How to recognise a qualified digital certificate

More and more companies and professionals are being required by the regulatory authorities to use a qualified digital certificate for their electronic communications and procedures. We find the example in different regulations such as the European eIDAS regulation, Law 6/2020 and Law 39/2015, which require the use of a qualified digital certificate.

But how do I know if I am working with a qualified digital certificate? What does this qualification mean? We tell you in the following post.

What is a qualified electronic certificate?

A qualified digital certificate is issued through a Qualified Signature Creation Device (QSCD) by a Qualified Trust Service Provider.

The qualified certificate incorporates data that verify the identity of the owner and provide legal validity to the actions carried out with it. This is because it contains data such as:

• An indication that the certificate has been issued as a qualified electronic signature certificate.
• A set of data that clearly represents the Qualified Trust Service Provider issuing the qualified certificates, including at least the Member State in which the Trust Service Provider is established.
• The name of the signatory or a pseudonym.
• Electronic signature validation data corresponding to the electronic signature creation data.
• Start and end date of the validity period of the certificate.
• The identity code of the certificate, being unique to the Qualified Trust Service Provider.
• The advanced electronic signature or the advanced electronic seal of the Qualified Trust Service Provider.
• Services that can be used to check the validity status of the qualified digital certificate.

Difference between qualified and unqualified digital certificate

The main difference between the qualified and unqualified certificate is that the qualified one is presumed to be legally valid. Thus, if the qualified certificate is used for a qualified signature, it serves as indisputable proof in the event of legal proceedings, so that:

• It is comparable to a handwritten signature.
• In case of a legal dispute, the evidence provided by the qualified digital certificate is valid without the need for additional expert evidence.
• It reverses the burden of proof, with the onus being on the signatory to prove the invalidity of the signature made.

The electronic signature certificate

In accordance with the eIDAS Regulation regarding electronic identification and trust services for electronic transactions, the electronic signature certificate links the validation data of a signature with a natural person.

The most secure signature is the qualified signature, in other words, the signature made with a digital certificate. For this, it is necessary that the digital certificate is qualified and complies with the requirements mentioned above.

The recognition of qualified signatures is set out in article 25 of the eIDAS regulation:

Article 25 – Legal effects of electronic signatures

1. An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on
   the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.
3. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a
   qualified electronic signature in all other Member States.