What is an electronic seal?
An electronic seal is data in electronic form attached to, or logically associated with, other data in order to guarantee the origin and integrity of those data on behalf of a legal person.
The underlying logic is similar to that of a digital signature, but attribution concerns the organisation rather than an individual. In practice, the seal relies on certificates and cryptographic keys managed for the entity (or by a service provider), in order to demonstrate that a document originates from the organisation and has not been altered since the seal was applied.
What is a qualified electronic seal?
A qualified electronic seal, within the meaning of eIDAS, is an advanced electronic seal created using a qualified electronic seal creation device and based on a qualified certificate for electronic seals.
This qualification refers to a framework of requirements (certificate, device and service provider) intended to reduce uncertainty regarding the identification of the entity and the protection of the seal-creation data.
What is the difference between an advanced electronic seal and a qualified electronic seal?
An advanced electronic seal must satisfy several criteria, including:
- a unique link to the seal creator,
- the identification of that creator,
- control of the seal-creation data,
- and a link to the sealed data enabling any subsequent modification to be detected.
A qualified electronic seal is an advanced seal that additionally relies on a qualified certificate and a qualified creation device.
In practice, the distinction results in a higher level of supervision regarding certificate issuance, key management, and the qualification of the trust service provider under the eIDAS framework.
What is an electronic seal certificate?
An electronic seal certificate is a certificate (for example X.509) used to apply and verify an electronic seal.
It associates a public key with the identity of a legal person (or an entity acting on its behalf), in accordance with a certification policy.
The certificate enables a verifier to confirm that the seal was produced with the corresponding private key and to link this result to the organisational identity referenced in the certificate (subject to validation of the certification chain and the certificate status).
What is a qualified electronic seal certificate?
A qualified certificate for electronic seals is a certificate that meets the eIDAS requirements for qualified certificates. It must be issued by a qualified trust service provider and contain mandatory information (including the indication that it is a qualified certificate), together with specific issuance and management requirements.
Its purpose is to ensure stricter control over the identification of the entity and the reliability of the trust chain.
What is a qualified electronic seal creation device?
A qualified electronic seal creation device is a device (hardware or software, frequently relying on a security component such as an HSM – Hardware Security Module) that satisfies eIDAS requirements for protecting the seal-creation data (the private key) and preventing its extraction or unauthorised use.
From an evidentiary perspective, the objective is to strengthen the argument that the organisation maintains effective control over the sealing mechanism, while reducing the risk of compromise.
What is the difference between an electronic seal and an electronic signature?
The principal distinction concerns attribution. An electronic signature is linked to a signatory (a natural person) and is typically used to express approval or commitment. An electronic seal, by contrast, is linked to a legal person and addresses the organisational origin of the document, together with its integrity.
From a technical perspective, the mechanisms may be similar (certificates, keys and algorithms). However, the underlying question differs: “Which individual signed the document?” for a signature, “Which organisation issued the document?” for a seal.
Electronic seal: what is the origin of a document?
In this context, origin refers to the ability to attribute a document to a specific organisation.
The electronic seal is intended to establish that the document originates from the entity identified in the certificate used at the time the seal was applied.
This attribution depends on the trust chain (certificate, certification chain and certificate status at the relevant time) and on the cryptographic verification linking the document to the identity contained in the certificate.
Electronic seal: what is document integrity?
Integrity means that the document presented is identical to the one that was sealed: any later modification must be detectable.
In practice, the sealing operation incorporates a calculation (commonly a cryptographic hash) that makes any modification visible during verification.
Evidential discussion therefore often turns to the ability, at the time the document is produced, to verify the elements necessary for validation (certificates, certificate status, possible timestamps) and to demonstrate the continuity of preservation.
What is an electronic signature?
An electronic signature is data in electronic form attached to, or logically associated with, other data and used by the signatory to sign.
The definition in eIDAS is intentionally broad: it encompasses both simple mechanisms and more demanding processes.
From an evidentiary standpoint, the purpose of the signature is to link the act to an identified signatory (a natural person) while protecting the integrity of the signed document.
What is an advanced electronic signature?
An advanced electronic signature, as defined by eIDAS, is a signature that:
- is uniquely linked to the signatory,
- enables the identification of the signatory,
- is created using signature creation data that the signatory can use under their exclusive control,
- and is linked to the signed data in such a way that any subsequent change is detectable.
These criteria structure the technical assessment (identification, control of keys and detection of alteration) without imposing a specific technical format.
What is a qualified electronic signature?
A qualified electronic signature is an advanced electronic signature created using a qualified electronic signature creation device and based on a qualified certificate.
Qualification refers to a framework of requirements and supervision applicable to trust service providers, intended to harmonise the levels of reliability expected throughout the European Union.
