Modern enterprises and institutions increasingly use advanced business processes, including the electronic circulation of documents. A key tool in the daily operations of organizations has become the qualified signature, which holds the same legal validity as a handwritten signature. What is this e-signature, and how is it used? What are the differences between a qualified and non-qualified signature? Answers to frequently asked questions can be found in this article.
What is a Qualified Signature?
A qualified signature (also known as a Qualified Electronic Signature) is a digital tool issued by certified trust service providers, used to confirm identity online via electronic data. Under current regulations, this e-signature has the same legal validity as a handwritten signature on a traditional document. With a qualified signature, we can securely handle numerous formalities electronically. These include online transactions, signing civil-law contracts, and performing various administrative activities online.
A qualified signature is issued to a specific individual. Its mechanism is based on asymmetric encryption, where the signature owner has a pair of cryptographic keys – public and private. The public key is used to verify the signature, while the private key, known only to the certificate holder, enables its creation. This ensures that the electronic signature is unique, tamper-proof, and maintains the integrity and authenticity of the electronic document.
Thanks to the European eIDAS regulation, a qualified signature issued in one EU member state can be recognized in another. The implementation of uniform standards has created a common European trust space, where qualified signatures, regardless of origin, meet the same strict requirements. This fosters favorable conditions for conducting business across EU borders while ensuring data confidentiality.
In addition to the eIDAS regulation, the use of qualified signatures in Poland is governed by the Act of September 5, 2016, on trust services and electronic identification.
Related Articles:
Check the offer of qualified signatures
Qualified Signature – Types and Costs
Every type of qualified signature is issued to an individual and is based on a unique qualified certificate. This certificate serves to verify identity online and includes user information such as name, surname, and personal identification number (e.g., PESEL or ID number). Additionally, you can add optional fields, such as job position. Qualified signatures are typically issued for 1, 2, or 3 years.
Certified trust service providers offer two of the most popular types of qualified signatures:
- Qualified signature on a physical medium, such as a cryptographic card with a reader or a USB device,
- Qualified signature in the cloud.
Qualified Signature on a Card
One of the most popular types of qualified signatures is provided on a secure cryptographic card (contact-based) with a chip. This card resembles a payment card and requires the use of a special reader (e.g., Gemalto IDBridge CT30) designed to work with electronic signature applications. This solution is particularly convenient for people working on desktop computers.
The qualified signature certificate can also be placed on a handy USB device with a smaller built-in SIM card. This device is portable and extremely easy to use, making it suitable for both desktop and laptop computers.
The cheapest qualified signature on a card with identity verification, valid for 1 year, costs 239 PLN net. Meanwhile, the full set with a cryptographic card, reader, and identity verification costs from 289 PLN net.
Qualified Signature in the Cloud
A convenient type of e-signature is the cloud-based signature, which is the most modern solution on the market. Its biggest advantage is the ability to sign electronic documents without using a physical card reader. The e-signature owner simply installs an authentication mobile app on their smartphone. This tool is highly useful for remote workers, mobile employees, or organizations with distributed structures.
The basic version of the cloud-based qualified signature costs 299.00 PLN net for a one-year subscription. A cloud e-signature with online verification issued for 1 year costs 599 PLN net.
Qualified Signature – Applications
The application of a qualified signature is extensive and facilitates numerous business processes. With an e-signature, users can handle many professional and personal matters without visiting contractors or offices.
Qualified signatures are used in activities that require a high level of certainty regarding the signer’s identity. Examples include:
- Signing civil-law contracts in electronic form,
- Signing all types of e-documents (e.g., court filings),
- Authenticating in e-administration systems (e.g., eZUS, e-KRS, ePUAP, etc.),
- Participating in electronic auctions and tenders,
- Signing employment contracts.
Qualified vs. Non-Qualified Signature
Trust service providers offer various types of e-signatures with electronic certificates. The simplest classification of these digital tools is into qualified and non-qualified signatures. Both variants differ slightly, resulting in different applications.
As mentioned at the beginning of this article, a qualified signature under eIDAS regulations has the same legal validity as a handwritten signature. This means that electronically signed documents in this manner will be legally binding. Furthermore, every qualified signature must be issued by a certified trust service provider on a specific type of device or in a cloud-based version. Moreover, the use of this digital tool is primarily limited to signing highly formalized electronic files. These include, for example, various contracts, invoices, financial statements, or tax declarations.
A non-qualified signature does not have the same legal power as a traditional handwritten signature. Providers of such signatures are not required to adhere to the highest technical standards imposed by regulations and acts. These tools can be used for various purposes, not just identity declaration but also, for example, data encryption. The certificate for a non-qualified signature can be stored on any media, including computers, and is suitable for signing electronic files of lesser importance to organizations (e.g., corporate email correspondence, certificates, internal regulations, etc.).
How to Obtain a Qualified Signature?
To obtain a qualified signature, follow these simple steps:
- Choose a service from a specific certified provider,
- Select the type of qualified signature,
- Verify your identity online, at the provider’s office, or at a partner point,
- Activate the qualified signature.
Choosing a Service from a Certified Provider
Before purchasing a qualified signature from an online store of a specific provider, ensure they are listed in the eIDAS directory and have the appropriate authorization from the Ministry of Finance. Pay attention to whether the seller offers various solutions (e.g., a qualified signature on a card or in the cloud) and whether they provide adequate technical support.
Selecting the Type of Qualified Signature
Choose the type of qualified signature that best suits your daily work. Remember, a card or USB token-based e-signature is ideal for stationary work since it requires external devices. If you work remotely or on the go, opt for a cloud-based qualified signature with an easy-to-use smartphone application.
Identity Verification
Keep in mind that issuing a qualified signature requires verifying your identity using an ID card or passport. Choose the most convenient verification method: online, at the service provider’s office, at your company, or with a notary.
Activating the Qualified Signature
Before activating your received qualified signature set, make sure it’s complete. Download the signing application compatible with your device’s operating system. Secure the activation keys, PINs, and other essential codes provided by the service provider.
Qualified Signature – Summary
A qualified signature is a type of electronic identity verification. This tool facilitates the creation of e-signatures with the same legal validity as handwritten signatures. It is extremely useful for many activities conducted online, such as signing contracts, completing remote transactions, or using electronic administration platforms. Every qualified signature must be issued by a verified trust service provider. Supported by asymmetric cryptography mechanisms, this tool ensures the integrity and authenticity of electronic documents. Thanks to the EU eIDAS regulation, qualified signatures are recognized across Europe, making it easier to conduct business beyond national borders. Qualified signatures, valid for a specific time (usually 1-3 years), can be stored on various devices, such as special cryptographic cards with readers, small USB readers, or in the cloud.
