Validate the signature on a document

The service issues a notification if the document does not contain electronic signatures. For example, just a picture of a signature is not an electronic signature.

The validity of the signature means that the signature is a technically valid electronic signature in accordance with Standard, and that the signature has not been edited or forged at a later time.

If the electronic signature is not valid, this may indicate for example that the signature or the data that has been signed has been edited later on or that the application that has produced it is not functioning according to the standards.

Even if an electronic signature is valid as such, this does not guarantee that the certificate used for making the signature or the party that issued the certificate are trustworthy.

The service checks whether the certificate for the signature has been issued by a party trusted by DVV. This means:

• certificates listed in the Trusted List (EUTL), which is a list of EU Commission trusted certificates
• all Digital and Population Data Services Agency certificates
• as well as possibly other Digital and Population Data Services Agency trusted certificates.

The parties that grant EU qualified certificates and EU qualified certificate types are listed in the EU Commission maintained Trusted List (EUTL). For a certificate to be included on the Trusted List (EUTL), it must meet with the requirements laid down in Article 22 of the eIDAS Regulation.

The signature certificate on the Digital and Population Data Services Agency’s Citizen Certificate as well as the signature certificate on organisation cards are EU qualified certificates. The signature certificate on the social welfare and healthcare sector professional ID is not on the Trusted List (EUTL) for trusted certificates, but an effort is being made to get it added to the list as soon as possible.

QSCD refers to a qualified signature creation device as referred to in Article 29 of the EIDAS Regulation. For example, the chips on the Digital and Population Data Services Agency’s newest certificate cards are QSCD-certified devices.

When a signature has been made with an EU qualified certificate and the certificate’s private key is in a QSCD-certified device, the signature is a qualified electronic signature. A qualified electronic signature is valid as such throughout the European Union, and it is legally binding and indisputable without separate evidence.

Therefore, a qualified electronic signature as referred to in the eIDAS Regulation will pass the following inspections:

• it is technically valid
• it has been made with an EU qualified certificate
• the key used in the signature is stored in an EU qualified signature creation device (QSCD).

First the service will give a notification on the number of electronic signatures in the document:

• how many valid signatures with EU qualified certificate issuers and signature keys stored in a qualified signature creation device.
• how many valid signatures with EU qualified certificate issuers.
• how many valid signatures made with non-qualified certificates.
• how many invalid signatures that failed validation.

A list of possible notifications issued by the service:

• The electronic signature is valid and has not been modified or forged after signature. (In addition, the level of the signature is notified.)
• The electronic signature is not valid.
• The signature is made by a party trusted by DVV.
• The signature is not made by a party trusted by DVV.
• The signature is made with an EU qualified certificate.
• The signature is not made with an EU qualified certificate.
• The signature key is stored in an EU qualified signature creation device (QSCD).

Technical error notifications
If an electronic signature is invalid, the service will also list the technical error notifications related to this. These will be listed in the “Show technical error notifications” tab. These notifications are only available in English.