What is an eIDAS qualified electronic signature?
Let's recap what we said in the explanation of eIDAS advanced signatures. You need a pen, you need paper, and you need a signature.
- Firstly, in the electronic world, a natural person (let's call her Jane) needs a personal pen tied to her and only her real identity. It's Jane's pen.
- Secondly, only Jane shall be able to access this pen. Think of the pen locked away in a box that only Jane has the keys to.
- Thirdly, if the content of the paper is tampered with, Jane's signature needs to show this. So think of the signature covering the content on the paper so that by tampering with the content the signature will look different.
- Finally, if the content of the paper is modified, the signature will be invalidated to ensure that nobody will trust the signature by mistake.
Now, if we continue on Jane's example from the advanced e-signature explanation, what is then a qualified signature? Well, eIDAS sets an even higher security bar. So firstly, Jane's key to the box that we spoke about before must be protected according to the highest electronic security standards. So even higher protection than advanced. Secondly, only a publicly authorized actor, a so-called qualified trust service provider, is allowed to issue these pens so not anybody can do it. This is a very protected role, and this is to ensure even higher trust in society. Last but not least, once Jane has signed, the qualified signature has to be accepted by all EU member states. And that's not necessarily the case with advanced. So all member state courts and public authorities have to recognize it.
Using a qualified signature means that Jane's signature, for example, a pdf, can be validated by anyone using free, accessible software. And it is recognized to have the same legal effect as a wet ink signature.