Electronic signatures of different levels

The different levels of electronic signatures are defined in the eIDAS Regulation (EU) No 910/2014.

The signatures are divided into three different levels as follows, from the lowest to the highest level:

electronic signature
advanced electronic signature
qualified electronic signature.

The higher the level of the signature, the more secure the implementations it is based on and the better it is possible to verify the identity of the signatory.

Electronic signature

Electronic signature is information in electronic form, used by the signatory for signing.

For example, the name written at the end of an email can be called an electronic signature. However, it is not possible to link the signature indisputably to the right person and prove its authenticity in such cases.

Advanced electronic signature

Advanced electronic signature is an electronic signature uniquely linked to the signatory.

An advanced electronic signature verifies

the information content of an electronic document
the identity of the signatory.

If the information content of an electronic document is modified after it has been signed, the previous signature will no longer match the signed content. This means that if the information has been modified or forged afterwards, it can be detected.

A signature created with a mobile certificate or online banking codes is an example of an advanced electronic signature.

Qualified electronic signature

A qualified electronic signature is an advanced electronic signature that has been created with

an eIDAS qualified certificate
a creation device (for example, the card chip) that is an eIDAS qualified electronic signature creation device (QSCD).

A qualified electronic signature verifies the data content of the document and the identity of the signatory in the same way as the advanced electronic signature described above. In addition, the devices used to create electronic signatures are regulated, supervised and assessed more thoroughly. They can only be issued by service providers that have been assessed and qualified by a conformity assessment body accredited by the EU.

Signatures created using the signing certificates in the following certificate cards of the Digital and Population Data Services Agency are qualified electronic signatures:

organisation card (cards issued as from 19 December 2019)
personal identity card (cards issued as from 11 January 2021)

A qualified electronic signature is legally binding and indisputable in the whole European Union. Under the eIDAS Regulation, the legal effects of a qualified electronic signature must be the same as those of a handwritten signature. Qualified electronic signature creation devices (QSCD) are technically very secure as they are protected against external attacks.

The eIDAS Regulation does not take a stand on what level of signature is required in each situation. The Regulation recognises a qualified electronic signature as equivalent to a handwritten signature. However, at the same time is states that other electronic signatures can also be valid for signing documents and the signed documentation can be used as evidence in legal proceedings. Electronic signatures become established through practice and legislation especially in situations in which documentation must be signed.

Different states may impose different requirements for electronic signatures in their national legislation. By using a qualified electronic signature, you can be sure that the signature will be accepted in the whole European Union. Especially when using services in central and southern Europe, signatures of a specific form may be required.

Freedom of contract and form prevail in Finland and the other Nordic countries. It means that the signature can be created in a free format by expressing one’s will in one way or another. This can be done by using online banking codes or mobile identifiers, among other things. For example, a citizens’ initiative can be signed not only with the signing certificate in the certificate card of the Digital and Population Data Agency but also with online banking codes or a mobile certificate. The latter two are devices at the level of the advanced electronic signature.

Electronic signatures are not accepted in some legal acts, at least not as yet. Such legal acts include certain documents related to the distribution of inheritance and the documents that are drawn up and signed in conjunction with a property transfer and certified by an attesting notary. They are required on paper, and the attesting notary must also check the identity of the parties involved.

If necessary, you should verify the format of the required signature from the organisation whose services you are using.

The objective of electronic trust services is to ensure the secure use of electronic services. Provisions on electronic trust services are laid down in the EU's eIDAS Regulation. The following trust services are supervised on the basis of the eIDAS Regulation:

certificates, validation and preservation of electronic signatures
certificates, validation or preservation of electronic seals
electronic time stamps
electronic registered delivery services
certificates for website authentication.

In Finland, electronic trust services are supervised by Traficom's National Cyber Security Centre Finland.

Information on the regulation and supervision of electronic trust services on Traficom’s website

Information on trust services on the European Commission’s website

Electronic signatures of different levels

Electronic signature

Advanced electronic signature

Qualified electronic signature

What is the required level of signature?

Regulation and supervision of trust services