Are there different types of electronic signatures?
Yes. According to eIDAS, there are three recognised types of electronic signatures, each offering different levels of assurance and security:
- Simple Electronic Signature (SES)
The least advanced type, this might be something like an ‘I Accept’ button on a desktop browser. While easy to use, it doesn’t guarantee that your signature is linked to you, and it’s not tamper-proof. - Advanced Electronic Signature (AES)
This signature adds another layer of security by identifying each unique signatory and detecting any changes to the document or data. Often using cryptographic keys, this could be something like BankID, which is used in Sweden or Signaturit, which is used in Spain. Advanced signatures have great technical standards and quality, but they are not subject to rigorous requirements in reliability, trustworthiness or assurance. - Qualified Electronic Signature (QES)
This type of signature features all of the security features of an advanced electronic signature, but additionally, it uses a qualified certificate and multifactor verification to identify the signatory. It is the only signature explicitly recognized as the legal equivalent of a handwritten signature across all EU member states. A QES has third party assurance, requiring auditing and standardised methods that requires the highest levels of security and trust protocols. ZealiD is a Qualified Electronic Signature!
Details and differences of each signature type:
Why should I use a Qualified Electronic Signature?
To help determine which electronic signature suits your needs, consider these four key elements:
- Authenticity - Does the signature need to be unique to the signatory?
- Identity – Does the signature require guaranteed identity verification?
- Integrity - Should the signature be able to detect any subsequent data changes?
- Authentication - Is the signatory in complete control of the signing?
If the answer is yes to all of the above, a Qualified Electronic Signature (QES) is the solution. And even if it isn’t, a QES is still the most secure method and represents the highest level signature solution in a digital environment and can even be considered safer than a handwritten signature. The reverse burden of proof, the ability to validate the signature and the guaranteed verification of identity all offer added security advantages. The validation enables an individual to check when a document was signed and provides the cryptographic data to prove it. This is only possible with a QES, meaning it’s the safest form of signature available and the only one providing the legal effect of a handwritten signature.
A QES can only be issued by a Qualified Trust Service Provider (QTSP), which is supervised by a member state supervisory authority (e.g. Bundesnetzagentur in Germany) and included in nationalTrusted Lists. QTSPs are highly regulated and must pass every test of eIDAS compliance. ZealiD is a QTSP and Sweden’s first and only issuer of qualified certificates and signatures.
In addition, Qualified Electronic Signatures can only be created using a qualified signature creation device (QSCD) with specific software and hardware which ensure that:
- Only the signatory is in control of their key.
- The generated signature’s data is managed by a QTSP.
- The created signature data is confidential and protected from forgery.
Currently, very few providers can provide qualified signing in smartphones and instead require the use of an additional smart card or device. Through its unique infrastructure, ZealiD offers a smartphone solution that utilises specific hardware, software and certifications to keep certificates and keypairs on the server-side.
When are Qualified Electronic Signatures most commonly used?
All electronic signatures share some common advantages such as saving time, reducing paper and providing the ability to sign a document remotely. Below are some practical examples of when you might use a Qualified Electronic Signature (QES).
- Signing electronic contracts or documents that require a QES. This could be something like a consumer credit agreement, an employment contract or a tax declaration.
- Signing high risk/value documents. Even if a document doesn’t require the use of a QES by law, it’s highly recommended when dealing with documents such as digitized mortgages and loan securities, as this removes the risk of any contractual party challenging the electronic signature.
- Signing a document to confirm its origin. Signing documents within a company could be considered low-risk, however, for outgoing messages and documents, companies and organisations can use a QES to validate these, using the highest degree of security available. In this case, the QES provides peace of mind through its legal validity and the ability to guarantee the identity of the signer.
- Signing commercial proposals. Processes that require a lot of paperwork are often time-consuming, which means they are also costly, resource-heavy and create more room for human error. The use of a QES can improve the reliability of public procurement processes, and save time and money.
- Signing legal authorisation. Transferring the right to legally act on behalf of a signatory to another party can be useful in many situations. For example, a business may wish to provide an accountant with the mandate to transact on their behalf. Other such situations may be signing, opting in, or consenting to terms and conditions when becoming a new client at a bank.
- Signing confidential or legal documents. Documents of high import such as non-disclosure agreements, material transfer agreements, non-compete agreements and employment contracts should always be signed and sealed using a signature that can be fully validated. These contracts and documents could all end up being contested in a court of law, making a handwritten or qualified electronic signature the best choice to ensure non-repudiation.
