QES vs AES

1 What is required to generate a QES?

What is required to generate a QES?

In order to generate a Qualified Electronic Signature (QES) Buypass must issue a Qualified Certificate (QC) to the signer, in compliance with the eIDAS regulation.

Buypass is subcontracting the identity proofing of the signer to the IPSP, and the IPSP authenticates the signer based on any pre-approved eID means.

To support the generation of a QC, the IPSP used must be approved for identity proofing supporting QCs for the specific eID means used for authentication. Also, the eID means used must be strong enough to support the issuance of QC, see ‘Policy level’ on Pre-approved eID means for more details.

The requirements for issuing a QC is stricter than for issuing a non-QC acceptable for Advanced Electronic Signatures (AES), e.g. the processes for identity proofing and issuance of a QC must be assessed by an external auditor.

In addition, the SCASP must explicitly define in the signing request whether QES or AES is required. All approved IPSPs and eID means support AES, but there are restrictions on the use of QES. If QES is required, but not supported by the combination of IPSP and eID means, then the request will be rejected.