Qualified Electronic Signature (FEQ/QES): what it is and when to use it

Among the different types of electronic signatures recognized in Europe, the Qualified Electronic Signature, or QES, is the one that guarantees the highest level of security.

This type of signature is based on a qualified signature certificate issued by a Trust Service Provider, or qualified trust service provider, accredited by the competent national authority, which in Italy is AgID (Agenzia per l’Italia Digitale – Agency for Digital Italy).

What is the Qualified Electronic Signature?

The Qualified Electronic Signature (QES) is a particular type of electronic signature that guarantees authenticity, integrity, and non-repudiation of electronic documents.

Defined by the eIDAS Regulation (electronic IDentification, Authentication and trust Services), the QES is fully equivalent to a handwritten signature affixed in person, and it is the type of electronic signature that offers the highest level of security.

Unlike other electronic signatures, the qualified signature is based on a qualified certificate that must be issued by an authorized trust service provider and supervised by the competent authorities (in Italy, AgID).

The regulatory framework: eIDAS and CAD

The use and validity of electronic signatures in Italy are regulated by two legal instruments: the European eIDAS Regulation (EU Regulation No. 910/2014) and the Digital Administration Code, or Legislative Decree of March 7, 2005, No. 82, which is a national law.

The European regulation defines the QES and recognizes its legal value at the European level: according to eIDAS, the QES, or qualified electronic signature, is an electronic signature based on a qualified certificate that must be created through a secure device controlled exclusively by the signatory.

The CAD translates the provisions of eIDAS into the Italian context and introduces specific security and identification requirements. The CAD also defines the digital signature as a particular type of QES that uses qualified certificates and a cryptographic key system (one public and one private) to ensure the authenticity and integrity of documents. The digital signature is therefore a specific type of Qualified Electronic Signature that exists only in Italy but whose validity is recognized throughout Europe.

Electronic signature and digital (qualified) signature: the differences

The eIDAS Regulation recognizes three types of electronic signatures: the simple electronic signature, the Advanced Electronic Signature (AES), and the Qualified Electronic Signature (QES), a category that, as we have seen, also includes the Italian digital signature.

According to the eIDAS definition, an electronic signature consists of a set of “data in electronic form which are attached to or logically associated with other electronic data and which are used by the signatory to sign.” The simplest types of signatures, those that are neither advanced nor qualified, include signatures confirmed via email or SMS and those made with a stylus on a tablet.

Another type of electronic signature is the AES, which offers a higher level of security because it meets several additional requirements: it requires, for example, identification of the signatory and the exclusive control of the latter over the signature generation system.

The QES, finally, is the type of signature that guarantees the highest level of security. The fundamental difference with the other types of signatures, as mentioned earlier, lies in the fact that the QES is based on a qualified certificate issued by an accredited authority.

Legal validity of electronic signature, AES, and QES

The different electronic signatures are essentially distinguished by the different level of security they can guarantee, a characteristic that determines their legal validity:

• For the simple electronic signature, according to eIDAS, legal effects and admissibility as evidence in legal proceedings cannot be denied. However, under the CAD, its probative value is freely evaluated by the judge. Its suitability to produce the effects of a handwritten signature must therefore be established case by case by the court;

• The Advanced Electronic Signature (AES) can have the value of a handwritten signature, as it electronically identifies the author of the signature and gives the document the value of a private writing. It can be used in contracts and deeds listed in Article 1350 of the Civil Code, paragraph 13 (that is, all deeds to be made in writing that do not concern property or real estate income);

• The Qualified Electronic Signature (QES) and the digital signature guarantee the highest level of security and have full legal validity. They are the only signatures that can be used in all official contexts, including acts relating to real estate, as specified in the CAD. Using a QES, in fact, ensures the principle of non-repudiation of documents.

Characteristics of the Qualified Electronic Signature or QES

The security and reliability of the qualified signature essentially depend on its technical characteristics. If the QES guarantees that the signed document is authentic, intact, and unalterable, it is because it has the following features:

• Identification of the signatory: the QES can be issued only after identity verification carried out with “strong” methods, that is, in person, via webcam, or digital identity verification (SPID);

• Secure signature device: often, QES requires the use of a physical device, such as a smart card or USB token. In many cases, the secure device consists of a proprietary app to be downloaded on one’s smartphone;

• Asymmetric encryption: the digital signature is based on an asymmetric cryptographic key system (a private key for the signatory and a public one for the recipient);

• Signature certificate: the QES differs from other electronic signatures mainly because it is based on a qualified certificate issued by an authority accredited by AgID, that is, by a certified Trust Service Provider that can guarantee the authenticity of the signature.

For these reasons, the QES is the most widely used signature for signing important documents such as commercial contracts, legal documents, and documents related to public tenders and real estate transactions.

When to use the Qualified Electronic Signature?

As we have seen, the Qualified Electronic Signature is the one that guarantees the maximum level of security in terms of authenticity and immutability of the document, allowing it to give full legal validity to any electronic document.

According to the Digital Administration Code, this type of signature (QES or digital signature) must be used exclusively for all “private writings referred to in Article 1350, first paragraph, numbers 1 to 12, of the Civil Code,” that is, all deeds that transfer or modify rights on real estate or land, under penalty of nullity of the act.

However, the QES remains the safest choice for all contexts where it is necessary to give a document the highest legal validity — for example, when signing a mortgage or an insurance policy, in official communications with the Public Administration, and in particularly important contracts such as employment contracts and all those involving money transfers.

On Openapi, the Qualified Electronic Signature is available via API and allows you to sign documents automatically, individually or in bulk, directly from the server. The service is flexible: it supports individual or batch signatures, different formats (CAdES, PAdES, XAdES, PKCS#1) and synchronous or asynchronous validation modes. All in full compliance with European regulations.