In the context of Regulation (EU) No 910/2014 (

eIDAS eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. It was established in EU Regulation 910/2014 ...

), a qualified digital certificate is a public key certificate issued by a

trust service provider A trust service provider (TSP) is a person or legal entity providing and preserving digital certificates to create and validate electronic signatures and to authenticate their signatories as well as websites in general. Trust service providers are q ...

which has government-issued qualifications. The certificate is designed to ensure the

authenticity Authenticity or authentic may refer to: * Authentication, the act of confirming the truth of an attribute Arts and entertainment * Authenticity in art, ways in which a work of art or an artistic performance may be considered authentic Music * A ...

and

data integrity Data integrity is the maintenance of, and the assurance of, data accuracy and consistency over its entire life-cycle and is a critical aspect to the design, implementation, and usage of any system that stores, processes, or retrieves data. The ter ...

of an electronic signature and its accompanying message and/or attached data.

Description

eIDAS defines several tiers of

electronic signature An electronic signature, or e-signature, is data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as i ...

s that can be used in conducting public sector and private transactions within and across the borders of EU member states. A qualified digital certificate, in addition to other specific services provided by a qualified trust service provider, is required to elevate the status of an electronic signature to that of being considered a

qualified electronic signature A qualified electronic signature is an electronic signature that is compliant with EU Regulation No 910/2014 (eIDAS Regulation) for electronic transactions within the internal European market. It enables to verify the authorship of a declaration in ...

. Using

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

, the digital certificate, also known as a public key certificate, contains information to link it to its owner and the digital signature of the trust entity that verifies the authenticity of the content that has been signed. According to eIDAS, to be considered a qualified digital certificate, the certificate must meet the requirements provided in Annex I of Regulation (EU) No 910/2014, including, but not limited to: * Identification that the certificate is a qualified certificate for electronic signature * Identification of the qualified trust service provider who issued the qualified certificate, including such information * Corresponding electronic signature validation data and electronic signature creation data * Indication of the certificate's period of validity * Unique certificate identity code of the trust service provider * Qualified trust service provider's

advanced electronic signature An advanced electronic signature (AdES) is an electronic signature that has met the requirements set forth under EU Regulation No 910/2014 (eIDAS-regulation) on electronic identification and trust services for electronic transactions in the Europe ...

or electronic

seal Seal may refer to any of the following: Common uses * Pinniped, a diverse group of semi-aquatic marine mammals, many of which are commonly called seals, particularly: ** Earless seal, or "true seal" ** Fur seal * Seal (emblem), a device to imp ...

Vision

The need for

non-repudiation Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged ...

and authentication of electronic signatures was originally addressed in the

Electronic Signatures Directive The Electronic Signatures Directive 1999/93/EC was a European Union directive on the use of electronic signatures (e-signatures) in electronic contracts within the European Union (EU). It was repealed by the eIDAS regulation on 1 July 2016. ...

1999/93/EC to help facilitate secure transactions, specifically those that occur across the borders of EU Member states. The

Regulation later replaced the Directive and defined the standards to be used in the creation of qualified digital certificates by

Role of a qualified trust service provider

A qualified digital certificate can only be issued by a qualified

that has received authorization from their member state's supervisory body to provide qualified trust services for creating qualified electronic signatures. The provider must be listed upon the EU Trust List; otherwise, they are not permitted to provide qualified digital certificates or other qualified trust services. The trust service provider is required to abide by the guidelines established under eIDAS for creating qualified digital certificate, which include: * Providing a valid date and time stamp of when the certificate was created, * immediate revocation of any signature that has an expired certificate, * providing appropriate training to all their employees who are involved with providing trust services, * any equipment or software that is used for trust services must be trustworthy and capable of preventing certificates from being forged.

Legal implications of electronic signatures with qualified digital certificates

In court, a qualified electronic signature provided the highest level of

probative value Relevance, in the common law of evidence, is the tendency of a given item of evidence to prove or disprove one of the legal elements of the case, or to have probative value to make one of the elements of the case likelier or not. Probative is a te ...

, which makes it difficult to refute its

authorship An author is the writer of a book, article, play, mostly written work. A broader definition of the word "author" states: "''An author is "the person who originated or gave existence to anything" and whose authorship determines responsibility f ...

. A qualified electronic signature, along with its qualified certificate is given the same consideration as a handwritten signature when used as evidence in legal proceedings. The validity of a qualified electronic signature that has been created with a qualified certificate must be accepted by other EU member states regardless of which member state the signature was produced in.

Global perspective

In other parts of the world, similar concepts have been created to define standards for electronic signatures. In Switzerland, the digital signing standard ZertES has comparable standards that address the conformity and regulation of trust service providers who product digital certificates. In the United States, the NIST

Digital Signature Standard The Digital Signature Standard (DSS) is a Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology (NIST) in 1994 ...

(DSS) does not provide a comparable standard for regulating qualified certificates that would address non-repudiation of a signatory's qualified certificate. An amendment to NIST DSS is currently being discussed that would be more in-line with how eIDAS and ZertES handle trusted services.

References