trust Services analyze your needs for QES in the financial sector, your challenges and your existing processes before preparing a proposal. Depending on the use case, this can consist of the integration of a standardized partner solution or a development specifically tailored to the use case.

 

National Cancer Institute L8tWZT4CcVQ Unsplash

Digitization in the healthcare sector

Comprehensive digitization of the healthcare sector can standardize and accelerate processes, thereby increasing efficiency and reducing costs. This frees up resources for better patient care. With an electronic patient file or electronic patient dossier, patients have all their health information at their fingertips in one central location. This allows documents to be easily exchanged between primary care physicians, specialists and clinics. With QES, such a process can be used to submit wills online in a legally secure and efficient manner.

The industry experts at Swisscom Trust Services analyze the need for QES in the healthcare sector, the problems and the previous processes of interested parties in detail before preparing an offer. Depending on the use case, this can consist of the integration of a standardized partner solution or a development specifically tailored to the use case.

Junge Frau Arbeitet Am Laptop Und Liest Ein Dokument.

Signature on employee leasing contracts

Due to the current shortage of skilled workers, many industries are currently in the so-called “war of talents”. In this context, the time factor must not be neglected. Companies are constantly running the risk of an applicant receiving a better offer while the employment contract is on its way by mail. Although the submission of application documents and the interview already take place online, the complete digital onboarding of a new employee often fails due to the manual signature on the employment contract. This can be mapped digitally with the use of QES. Especially in the employee leasing market, the legislator in Germany requires a qualified signature on the employee leasing contract.

The industry experts at Swisscom Trust Services analyze the needs for their HR department, the problems and the previous processes of interested parties in detail before preparing an offer. Depending on the use case, this can consist of the integration of a standardized partner solution or a development specifically tailored to the use case.

This is how the signature with a QES works

With this step-by-step guide, we explain how you can successfully sign a digital document with a qualified electronic signature.

Step 1: Selecting the signature application from our partners with integrated signing service

Depending on your specific use case or the legal significance of the digital document you need to sign, select a suitable signature application from our partners. These applications have successfully integrated the Signing Service of Swisscom Trust Services, so that you can use them to sign documents electronically in a qualified manner. You can find a selection of partner applications here: Partner Overview.

Step 2: One-time identification and registration for QES.

According to the legal requirements (EU Regulation eIDAS or Swiss Federal Law ZertES), a person must be identified and registered once in order to be subsequently enabled for QES. To use the QES in the signature application you have selected, you will be identified via the integrated Smart Registration Service with your favoring identification method for the QES. During the identification process your identity will be paired with your cell phone number and used 2 factor authentication (e.g. Mobile ID or password/SMS code method). For the completion of the identification and registration to the QES you will automatically receive an SMS with a link to the terms of use of the Signing Service. You can only use the QES in the signature application once you have accepted and confirmed these.

Step 3: Upload document and invite signature

Now upload the document to the signature application. In some of our partners’ applications, you have the option of starting a signature workflow in which you can invite other signing persons to sign. Often, you can also visually place your signature on the document before starting the signature process.

Step 4: Submitting the declaration of intent through 2-factor authentication

After starting the signature process in the application, you will receive request for signature on your cell phone. To digitally express your will, you confirm your QES with your 2-factor authentication that you stored in the identification process (Step 2).

Step 5: Creation of the signature

Your authentication means that the document is signed with a QES in the signature application and can then be downloaded or forwarded by you.

The encryption of a QES?

The technical basis for the electronic signature is a public-private infrastructure (PKI). To create an electronic signature, a cryptographic algorithm is used in the PKI to generate a key pair with two keys for the person signing, which have a specific length in the encoding. One of the keys is public and the other is private. In addition, this key pair must be uniquely assigned to the signing person in order to generate the electronic signature. During the signature process in a partner application, Swisscom Trust Services, as a provider of trust services, combines the private and public keys of the person and generates a qualified electronic certificate and time stamp for it. These are applied to the digital document with the signature.

The importance of encryption

The technical encryption of an electronic signature enables the integrity of the document and authenticity of a person on the digital document to be guaranteed. In other words, once an electronic signature has been applied, the document can be checked for authenticity and can no longer be changed. The electronic signature can also be used to verify the unique identity of the signer afterwards.

Are you
interested?

Get in contact with an expert

Zoom