Qualified eSignature

A secure qualified digital signature that will enable all citizens across Europe to sign documents and declarations remotely.

The context

A qualified electronic signature (QES) is an advanced electronic signature created by a qualified signature creation device and based on a qualified certificate for electronic signatures. It can be used in various situations: when signing an employment contract, when opening a bank account online (UC2), when declaring his taxes or applying for a birth certificate… They hold the same legal standing as handwritten signatures. In POTENTIAL, as it is our fifth use case, 13 Member States are involved, focusing on QES integration with remote signing services and Qualified Trust Service Provider (QTSP) functions.

The benefits

Once onboarded to a European Digital Identity Wallet, users can sign with qualified electronic signatures by default and free of charge, without additional administrative procedures. Qualified electronic signing has numerous advantages, contributing to an improved overall experience for both governments, companies and citizens:

• Efficiency: signing contracts with just the wallet, creating a secure digital signature for any document.
• Cost Savings: eliminating printing, faxing, mailing, copying, scanning, and filing, thus saving time and reducing operational costs.
• Security: enhancing the security of processes by reducing risks of loss, destruction, and incompleteness.
• Convenience: improving the ease of searching, editing, and sharing documents, eliminating the need for physical storage.

Work in progress

Several existing national wallets already support QES. Some Member States have also national eID smart cards capable of QES. While there are differences in national protocols and preferred approaches, a significant amount of commonality exists, such as the interest in remote signing services. Two main scenarios are being discussed for implementation, in preparation for the cross-border tests at the beginning of next year:

• The wallet-driven qualified e-signature: where the relying party sends the document to be signed using an RP-EUDIW interface. The EUDIW handles the presentation of the Data To Be Signed (DTBS) and authorizes signature-creation at the trust service provider.
• The controlled signature data communication by the relying party: In a QTSP-driven signature model, the signing data, either the document itself or the hash to be signed, is communicated through an RP-QTSP interface. The wallet’s role is to authorize the signing operation and provide necessary security measures.