Skip to main content
purple hex pattern
two people walking in server room

An essential security piece of qualified signing deployments

Under eIDAS, a QSCD is a secure hardware device approved for the creation of signature and seal data. It is a mandatory element for the generation of qualified electronic signatures, the highest level of signature type recognized by the European Union.

The Entrust nShield 5c and 5s HSMs are certified against Common Criteria (CC) CEN EN 419 241-5 as QSCD for qualified signatures and seals.

HSM + SAM = future-ready QSCD

While it is currently possible to use a standalone, certified HSM as a QSCD for remote signing, the next eIDAS Implementing Act will introduce a new QSCD standard requiring an HSM and a SAM bundled together.

Entrust has developed a SAM and can provide you with an HSM+SAM bundle today to help you prepare for the future.

two people looking at a tablet
man with reflection in his glasses

eIDAS digital signing experts at your service

Entrust Professional Services are available to help you evaluate, deploy and transition to a new QSCD, whether you are a Trust Service Provider or an integrator.

Our Professional Services include a compliance readiness assessment to help you achieve a seamless, optimized transition to a new compliant solution.

Frequently Asked Questions

What is the eIDAS regulation?

eIDAS is short for electronic identification, authentication, and trust services. The eIDAS regulation establishes rules for creating and validating electronic identities, and for trust services such as electronic signatures, qualified electronic signatures, and qualified electronic seals to ensure secure and seamless transactions across the European Union (EU).

The EU Commission created eIDAS to set a higher standard for digital trust and promote interoperability and confidence in digital services. It standardizes electronic identification and trust services across all member states.

What is a Qualified Signature Creation Device?

A QSCD is a secure hardware or software solution certified under the eIDAS regulation to generate and protect cryptographic keys used in qualified electronic signatures and qualified electronic seals. QSCDs must meet strict security and certification requirements to ensure the highest level of protection for cryptographic keys and to maintain compliance with the EU's stringent digital signature standards.

What are the types of electronic signatures?

Under the eIDAS regulation, there are three main types of electronic signatures, each offering different levels of security and legal assurance:

  1. Simple Electronic Signature (SES): This is the most basic type, such as scanned signatures or checkbox agreements. While easy to use, SES lacks robust security features and do not provide a lot of assurance in case of dispute.
  2. Advanced Electronic Signature (AES): AES provides a higher level of assurance by being uniquely linked to the signer and capable of detecting any alterations to the signed document. It requires identity verification but does not mandate a qualified signature creation device (QSCD).
  3. Qualified Electronic Signature (QES): QES is the most secure and legally binding type of digital signature. It requires the use of a QSCD and a qualified certificate issued by a trusted certificate authority, making it equivalent to a handwritten signature under EU law.

What’s the difference between a qualified signature and an advanced signature?

A qualified electronic signature requires the use of a QSCD and a qualified certificate issued by a Trust Service Provider. In contrast, an advanced signature must meet certain requirements, such as being uniquely linked to the signer and capable of detecting tampering, but it doesn’t require specific technology such as a QSCD or a qualified certificate. While secure, it doesn’t carry the same universal legal weight as a qualified signature, especially for cross-border transactions.

What are the eIDAS requirements for qualified signatures?

To comply with eIDAS, qualified electronic signatures must meet all the advanced electronic signature requirements, plus the following requirements:

  • Be created using a certified Qualified Signature Creation Device
  • Use a qualified certificate issued by an accredited Trust Service Provider

These measures ensure the highest level of security and legal recognition for electronic transactions within the EU.

QSCD for Remote Signing Related Products

Digital Signing

Entrust Signature Activation Module


Upgrade your signing infrastructure now with the Entrust Signature Activation Module (SAM) and future-proof your remote qualified signature creation devices.
entrust nshield 5c with fips certification product image
HSM

nShield 5c


Learn how a FIPS HSM like the Entrust nShield 5c can protect your most sensitive data with cryptographic key services.
nshield 5s with fips certification product image
HSM

nShield 5s


Learn how a PCIe HSM like the Entrust nShield 5s can protect your most sensitive information with cryptographic key services.
Let’s build a solution for you.

An Entrust Identity portfolio specialist will be in touch with options soon.