What is the difference between qualified and non-qualified electronic signatures?

What is the difference between qualified and non-qualified electronic signatures?

March 16, 2022

An electronic signature is, in fact, a cryptographic process. The term refers to the fact that the signature is created using digital technology and also denotes a legal concept. We can make a distinction between qualified and non-qualified electronic signatures according to their security and trust levels.

Both non-qualified and qualified e-signatures are appropriate to clearly identify the person signing in the course of a transaction and can be linked to that individual only.

A qualified electronic signature, in addition, is generated on the basis of a qualified certificate issued by a Qualified Trust Service Provider (QTSP), which allows others to verify the authenticity of the signature. As part of the process, the identity of the signing person is verified in advance. Another important criterion for a qualified electronic signature is that it is created using a qualified signature creation device, offering higher guarantees regarding the protection of the electronic signature creation data (such as the private key).

Thanks to the strong prior validation, a qualified signature is considered equivalent to a traditional signature, and its authenticity is beyond doubt. According to eIDAS (Electronic Identification and Trust Services) regulation, a document authenticated with a qualified electronic signature is a document with full evidential value, by law, equivalent to the ones with hand-written signatures, all over the EU.

Non-qualified electronic signatures, however, are also commonly used in everyday life. The name can be a little misleading because it suggests that this type of signature is “not good enough”, but this is not the case. In practice, though, it is sufficient in many contexts, even if it has a lower level of security.

Universities are not Certification Authorities or QTSPs , and do not have the security systems or means required for the provision of qualified signatures, but they can issue various certificates to their members. Indeed, certificates that allow the usage of non-qualified electronic signatures are perfectly suitable to identify a person, and their use is entirely appropriate in many situations (e.g. submission of applications, inter-institutional agreements, etc.). In such cases, an additional verification step may be necessary to check the authenticity of the signature, and the use of a validation module, integrated with their information systems is strongly recommended.


Photo by Firmbee.com on Unsplash