What Is a Qualified Electronic Signature?
When researching electronic signatures for your business, you’ve probably encountered terms like “qualified,” “advanced,” and “simple” electronic signatures. Perhaps your legal team mentioned that certain documents require a “qualified electronic signature,” or you discovered that government filings in France mandate QES compliance.
The terminology can be confusing, but understanding what makes a signature “qualified” is crucial—especially if you operate in Europe. A qualified electronic signature isn’t just another type of digital signature; it’s the only electronic signature level that carries the same legal weight as a handwritten signature across all EU member states.
This guide explains what qualified electronic signatures are, how they differ from other e-signature types, and when you actually need one for your business.
What Is a Qualified Electronic Signature? The Definition
A Qualified Electronic Signature (QES) is the highest level of electronic signature defined under the European Union’s eIDAS Regulation. It’s an advanced electronic signature that meets additional strict requirements regarding signature creation devices and certificates.
According to Article 3(12) of eIDAS, a qualified electronic signature is:
“An advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.”
In simpler terms, a QES requires three critical components:
The Three Requirements for Qualified Status
1. Advanced Electronic Signature Foundation
The signature must first meet all requirements of an advanced electronic signature, meaning it must be:
- Uniquely linked to the signatory – No one else can create this exact signature
- Capable of identifying the signatory – The signature reveals who signed
- Created using data under sole control of the signatory – Only the signer can generate it
- Linked to signed data – Any modification to the document after signing is detectable
2. Qualified Certificate
The signature must be based on a qualified certificate issued by a Qualified Trust Service Provider (QTSP)—a certified organization that has undergone conformity assessment and is supervised by national regulatory authorities.
The certificate contains verified information about the signer’s identity and is issued only after rigorous identity verification procedures.
3. Qualified Signature Creation Device (QSCD)
The signature must be created using a QSCD—specialized hardware or software that meets stringent security requirements to protect the signer’s private cryptographic keys from compromise, duplication, or unauthorized use.
Key Distinction: What separates QES from other signature types isn’t just stronger security—it’s the combination of certified trust service providers, verified identity, and protected signature creation that together provide the highest level of legal certainty available for electronic transactions.
How QES Differs from Other Electronic Signature Types
Many people are confused about the differences between electronic signature types. eIDAS establishes three distinct levels, each with different technical requirements and legal effects.
The Three Levels Explained
Simple Electronic Signature (SES)
What it is: Any electronic indication of acceptance or agreement.
Examples:
- Typing your name at the end of an email
- Clicking an “I agree” checkbox on a website
- Using a scanned image of your handwritten signature
- Accepting via SMS one-time password (OTP)
Legal effect: Legally recognized but carries minimal evidentiary weight in disputes. Easy to challenge authenticity since identity verification is weak or absent.
Best for: Low-risk internal documents, routine approvals, informal agreements.
Advanced Electronic Signature (AES)
What it is: An electronic signature that meets the four requirements listed earlier—uniquely linked to the signer, capable of identification, under sole control, and tamper-evident.
Technical implementation: Typically uses Public Key Infrastructure (PKI) with digital certificates. Creates a unique cryptographic signature for each document.
Legal effect: Legally recognized with stronger evidentiary weight than SES, but not automatically equivalent to handwritten signatures. Courts may require additional evidence to prove authenticity.
Best for: Standard business contracts, vendor agreements, medium-stakes transactions.
Qualified Electronic Signature (QES)
What it is: An advanced signature enhanced with qualified certificates and certified signature creation devices.
Technical implementation: Uses qualified certificates from supervised QTSPs, employs QSCDs meeting Common Criteria EAL 4+ standards, and includes rigorous identity verification (often in-person or via video identification with ID document verification).
Legal effect: Equivalent to handwritten signatures (Article 25.2 eIDAS). Cannot be denied legal validity solely for being electronic. Carries maximum evidentiary weight. Mandatory cross-border recognition throughout the EU.
Best for: High-value contracts, real estate transactions, notarial acts, government filings, documents requiring maximum legal certainty.
Side-by-Side Comparison
| Feature | SES | AES | QES |
|---|---|---|---|
| Identity Verification | None or minimal | Moderate | Rigorous (ID verification) |
| Tamper Detection | No | Yes | Yes |
| Qualified Certificate | No | No | Yes (required) |
| QSCD Required | No | No | Yes (required) |
| Legal Equivalence to Handwritten | No | No | Yes |
| Cross-Border Recognition (EU) | Discretionary | Discretionary | Mandatory |
| Typical Cost | Free – €1 | €2 – €5 | €5 – €15 |
Analogy: Think of signature levels like locks on a door. SES is like a basic doorknob—easy to use but minimal security. AES is like a standard deadbolt—much better protection with a proper key. QES is like a bank vault door with biometric authentication, surveillance, and armed guards—the highest security with certified protection mechanisms.
The Legal Power of Qualified Electronic Signatures
What makes QES particularly valuable is its unique legal status under European law.
Legal Equivalence: Article 25.2 eIDAS
The most powerful provision in eIDAS states:
“A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.”
This means:
- Automatic acceptance – A QES cannot be rejected solely because it’s electronic
- Burden of proof shifts – If someone challenges your QES, they must prove it’s invalid (not you proving it’s valid)
- Maximum evidentiary weight – Courts treat QES with the same presumption of authenticity as handwritten signatures
- Cross-border validity – A QES created in Belgium must be recognized as legally valid in Spain, Germany, France, and all other EU member states
Mandatory Cross-Border Recognition
Unlike SES and AES, where courts have discretion in how they evaluate the signature, QES recognition is mandatory throughout the European Union. This is transformative for businesses operating across borders.
Real-World Scenario: Cross-Border Employment Contract
Sophie’s Challenge: Sophie is an HR manager for a Belgian software company hiring a senior developer in Portugal. The employment contract needs to be legally binding in both countries.
With SES/AES: Portuguese courts might question the signature’s validity, requiring Sophie to provide additional evidence of authenticity. The developer might challenge the contract claiming they never signed it.
With QES: Both Belgian and Portuguese law must recognize the signature as equivalent to handwritten. The contract is automatically enforceable in both jurisdictions. If the developer later challenges the signature, they must prove it’s fraudulent—not Sophie proving it’s genuine.
Outcome: QES provides legal certainty and reduces risk in cross-border employment relationships.
How QES Actually Works: The Technical Process Simplified
While the technical details are complex, the actual process of creating a QES is straightforward for users.
Behind the Scenes: What Happens When You Sign
Step 1: Identity Verification
Before you can create your first QES, the Qualified Trust Service Provider must verify your identity. This typically involves:
- ID document verification – Scanning your passport or national ID card
- Facial recognition – Matching your face to the photo on your ID
- Liveness detection – Proving you’re a real person, not a photo or video
- Video identification – In some cases, a video call with a verification agent
Step 2: Certificate Issuance
Once your identity is verified, the QTSP issues a qualified certificate containing:
- Your verified identity information (name, sometimes date of birth)
- The certificate’s validity period
- A unique serial number
- The QTSP’s digital signature
- Your public cryptographic key
Step 3: Signature Creation Device Setup
Your private cryptographic key is stored securely in a QSCD. This might be:
- A mobile app with secure key storage
- A cloud-based Hardware Security Module (HSM)
- A physical USB token or smart card
Step 4: Document Signing
When you sign a document:
- The document is cryptographically hashed (creating a unique “fingerprint”)
- Your private key encrypts this hash
- Your qualified certificate is attached to the document
- The result is a digitally signed document that’s tamper-evident
Step 5: Verification
Anyone can verify your QES by:
- Checking that your certificate is valid and issued by a QTSP
- Verifying the QTSP appears on the EU Trusted List
- Confirming the document hasn’t been modified since signing
- Validating the cryptographic signature matches your certificate
User Experience: Despite the complex cryptography, creating a QES takes just 2-5 minutes. You receive a document via email, authenticate your identity (often with a mobile app or video verification), and the signature is applied. Most users find it faster than printing, signing, scanning, and emailing documents.
Three Ways to Create Qualified Electronic Signatures
If you’re looking to implement QES for your business, you’ll encounter different methods depending on your geographic needs and preferences. Solutions like QES-Sign offer access to multiple qualified signature methods, each with distinct coverage and requirements.
Method 1: itsme® (Belgium and 23 European Countries)
Coverage: 24 European countries including Belgium, Netherlands, France, Germany, Spain, and the United Kingdom.
App requirement: Yes – requires downloading the itsme mobile app (iOS/Android).
Setup: One-time identity verification using NFC technology to read your ID card or passport, plus facial recognition.
Best for: Businesses in the Benelux region and Western Europe, users who value convenience for recurring signatures.
Method 2: Evrotrust (58 Countries Including EU and Balkans)
Coverage: 58 countries spanning Europe, including Eastern European nations like Bulgaria, Romania, Serbia, plus countries like Turkey, Israel, United States, and Canada.
App requirement: Yes – requires the Evrotrust mobile app.
Setup: Remote identity verification via automated app process with ID document verification, facial recognition, and liveness checks validated by AI and expert review.
Best for: Companies with operations across broader Europe, especially Eastern Europe and the Balkans.
Method 3: Adacom (68 Countries – Widest Global Coverage)
Coverage: 68 countries across six continents, including all EU members plus major markets like United States, China, Japan, Brazil, India, South Korea, United Arab Emirates, and Singapore.
App requirement: No – identity verification happens directly during the signature process.
Setup: No pre-registration required. Remote identity verification via automated video (available 24/7) or video conference with a representative, using your ID card or passport.
Best for: Global businesses, international transactions, anyone who prefers immediate signing without downloading apps.
Quick Comparison
| Feature | itsme® | Evrotrust | Adacom |
|---|---|---|---|
| Country Coverage | 24 | 58 | 68 |
| App Required | Yes | Yes | No |
| Pre-Registration | Yes | Yes | No |
| Best For | Benelux users | EU + international | Global businesses |
When Do You Actually Need a Qualified Electronic Signature?
Not every document requires QES. Understanding when qualified signatures are necessary—versus when simpler signature types suffice—helps you balance security, cost, and convenience.
Mandatory QES Use Cases
Some regulations explicitly require qualified electronic signatures:
1. French INPI Registrations
France’s Institut National de la Propriété Industrielle (INPI) requires QES for company registrations, modifications, and dissolutions. Simple or advanced signatures are not accepted.
2. Certain Notarial Acts
Some European countries mandate QES for remote notarization and specific notarial documents.
3. Public Procurement (Country-Specific)
Various EU member states require QES for submitting bids in public tenders above certain thresholds.
4. Medical Prescriptions (Select Countries)
Electronic prescriptions in some jurisdictions require qualified signatures from healthcare professionals.
Recommended QES Use Cases
Even when not legally mandated, QES provides maximum legal certainty for:
- High-value contracts – Agreements above €100,000 where disputes could be costly
- Cross-border transactions – Any contract involving parties in multiple EU countries
- Real estate transactions – Property purchases, leases, and deeds
- Employment contracts (executive level) – C-suite and senior management agreements
- Intellectual property agreements – Licensing, transfers, and assignments
- Shareholder agreements – Company formation, capital increases, major corporate decisions
- Long-term commitments – Multi-year agreements where proving authenticity years later may be critical
When SES or AES Is Sufficient
For many everyday business documents, simpler signature types work well:
- Internal approvals – Vacation requests, expense reports, internal memos
- Low-value contracts – Standard vendor agreements below €10,000
- Routine correspondence – NDAs, routine amendments, acknowledgments
- Marketing consents – Newsletter sign-ups, cookie acceptances
Decision Framework: Which Signature Level?
Choose QES when:
- Regulatory requirements mandate it
- Contract value exceeds your company’s risk threshold
- Cross-border enforceability is important
- You need maximum protection against repudiation
- The document will be used as evidence in potential litigation
Choose AES when:
- Standard business contracts with moderate value
- Stronger security than SES but QES is overkill
- You want tamper-evidence and identity verification
Choose SES when:
- Low-risk internal documents
- Speed and convenience are priorities
- Cost must be minimized
Key Takeaways
- QES is the only signature level legally equivalent to handwritten signatures: Under eIDAS Article 25.2, qualified electronic signatures cannot be denied legal effect solely for being electronic and carry the same legal weight as traditional ink signatures throughout the European Union.
- Three requirements define qualified status: A signature achieves qualified status only when it combines an advanced electronic signature foundation with a qualified certificate from a supervised QTSP and creation via a certified QSCD meeting stringent security standards.
- Mandatory cross-border recognition provides legal certainty: Unlike SES and AES, QES must be recognized as legally valid in all EU member states, making it essential for businesses operating internationally or seeking maximum enforceability.
- Not every document needs QES: While QES offers the highest security and legal effect, simple or advanced signatures suffice for routine business documents. Reserve QES for high-value contracts, regulatory requirements, and situations demanding maximum legal certainty.
- Multiple methods accommodate different needs: Qualified signatures can be created through various certified methods with different geographic coverage and user experiences, allowing businesses to choose solutions matching their operational requirements and user preferences.
Frequently Asked Questions
Yes. Under eIDAS Regulation Article 25.2, a qualified electronic signature is legally equivalent to a handwritten signature throughout the EU. It cannot be denied legal validity solely because it’s in electronic form, and it carries maximum evidentiary weight in legal proceedings.
QES costs typically range from €5 to €15 per signature depending on the provider and method. Pay-per-use solutions like QES-Sign start at €5 per signature with no subscription requirements, making QES accessible even for occasional signers.
No special software installation is required. Most modern QES solutions work through web browsers and mobile apps. Depending on the method, you may need to download a mobile app for identity verification (itsme, Evrotrust) or can sign directly through web-based video verification (Adacom).
Yes. While eIDAS is an EU regulation, QES methods are available to citizens and residents of many non-EU countries. For example, Adacom supports 68 countries including the United States, Canada, Australia, Japan, and many others. Check with your provider for specific country availability.
The first-time setup (identity verification) typically takes 5-10 minutes depending on the method. Once verified, subsequent signatures take just 2-3 minutes—faster than printing, manually signing, scanning, and emailing documents.
A qualified certificate is one component of QES. The certificate proves your identity, but QES also requires that the signature be created using a qualified signature creation device and meet all advanced signature requirements. You need all three components together to create a true qualified electronic signature.
The qualified certificate used to create the signature has an expiration date (typically 1-3 years). However, signatures created before the certificate expires remain valid indefinitely. You’ll need to renew your certificate to create new signatures after expiration, but previously signed documents maintain their legal validity.
Conclusion: Making Qualified Signatures Work for Your Business
Qualified electronic signatures represent the highest standard of electronic signing under European law, offering legal equivalence to handwritten signatures and mandatory cross-border recognition throughout the EU. While not every document requires this level of security, understanding when and how to use QES gives your business maximum legal certainty for high-stakes transactions.
The key is matching signature level to business risk. Reserve QES for high-value contracts, regulatory requirements, and cross-border agreements where legal enforceability is critical. For routine documents, simpler signature types often suffice.
As digital transformation continues accelerating across Europe, qualified electronic signatures are becoming standard practice for organizations that prioritize legal compliance, operational efficiency, and risk management. The technology is mature, the legal framework is clear, and implementation has never been more straightforward.
Start Creating Qualified Electronic Signatures Today
QES-Sign provides access to three certified qualified signature methods (itsme®, Evrotrust, Adacom) covering 68 countries worldwide. Create eIDAS-compliant qualified signatures from €5 per signature—no subscription required, no commitment.