Electronic signatures of different levels
The different levels of electronic signatures are defined in the eIDAS Regulation (EU) No 910/2014.
The signatures are divided into three different levels as follows, from the lowest to the highest level:
- electronic signature
- advanced electronic signature
- qualified electronic signature.
The higher the level of the signature, the more secure the implementations it is based on and the better it is possible to verify the identity of the signatory.
Electronic signature is information in electronic form, used by the signatory for signing.
For example, the name written at the end of an email can be called an electronic signature. However, it is not possible to link the signature indisputably to the right person and prove its authenticity in such cases.
Advanced electronic signature
Advanced electronic signature is an electronic signature uniquely linked to the signatory.
An advanced electronic signature verifies
- the information content of an electronic document
- the identity of the signatory.
If the information content of an electronic document is modified after it has been signed, the signature will no longer match the content of the document. This means that if the information has been modified or forged afterwards, it can be detected.
A signature created with a mobile certificate or online banking codes is an example of an advanced electronic signature.
Qualified electronic signature
A qualified electronic signature is an advanced electronic signature that has been created with
- an eIDAS qualified certificate
- a creation device (for example, the card chip) that is an eIDAS qualified electronic signature creation device (QSCD).
A qualified electronic signature verifies the data content of the document and the identity of the signatory in the same way as the advanced electronic signature described above. In addition, the devices used to create electronic signatures are regulated, supervised and assessed more thoroughly. They can only be issued by service providers that have been assessed and qualified by a conformity assessment body accredited by the EU.
Signatures created using the signing certificates in the following certificate cards of the Digital and Population Data Services Agency are qualified electronic signatures:
- organisation card (cards issued as from 19 December 2019)
- personal identity card (cards issued as from 11 January 2021)
A qualified electronic signature is legally binding and indisputable in the whole European Union. Under the eIDAS Regulation, the legal effects of a qualified electronic signature must be the same as those of a handwritten signature. Qualified electronic signature creation devices (QSCD) are technically very secure as they are protected against external attacks.