Imagine this: You only have a few hours left to conclude an important contract, but the law requires it to be in writing. The contractual partner is hundreds of kilometers away and the usual postal service is not an option. In an increasingly digitalized world, in which contracts are increasingly concluded online, the qualified electronic signature (QES) is the solution for legally compliant and fast action. It makes it possible to sign contracts in a legally valid manner and without being physically present - an indispensable tool for companies and private individuals in the digital age.
The qualified electronic signature (QES) is a signature option that allows contracts and documents to be signed digitally and in a legally secure manner. Among the various types of electronic signatures, the QES is the most secure and legally binding variant. It comes closest to a handwritten signature and meets the strictest legal requirements. The QES ensures that the signature is clearly assigned to a specific person and protects against subsequent changes to the document. This means that it is legally equivalent to a handwritten signature and is used for contracts with high liability or legally required written form. Its security standards offer maximum probative value in the event of legal disputes.
In comparison, the simple electronic signature (EES) does not offer secure identification of the signatory and is therefore more commonly used for documents without special formal requirements. Although the advanced electronic signature (FES) offers a certain level of security through two-factor authentication, it does not meet the strict legal requirements of the QES. While the EES and FES can be sufficient in certain situations, the QES is particularly needed when maximum legal certainty and probative value are required - for example, for contracts that require the written form.
The exact requirements that the various signature types must meet are regulated in Europe by the eIDAS Regulation.
The eIDAS Regulation (electronic Identification, Authentication and Trust Services) regulates the legal framework for electronic signatures and trust services within the European Union. It sets out clear criteria as to when an electronic signature is considered a qualified electronic signature (QES).
According to the eIDAS Regulation, a QES must fulfill several strict requirements:
The eIDAS Regulation aims to strengthen trust in electronic transactions and create a common basis for secure digital interaction in the EU. A central component of the QES is the qualified certificate, which is issued by a recognized trust service provider (QTSP). These providers are accredited by the state and ensure that the identity of the signatories is verified and the security of the signatures is guaranteed.
The qualified electronic signature (QES) process follows clear steps that guarantee both security and integrity:
The recipient decrypts the hash value using the public key contained in the qualified certificate. The recipient then creates a new hash value from the received document and compares it with the decrypted hash value. If both values match, the document is unchanged and the signature is authentic.
If the card is lost or stolen, the cardholder can have it blocked immediately to prevent unauthorized persons from acting in a legally binding manner on behalf of the cardholder. Blocking is crucial, as every electronic signature generated with the card is legally assigned to the holder. Certification service providers are legally obliged to revoke the certificate immediately if this is requested by the cardholder or an authorized representative. The revocation of the qualified signature card is therefore an important security mechanism to prevent misuse.
Both options are secure, with the cloud solution offering flexibility above all and the signature card scoring points for physical security.
The hash value plays a central role in the security of the qualified electronic signature (QES), as it indicates whether a document has been subsequently changed. Without this function, the integrity of the signature would be seriously compromised.
A hash function is a mathematical algorithm that generates a unique numerical value from any data (e.g. a document) - the so-called hash value. This value serves as a digital fingerprint of the document. Even the smallest change to the document results in a completely different hash value. This is crucial for the security and integrity of digital signatures, as the hash value is used to verify that the document has remained unchanged after signing.
With the qualified electronic signature (QES), the hash value of the document is encrypted with the signatory's private key and thus forms the signature. The recipient can decrypt the hash value with the respective public key and compare it with the hash value of the received document. If both match, the signature is valid and the document is unchanged. This ensures the integrity and authenticity of the digital signature.
A hash function has several important properties:
These properties make the hash function an indispensable component of digital signatures, as it verifies whether a document has remained unchanged after signing.
A qualified certificate is a digital document that confirms the identity of the signatory and guarantees the security of the signature. It is issued by a qualified trust service provider (QTSP) who has previously verified the identity of the signatory. This certificate contains the public key of the person in question, which is used to verify the signature.
The qualified certificate is the central component of the QES, as it ensures that the signature is clearly assigned to a person and is legally binding. In order to obtain such a certificate, the signatory must identify themselves once to a QTSP, e.g. using the video identification procedure. Thanks to these strict verification processes, the QES is the most secure form of electronic signature that is recognized as legally binding in all EU countries.
A qualified trust service provider (QTSP) is a provider that operates in accordance with the strict requirements of the eIDAS Regulation and provides trusted services such as qualified electronic signatures (QES). QTSPs play a central role in the security and binding nature of digital transactions by verifying the identity of the signatory and ensuring that signatures cannot be tampered with.
With these functions, QTSPs guarantee the security, authenticity and legal validity of the QES.
The Qualified Electronic Signature (QES) meets strict requirements and is therefore not necessary for every contract. However, the QES can be recommended for the following types of contract:
In summary, the qualified electronic signature (QES) is the most secure form of digital signature, as it is subject to strict security and identity checks. It guarantees maximum integrity and legal validity, which makes it ideal for contracts with a legally required written form or a high liability risk. However, the creation of a QES is also more complex and time-consuming due to the required registration process and elaborate identity checks. It is therefore particularly useful for important contracts where maximum security and legal recognition are essential.
At ContractHero, we offer both the advanced electronic signature (FES) for contracts with less stringent regulations and the qualified electronic signature (QES) for particularly security-relevant documents. As an ISO 27001 and eIDAS-compliant company, we attach great importance to the security of your data. Contracts can be created directly with us, sent for signature and managed securely in ContractHero after signing - efficient, legally binding and easy to use.
You may also be interested in...
Contract automation: How modern technologies are revolutionizing the process
Recognizing and avoiding contractual risks: What to look out for?
Drawing up a contract: Challenges & solutions