GDPR | eIDAS Requirements and Roadmap

icon picker
QES Requirements

Last edited 58 days ago by Jamie Heindl

Certification by a Qualified Trust Service Provider (QTSP): A QES must be created using a digital certificate issued by a QTSP. This provider is certified and supervised by governmental bodies to ensure compliance with strict standards.
Secure Signature Creation Device (SSCD): The signature must be created using a secure device that ensures the signer has sole control over their signature creation data, like a private key. This can be a hardware device like a smart card or a software-based solution with equivalent security measures.
Unique Identification and Authentication: The signer must be uniquely identified and authenticated by the QTSP. This usually involves stringent identity verification processes.
Link to the Signer’s Identity: The signature must be uniquely linked to the signer and capable of identifying the signer.
Data Integrity: The signature must be created in a way that any subsequent change in the data can be detected (tamper-evident).
Non-repudiation: The signature should ensure non-repudiation, meaning it cannot be reasonably denied by the signer.
Compliance with Local and International Standards: The QES must comply with standards set by relevant authorities. In the European Union, this means adherence to the eIDAS regulation. Other regions may have different standards and regulations.
Time Stamping: Often, a qualified electronic signature will include a time stamp that indicates the exact time of the signature. This is crucial for legal and audit purposes.
Document Integrity: Once signed, the document should be sealed so that any alteration to its content can be detected.
Revocation Mechanism: There should be a mechanism to revoke the digital certificate if it’s compromised or no longer required.
Audit Trails: Maintain records of the signing process, including how the signature was created and verified.
Legal and Regulatory Compliance: Ensure that the QES process complies with the specific legal requirements of the jurisdiction in which it will be used.
There are no rows in this table

QES Notes

ID Verification:
Certificate Authority: (note: that many of the CA’s will have competing products that we will want to be mindful of when we have these conversations.)
Example provider for QES/AdES: eIDeasy
API Documentation (eSeal is the software for QES Signing with an SSCD (req. 2 above):

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.