Under the eIDAS Regulation (EU) No 910/2014, a qualified certificate for electronic signature refers to “a certificate for electronic signatures, that is issued by a qualified trust service provider” and meets the requirements specified within the regulation. To be a qualified trust service provider, the entity must receive qualified status from its member nation’s supervisory body that authorizes that entity to provide qualified trust services to be used in creating qualified electronic signatures.
The provider must be listed on the EU Trust List in order to be considered qualified.
The qualified trust service provider must abide by the strict guidelines of eIDAS while performing their duties. Included as part of the qualified certificate process:
Requirements for Qualified Certificates
According to the requirements listed in Annex I of eIDAS, qualified certificates for electronic signatures must contain:
Additional Specifications for Qualified Certificates for Electronic Signatures
Qualified certificates for electronic signatures will not be subjected to mandatory requirements that exceed the requirements from Annex I listed above. Non-mandatory additional specific attributes may be included in a qualified certificate for electronic signatures, provided they do not interfere with the recognition or interoperability of qualified electronic signatures.
In a case of where a qualified certificate for electronic signature is revoked after being initially activated, the certificate will lose its validity from the time of the revocation and cannot be reverted. EU member states may temporarily suspend a qualified certificate for electronic signature through national rule if:
Further changes may be made by the European Commission by implementing acts to establish reference numbers of standards regarding qualified certificates for electronic signatures.
Legal Implications of a Qualified Certificate for Electronic Signatures
A qualified electronic signature offers the highest tier of probative value in court making it very difficult to deny its authorship. Member states throughout the EU are required to recognize the validity of a qualified electronic signature that has been created using a qualified certificatefrom another member state. A qualified electronic signature with a qualified certificate carries the same weight as a handwritten signature in court.
REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission