Does Abundera Sign produce Qualified Electronic Signatures (QES)?

Not yet. QES under Article 25(2) requires a Qualified Trust Service Provider (QTSP) listed on the EU Trusted List, plus a Qualified Signature Creation Device (QSCD) and high-assurance identity proofing typically backed by an EUDI Wallet, eID, or face-to-face verification. QES via a QTSP integration is on the roadmap. Until then, AdES is sufficient for the vast majority of EU commercial transactions; QES is required only when a Member State or EU law specifically mandates it (e.g., certain real estate, employment over a threshold, public-sector workflows).

Is an Advanced Electronic Signature legally binding in the EU?

Yes. Article 25(1) of eIDAS prohibits Member States from denying legal effect or admissibility of an electronic signature solely because it is electronic or does not meet the QES requirements. AdES carries the highest evidentiary weight short of QES, and is the standard used by the majority of EU B2B and B2C contract signing today.

How does Abundera Sign meet Article 26 AdES conditions?

Uniquely linked to the signer: every signing token is 256-bit CSPRNG with SHA-256 hash storage, signer profiles are unique by verified email. Capable of identifying the signer: identity proofing via passkeys, SMS OTP, Veriff government ID, optional KBA, all recorded in the Signer Evidence Score. Created under signer's sole control: signing tokens are single-use, sealed in WORM storage once signed, never reused. Linked to data so changes are detectable: PAdES-LTA signature covers the entire document byte range, SHA-256 plus SHA-512 dual content hashing, hash-chained audit trail counter-signed by RFC 3161 trusted timestamp authorities.

Does Abundera Sign comply with the eIDAS PAdES standard?

Yes. Signatures are PAdES-LTA per ETSI EN 319 142, the most rigorous PAdES profile. PAdES-LTA embeds the Document Security Store (DSS) with the signing certificate chain, revocation information (OCSP), and a Document Timestamp (DTS) after the signature, enabling Long Term Validation (LTV) so the signature remains verifiable long after the signing certificate's notAfter date.

What about eIDAS 2.0 and the EUDI Wallet?

Regulation (EU) 2024/1183 (eIDAS 2.0) introduced the European Digital Identity Wallet (EUDI Wallet) and is being phased in through 2026. QTSPs issuing Qualified Certificates must accept EUDI Wallets as a high-assurance identity proofing path. Abundera Sign's planned QES integration will accept EUDI Wallet identity assertions via OpenID4VP at the QTSP boundary; the Signer Evidence Score will award a high score (currently +20 for passkey, comparable weighting planned for verified EUDI presentation) when an EUDI Wallet PID credential is presented.

What about UK eIDAS and Swiss ZertES?

UK eIDAS regulations apply to the UK post-Brexit and recognise the same AdES tier Abundera Sign produces. Swiss ZertES is a separate Swiss regime; AdES under ZertES via a Swiss Trust Service Provider is also on the roadmap for the QES program.

EU Regulation 910/2014

eIDAS, article by article

Q: What level of eIDAS signature does Abundera Sign produce today?

Advanced Electronic Signature (AdES) under Article 26 of Regulation 910/2014. Every signed PDF carries a PAdES-LTA cryptographic signature backed by an RSA-3072 key in Azure Key Vault HSM (FIPS 140-2 Level 3) with an AATL-issued signing certificate. The signature is uniquely linked to the signer, capable of identifying the signer, created using signature creation data the signer can use under their sole control, and linked to the data in such a way that any subsequent change is detectable, the four legal conditions for AdES.

For organisations signing under EU law. Today Abundera Sign produces Advanced Electronic Signatures (AdES) via PAdES-LTA and AATL-certified HSM-backed keys. Qualified Electronic Signature (QES) via a Qualified Trust Service Provider is on the roadmap. This page maps the technical basis so your legal counsel can review directly.

Art. 25(1)Legal effect of electronic signatures

An electronic signature may not be denied legal effect or admissibility solely on the grounds that it is in electronic form or does not meet QES requirements.

Abundera Sign signatures are admissible under Article 25(1) across all 27 EU Member States
Cryptographic evidence package per envelope (signed PDF + Certificate of Completion + sealed evidence in WORM storage) supports admissibility in dispute
Hash-chained audit trail counter-signed by RFC 3161 TSAs provides independent corroboration of the signing event

Art. 26Advanced Electronic Signature (AdES)

Four cumulative conditions for AdES. Abundera Sign satisfies each by design.

(a) Uniquely linked to the signatory, 256-bit CSPRNG signing tokens, SHA-256 hash storage, unique signer profiles per verified email
(b) Capable of identifying the signatory, passkeys, SMS OTP, Veriff government ID, optional KBA, scored on the Signer Evidence Score and recorded in the audit chain
(c) Created using electronic signature creation data the signatory can use under their sole control, single-use signing tokens, no token reuse, sealed in WORM once signed
(d) Linked to data so that subsequent changes are detectable, PAdES-LTA covers full document byte range, SHA-256 plus SHA-512 dual content hash, hash-chained audit, document Reason field embedded in cryptographic signature

Annex IIQSCD requirements

Qualified Signature Creation Device requirements (for the QES roadmap).

QES requires a QSCD that holds the signer's private key under their sole control; Abundera Sign today uses an Azure Key Vault HSM for the document-level Abundera signature, but QES requires a per-signer QSCD
QSCD integration via a QTSP (Namirial, InfoCert, or equivalent) is the architecture target
EUDI Wallet acceptance at the QTSP boundary is in scope as Member States roll out wallets through 2026
Email compliance@abundera.ai if you have a near-term QES requirement

ETSI EN 319 142PAdES-LTA profile

European Telecommunications Standards Institute PDF Advanced Electronic Signatures, Long Term Archive profile.

PAdES Baseline B-LTA, the most rigorous PAdES profile; embeds DSS + DTS for Long Term Validation
Document Security Store (DSS) contains the signing certificate chain plus OCSP revocation responses
Document Timestamp (DTS) after the signature anchors verification beyond the signing certificate's notAfter date
Validates in Adobe Acrobat, EU DSS validator, and any conformant PAdES verifier without trusting Abundera infrastructure
Signature dictionary /Reason field carries the 21 CFR Part 11 §11.50 meaning of signature when assigned; see 21 CFR Part 11

Art. 32Validation of QES

Requirements for validating qualified electronic signatures (applies to roadmap QES output).

QES validation requires confirming the QC was valid at the time of signing, the signature creation data and validation data are aligned with information provided to the relying party, the signature was issued by a QTSP listed on the EU Trusted List, the signature was created by a QSCD, and document integrity is preserved
Abundera Sign's planned QES output will be validatable by any EU-conformant validator using the published signature policy identifier
Validation will be operable through the EU Commission's DSS demo validator, EUDI Wallet trust services, and member state TSL services

eIDAS 2.0EUDI Wallet acceptance

Regulation (EU) 2024/1183 and the European Digital Identity Wallet.

EUDI Wallet (EU Digital Identity Wallet) rollout phased through 2026 in each Member State
QTSPs issuing Qualified Certificates must accept EUDI Wallets as a high-assurance identity proofing path
Abundera Sign's planned QES integration accepts EUDI Wallet identity assertions via OpenID4VP at the QTSP boundary
Signer Evidence Score will award high weight to a verified EUDI presentation
mDL acceptance (ISO 18013-5 mobile driver's license) follows the same pattern for cross-border identity proofing

What is on the roadmap

QES via a QTSP integration (Namirial, InfoCert, or equivalent), EUDI Wallet identity proofing via OpenID4VP, ZertES partner integration for Swiss workflows, and a published per-signature signature policy identifier so EU-conformant validators (DSS demo validator, EUDI Wallet trust services) can resolve the policy automatically. Email compliance@abundera.ai if your timeline needs a target date.

Frequently asked questions

What level of eIDAS signature does Abundera Sign produce today?

Advanced Electronic Signature (AdES) under Article 26, via PAdES-LTA with an AATL-certified HSM-backed signing key. AdES is sufficient for the vast majority of EU commercial transactions. QES is only required when a Member State or EU law specifically mandates it (some real estate, some employment, public-sector workflows).

Is an AdES legally binding in the EU?

Yes. Article 25(1) prohibits Member States from denying legal effect or admissibility of an electronic signature solely because it is electronic or does not meet QES. AdES carries the highest evidentiary weight short of QES and is the standard for EU B2B and B2C contract signing.

Does Abundera Sign produce QES?

Not yet. QES via a QTSP integration (Namirial, InfoCert, or equivalent) is on the roadmap. EUDI Wallet acceptance at the QTSP boundary is in scope as Member States roll out wallets through 2026.

Is the signature compatible with the EU DSS validator?

Yes. PAdES-LTA per ETSI EN 319 142 is validatable in the European Commission's DSS demo validator, in Adobe Acrobat, and in any conformant PAdES verifier without trusting Abundera infrastructure. The Document Security Store (DSS) embedded in the PDF carries the certificate chain plus OCSP revocation, and the Document Timestamp (DTS) extends validity beyond the signing certificate's notAfter date.

What about UK and Switzerland?

UK eIDAS regulations apply to the UK post-Brexit and recognise the same AdES tier Abundera Sign produces. Swiss ZertES is a separate regime; ZertES AdES via a Swiss Trust Service Provider is on the roadmap for the QES program.

EU procurement asking for a signature-policy identifier, a QES timeline, or a QTSP partner letter? Email compliance@abundera.ai. For the broader posture, see the Trust Center, the Compliance Center, or the related 21 CFR Part 11 page if your workflow also touches FDA-regulated records.