Skip to main content
Legal Guide

What is a qualified electronic signature ?

What makes an electronic signature legally binding? A qualified electronic signature meets strict security and identity verification standards set by EU law,…

document with rosette and shield around it

Quick answer · the 30-second read

A qualified electronic signature (QES) is the highest legal tier of electronic signature. In law, it carries exactly the same weight as a handwritten signature. It is a specific type of digital signature backed by a certificate from a government-approved authority and created using a certified signing device. Under Article 25(2) of the eIDAS Regulation, a qualified electronic signature cannot be denied legal effect or admissibility as evidence in legal proceedings. It must be treated as equivalent to a handwritten signature across all EU member states. The same principle applies in the UK under the retained eIDAS framework.

Most electronic signatures you encounter in everyday life are not qualified electronic signatures. A typed name, a drawn squiggle, or a platform-generated signature are all valid electronic signatures, but they sit at a lower tier. A qualified electronic signature requires specific identity verification, a government-approved certificate, and certified signing technology. That combination is what gives it its legal guarantee.

For most business documents, a lower tier is perfectly sufficient. The qualified electronic signature becomes relevant when the stakes are high enough that you need the strongest possible legal assurance, or when a specific regulation, jurisdiction, or transaction type requires it.

The three tiers of electronic signature

A qualified electronic signature sits at the top of a three-tier system defined in UK and EU law.

Tier

What it means

Typical use

Security

SES

Simple electronic signature

Any electronic indication of intent to sign. A typed name, tick-box, or drawn squiggle

Everyday contracts, approvals, low-stakes documents

Basic. No identity verification; easy to dispute

AES

Advanced electronic signature

Uniquely linked to the signer; detects any change to the document after signing; created under the signer’s sole control

Most business contracts; standard platform-generated signatures

Strong. Audit trail; harder to dispute

QES

Qualified electronic signature

An AES created by a qualified signature creation device, backed by a qualified certificate from a government-approved authority

High-value contracts; regulated transactions; cross-border EU documents; property (pilot)

Highest. Same legal effect as handwritten signature

Basic Questions

What makes a qualified electronic signature different from a normal one?

Three things that work together. First, a verified identity: getting a qualified certificate requires you to prove who you are. Typically this is through a government-issued ID check, similar to opening a bank account. Second, a qualified certificate: the certificate must be issued by a trust service provider on the government-maintained trusted list in the UK or EU. Third, a qualified signature creation device: the signature must be created using hardware or software certified to a specific security standard, which ensures the private key used to create the signature cannot be extracted or misused.

It is the combination of all three that makes a QES carry the force of law. A signature that meets only one or two of these requirements is an advanced electronic signature, not a qualified one.

In the UK and across the EU, a qualified electronic signature has exactly the same legal effect as a handwritten signature. It cannot be refused solely on the grounds that it is electronic, and it is admissible as evidence in legal proceedings without further proof of authenticity. This guarantee is set out in Article 25(2) of the eIDAS Regulation and applies in retained form in the UK under SI 2016/696.

In the US, the ESIGN Act does not use the same tier system, but a digital signature backed by a certificate from a recognised authority carries the strongest evidentiary weight available under US law.

When do I actually need a qualified electronic signature?

For most everyday documents, including commercial contracts, employment agreements and supplier terms, you do not need one. A standard platform-generated signature (an advanced electronic signature) is sufficient and much quicker to obtain.

A qualified electronic signature is typically needed when:

  • A regulation specifically requires it. Some EU financial services and public sector processes specify QES
  • You are signing a cross-border EU document where the highest legal certainty is required
  • Your organisation’s policy or a contract requires it for high-value transactions
  • You are signing a property deed through HM Land Registry’s QES pilot scheme in England and Wales

If you are unsure whether a specific document requires a QES, the obligation usually comes from the regulation or contract governing that transaction, not from the general law of electronic signatures.

How do I get a qualified electronic signature?

You need a qualified certificate from a trust service provider listed on the relevant trusted list. The UK trusted list is maintained by the ICO. Each EU member state has its own trusted list. Getting a qualified certificate requires a verified identity check. Depending on the provider, this may be done in person, by video call, or through a certified digital identity service.

Once you have a certificate, you apply it using a qualified signature creation device. This may be a hardware token (a USB device), a certified software application, or a signing platform that supports QES. The signing platform or your IT team will guide you through the process. Individual users seeking a QES for personal use may be able to obtain one through national identity schemes, and under eIDAS 2.0 EU citizens will be able to use a qualified signature free of charge through the EU Digital Identity Wallet by end of 2026.


Going Deeper

What is a trust service provider?

A trust service provider (TSP) is an organisation authorised by a government to issue qualified certificates and provide other digital trust services. To be authorised, a TSP must meet rigorous security, technical, and operational standards set by the relevant regulatory body.

In the UK, the list of authorised trust service providers is maintained by the Information Commissioner’s Office (ICO), which is being renamed the Information Commission in late 2026. In the EU, each member state maintains its own national trusted list, and the European Commission publishes a combined list of all EU trusted lists - called unsurprisingly List of Trusted Lists (LOTL). A certificate from a provider on either list qualifies for the legal guarantee associated with a QES in that jurisdiction. UK and EU trusted lists are separate and not mutually recognised since Brexit.

What is a qualified signature creation device?

A qualified signature creation device (QSCD) is hardware or software certified to generate and protect private keys to a standard that prevents them being copied, extracted, or used by anyone other than the rightful owner. This is what ensures that only you can apply your qualified electronic signature.

In practice, a QSCD is often a hardware token, often a small USB device that stores your private key securely, or a certified cloud-based signing service where the key is protected by equivalent hardware in a data centre. The certification standard is set by ETSI (the European Telecommunications Standards Institute). You do not need to manage the technical details yourself. Your trust service provider will supply a QSCD as part of the certificate issuance process, or direct you to a compatible one.

Is a qualified electronic signature the same as a digital signature?

All qualified electronic signatures are digital signatures. They use cryptography to verify identity and detect tampering. But not all digital signatures are qualified electronic signatures. A digital signature backed by a certificate from a provider that is not on the UK or EU trusted list, or created without a qualified signature creation device, does not meet the QES standard.

This is an important distinction. A QES carries the statutory guarantee of equivalence to a handwritten signature. A non-qualified digital signature does not carry that same guarantee, though it may still be legally valid and evidentially strong for most purposes. See What is a digital signature? for a full explanation.

Does a qualified electronic signature work across borders?

Within the EU, yes. A QES issued by a trust service provider on any EU member state’s trusted list is recognised across all EU member states. That mutual recognition is one of the core purposes of the eIDAS Regulation.

Between the UK and EU, the position is more complex since Brexit. A QES issued by a UK trust service provider is not automatically recognised within the EU’s mutual recognition framework, and vice versa. Organisations operating across both jurisdictions may need certificates from providers on both trusted lists, or should check with their legal advisers whether a specific transaction requires recognition in both jurisdictions. See Do UK electronic signatures work in the EU? for the full picture.

What is changing with eIDAS 2.0?

The EU updated its eIDAS framework in 2024 with Regulation (EU) 2024/1183 (eIDAS 2.0). The definition and legal effect of a qualified electronic signature remain unchanged. What eIDAS 2.0 adds is the EU Digital Identity Wallet, which every EU member state must make available to citizens by end of 2026. The wallet will allow EU citizens to apply a qualified electronic signature free of charge for personal non-professional use.

This does not apply to the UK. The UK retains the original eIDAS framework as written into UK law after Brexit, and is developing its own separate digital identity framework under the Data (Use and Access) Act 2025. UK citizens will not have access to the EU Digital Identity Wallet.


Legislative references

Every factual claim on this page traces to one of the following primary sources.

eIDAS Regulation (EU) No 910/2014 — Article 3(12): definition of QES; Article 25(2): QES has same legal effect as handwritten signature; Article 26: four requirements of AES.

eur-lex.europa.eu — CELEX:32014R0910

Regulation (EU) 2024/1183 (eIDAS 2.0) — EU Digital Identity Wallet by end of 2026; QES free of charge for personal use. Does not apply to the UK.

eur-lex.europa.eu — CELEX:32024R1183

Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (SI 2016/696) — brings eIDAS into UK law; UK trusted list; ICO as supervisory authority.

legislation.gov.uk/uksi/2016/696

Electronic Communications Act 2000 (c. 7), s. 7 — admissibility of electronic signatures in UK proceedings.

legislation.gov.uk/ukpga/2000/7

HM Land Registry, Practice Guide 82 (updated 7 July 2025) — QES pilot scheme for property deeds.

gov.uk — Practice Guide 82