Qualified electronic signature

This article was entered in the editorial right for improvement due to formal or factual deficiencies in quality assurance . This is done in order to bring the quality of articles from the subject area law to an acceptable level. Help to eliminate the shortcomings in this article and take part in the discussion ! ( + )

According to the German Signature Act, a qualified electronic signature ( QES ) is an advanced electronic signature that is based on a qualified certificate (valid at the time of its creation) and was created with a secure signature creation unit (SSEE). The equivalents in Austria and Liechtenstein are referred to as secure electronic signature ; With the amendment of the Austrian Signature Act on January 1, 2008, the term was also changed to qualified electronic signature . This is also a confirmation that there is no error.

certificate

Every secret signature key based on asymmetrical encryption methods always has a single corresponding public signature verification key. A certificate from the certification service provider (ZDA) is the electronic confirmation that the signature verification key and thus also the corresponding signature key has been assigned to a person and that the identity of this person can be confirmed (cf. § 2 No. 6 Signature Act (SigG)). In the case of the electronic signature, the certificate contains the public key with which the hash value (checksum) of the electronic document encrypted during the creation of the signature can be decrypted and compared against a newly created hash value and thus the authenticity of the electronic document can be checked. For details, see electronic signature .

For the qualified electronic signature, the certification service provider must comply with Paragraphs 4 to 14 of the Signature Act and report the commencement of activities to the competent authority ( Federal Network Agency ) ( Section 4 (3) SigG). Certificates for qualified electronic signatures can be issued once the company has been reported. Certificates issued before the company is reported at best enable the creation of advanced electronic signatures .

The purpose of these regulations is, in particular, to ensure the identity of the certificate holder and to ensure that the certificate is stored and made available securely. The certificate is used to identify a person and must therefore be kept in a safe place so that it cannot be changed without authorization. A secure procedure must be used to determine who is applying for a certificate. Such a procedure is, for example, Postident , in which you have to present your identity card or passport at a branch of Deutsche Post AG when you apply for a certificate. So you can be sure who owns a certificate. Another conceivable (but not very practicable) procedure could be for an applicant to appear in person at the ZDA and identify themselves. The ZDA describes what is sufficient for the registration process in individual cases in its security concept.

With a reliable certification authority, it is thus possible to trace to which person a certificate belongs. The certificate can be used to determine whether an electronic signature really comes from a specific person.

attribute

With the qualified (person) certificate, which is required for a qualified electronic signature, additional attribute certificates within the meaning of Section 5 (2) SigG can be linked. These attributes include, in particular, information on representation relationships, for example for a managing director of a GmbH, or job-related information such as “notary”, “lawyer”, “tax advisor”, “auditor”, “document translator” or other professional titles whose use is regulated. In order to add such an attribute to the qualified certificate, the approval of the competent authority is required. In the case of a notary, the competent Chamber of Notaries must agree, in the case of a lawyer the competent Bar Association etc. At the same time, pursuant to Section 8 (2) SigG, the consenting person has the right to have the certificate blocked if the representation relationship no longer exists or the professional title may no longer be used or its use is regulated by another body.

However, the job-related information does not include academic degrees or official titles (e.g. Prof., Dr., Dipl.-Ing. Etc.) or titles of nobility (baron, count, duke etc.) associated with a profession. Doctoral degrees and titles of nobility may be included in a person's identification documents and can therefore be included as part of the name in a person's qualified certificate.

Differentiation from other signature types

The partial term "qualified" is derived from the Signature Act, which defines several levels of signatures. There are some requirements for the infrastructure and processes, especially at the ZDA, so that a signature can be considered qualified, for example with regard to the identification of the owner.

An electronic document signed with a qualified signature can, according to § 126a BGB in Germany, replace the written form required by law or ordinance , unless otherwise regulated by special law (for the latter: The written form is necessary, for example, when terminating an employment relationship, but specifically not through an electronic form can be replaced ( § 623 2nd half-sentence BGB)).

Due to the freedom of form for legal transactions, e.g. B. Purchase contracts, there is basically no need for a signature; therefore in most cases - unless the written form or a qualified electronic signature is explicitly required by law - a simple or advanced electronic signature is sufficient.

According to § 17 SigG, products for qualified signatures are to be provided with a manufacturer's declaration or their conformity with the SigG must be confirmed by accredited bodies ( BSI , TÜViT , GEI ). Manufacturer declarations are to be sent to the Federal Network Agency and are published if they comply with the SigG. The manufacturer's declaration is already valid within the meaning of the SigG at the time it is received by the Federal Network Agency. In order for the security requirements to be met during the creation of a signature, it is usually necessary to purchase a specific card reader and commercial software.

In Germany, § 14 UStG required a qualified electronic signature on electronically transmitted invoices. Otherwise, the company receiving the invoice was not entitled to deduct input tax . This obligation was repealed by the Tax Simplification Act 2011. Archiving the electronically transmitted invoice in electronic form is mandatory, i. H. exclusive archiving of the printout is therefore not permitted and does not entitle you to input tax deduction. Invoices received in paper form and only then scanned can be archived without a qualified electronic signature. However, the scanning process must be logged.

Provider in Germany

Anyone who would like to electronically sign a document using a qualified signature must register with a certification service that has reported its activity to the Federal Network Agency or is voluntarily accredited. This certification service provider usually has the user pay for his service directly or indirectly. A list of the certification service providers currently active can be viewed at the Federal Network Agency and the Connecting Europe Facility.

Individual providers of the qualified electronic signature sell their software or their service to banks, credit providers, insurance companies, etc., which in turn make this service available to their customers. This allows end customers to be identified online and also to sign their contract online in accordance with sign the signature law. This solution must be certified by an accredited body (ZDA).

Practical applications

The meaning and purpose of the signature

The qualified electronic signature essentially fulfills three things:

On the one hand, it replaces the signer's signature. This means that the qualified electronic signature is as good as the original signature on a document, which is why it can also replace the written form in accordance with Section 126a BGB. Numerous legal transactions in Germany require written form to be effective. However, the qualified electronic signature cannot always replace the written form. So z. E.g. the termination (so-called unilateral legal transaction as opposed to a contract, which is a bilateral or multilateral legal transaction) of an employment relationship according to § 623 BGB in written form, but here the electronic form is excluded as a substitute (§ 623 2nd half sentence BGB ). When terminating a residential tenancy agreement, the written form is also required ( Section 568 (1) BGB), but this can be replaced by the qualified electronic signature. (Note: Other problems can arise here, e.g. that the married couple are party to the rental contract, but only one of them has a qualified electronic signature, or that the landlord does not have an e-mail account so that you can contact him electronic channels (e-mail) cannot deliver anything anyway, etc. pp.) Most legal transactions (e.g. purchase contracts for movable property ) do not require a written form and therefore no qualified signature. For evidence purposes, however, it may be opportune to choose the written form or, instead, the qualified electronic signature, in order to be able to clearly prove the conclusion of the contract and the contents of the contract in the event of a dispute.
Second, the electronic signature can be used to establish the identity of the person signing. A qualified signed e-mail can therefore be clearly assigned to a sender. The recipient therefore knows for sure who has written to him or who is the issuer of the signed document.
Thirdly, it is possible to use the certificate contained in an electronic signature to strongly encrypt electronic documents (e-mails, their attachments, and other data transfers, etc.) for a recipient. The public key from the recipient's certificate is used for this. The private key, which only the authorized recipient (as the owner of the certificate) knows, is required for decryption. This means that only the holder of the certificate can read the received data, but not third parties who have somehow intercepted data transmission illegally or legally (e.g. telecommunications surveillance ordered by a judge in accordance with Section 100a ff StPO in certain criminal investigation proceedings) during the electronic transmission of the data (could). The investigative authorities, who are of course not only interested in documents / data sent, but also in the suspect's data and files stored offline on the computer, understandably try to catch the documents / files directly on the computer and thus unencrypted (keyword: Federal Trojan, see also online search (Germany) ).

Areas of application of the qualified electronic signature

In practice there are already areas of application that are not very well known to the general public. For example, notaries can only register with the commercial register electronically. Registrations in paper form are no longer accepted by the commercial registers of the respective local courts, cf. § 8 HGB. The notary therefore scans the notarized and / or certified documents (PDF) and sends them via the electronic court and administrative mailbox ( EGVP for short ) to the commercial register by "special" e-mail, provided with his qualified electronic signature which also includes the job-related information "notary". In this way, the commercial register knows that the documents actually originate from this notary and have been authenticated or certified by him and will make the registered entries in the commercial register. The “Elster” tax portal also uses the signatures. From January 1, 2013, for example, advance sales tax returns can only be sent to the responsible tax office with a qualified signature, which the commissioned tax advisors already have, but not most of the smaller entrepreneurs who create and submit their advance returns themselves.

Further areas of application are above all public procurement procedures (so-called " eVergabe " ), the billing of medical services provided by contract doctors ("Kassenärzte") to the billing office of the Kassenärztlichen Vereinigung (s) (so-called "online billing " ). The civil status registers of the registry offices are also increasingly being converted to electronic registers. The notarizations of births, marriages, deaths, etc. are then created and signed electronically by the registrar and can be digitally archived easily and without paper and, if necessary, transmitted electronically and again signed, postage-free. Even lawyers are increasingly using a qualified signature. If the personal certificate also includes the job-related information “lawyer”, then they can effectively send their pleadings to a court (also via the EGVP ) electronically instead of by post. This is particularly important in the case of written submissions subject to a deadline, which must be received by midnight on the day the deadline expires, and especially if the lawyer is not in the same place as the court. Since the EGVP automatically sends back an acknowledgment of receipt (again with a qualified signature) immediately after receipt, the timely receipt of the written statement can not only be ascertained, but also proven beyond doubt. For example, a lawyer in Hamburg can electronically deliver a pleading to a court in Munich within seconds. More important for lawyers is the use of the signature when transmitting documents (e.g. draft contracts) to clients or the negotiating partner or his lawyer. Likewise, contracts can be verifiably concluded electronically by lawyers - in each case for the contracting party they represent. The legal obligation to maintain secrecy and the client's wish to maintain secrecy vis-à-vis third parties can only be safely fulfilled with the help of the qualified signature when sent by e-mail.

The areas of application for qualified signatures could expand in the future, although they will remain more in the business and official / official area. The requirement of a qualified signature for consumers is currently only given in individual cases. The future will show whether the area of application will expand. Conceivable is z. B. that in the future online shops will initially offer the possibility of a qualified signature of an order placed on the Internet and / or a customer account. This ensures in any case that the customer is an existing person, even if the personal certificate does not yet confirm the home address.

For this reason, the qualified signature is currently not widespread among private individuals (consumers). The one-time costs for the acquisition of the necessary hardware and software (card reader and signature software) are around € 120 - € 160, with additional running costs from € 5 per month depending on the provider. But the importance of the qualified signature is increasing for entrepreneurs and authorities. However, the need for explanation and complexity make acceptance by users more difficult. The certified companies that sell signature cards along with certificates, signature software and card readers and other accessories usually have step-by-step instructions ready.

Electronic signature in the electronic waste record procedure

The electronic signature is currently also of great importance and distribution within the scope of the electronic waste verification procedure ( eANV ). According to the German Verification Ordinance , since April 1, 2010, it has been required that waste disposal companies sign electronically and in a qualified manner each time hazardous waste is transported. From February 1, 2011 at the latest, this regulation will also apply to waste producers and waste carriers. With this application to day-to-day processes, the qualified electronic signature is used widely for the first time in the context of eGovernment.

literature

Clanget, Oliver: “ Certify without paper (3). The qualified electronic signature. ” (PDF; 1.7 MB) in MDÜ. Trade journal for interpreters and translators , 06/2011; Accessed January 24, 2019.

Hähnchen, Susanne : Electronic right-hand traffic - a practical guide. For lawyers, notaries, students and other interested parties . Books on Demand GmbH, new edition. (February 2007), ISBN 3-8334-9267-8

Chicken, Susanne; Hockenholz, Jan: practical problems of the electronic signature , JurPC web doc. 39/2008, paras. 1–31, article at JurPC

Spindler; Schuster: Law of the Electronic Media , 2nd edition 2011, Verlag CH Beck Munich

Web links

Individual evidence

↑ Federal Network Agency - List of qualified trust service providers . Federal Network Agency. Retrieved December 11, 2019.
↑ Trusted List Browser. Retrieved April 4, 2020 .
↑ How much does equipment for qualified electronic signature cost? - BMU FAQ. Retrieved August 18, 2020 .
↑ TeleSec
↑ D-TRUST
^ DGN German Health Network
↑ medisign
↑ eGovernment for the resource cycle

[1] Federal Network Agency - List of qualified trust service providers . Federal Network Agency. Retrieved December 11, 2019.

[2] Trusted List Browser. Retrieved April 4, 2020 .

[3] How much does equipment for qualified electronic signature cost? - BMU FAQ. Retrieved August 18, 2020 .

[4] TeleSec

[5] D-TRUST

[6] DGN German Health Network

[7] sign

[8] Government for the resource cycle