Recognized electronic signature: what it is, uses, and recommendations

Recognized electronic signatures are the highest standard of security and legal validity in the European and global digital ecosystem. As organizations move away from paper, the need to secure commercial agreements and legal procedures makes it essential to understand this technology. 

Choosing the wrong type of signature can result in a contract being invalidated or security breaches. This article explains what a recognized electronic signature is, its legal framework under the eIDAS Regulation, in which cases it is mandatory, and how to implement it efficiently.

What is a recognized signature and how does it work?

A recognized electronic signature is one that is based on a qualified certificate and is generated by a secure signature creation device (QSCD).

Thus, a recognized electronic signature is a type of electronic signature that is considered, for all legal purposes, a direct equivalent to a traditional handwritten signature.

It works on the basis of asymmetric cryptography and public key infrastructures (PKI). Recognized electronic signatures are currently referred to as qualified electronic signatures under the European eIDAS regulation. The process guarantees three fundamental principles:

• Unambiguous identification: It confirms without margin for error who the signer is.
• Absolute integrity: It detects any modification of the document after it has been signed.

Non-repudiation: It prevents the signer from legally denying that they signed the document.

Electronic identification and identity verification

To obtain a recognized electronic signature, the critical step is the prior electronic identification of the user. A qualified certificate cannot be issued without a Qualified Trust Service Provider (QTSP) verifying the applicant's real identity. 

To achieve this unambiguous identification, providers use extremely secure mechanisms that comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. The most common methods include:

• Physical appearance: The user goes in person to a Registration Authority (such as a public office or notary) with their official identity document (ID card, passport).

• Video identification (VideoID): A synchronous video call or an asynchronous video recording process supervised by trained agents, where facial biometrics, liveness detection, and identity document validation technologies are applied using OCR (Optical Character Recognition) technology and hologram or NFC chip verification.

Identification using another qualified certificate: If the user already has a valid certificate (e.g., electronic ID card), they can use it to identify themselves online and obtain a new one.

The role of the qualified certificate in recognized signatures

The qualified certificate is, in essence, the signer's "digital ID card." It is an electronic document issued by a Certification Authority that links the validation data of a signature to a natural or legal person, confirming their identity in an irrefutable manner.

For a signature to be considered "recognized" or "qualified," the certificate must meet strict technical requirements regulated by eIDAS:

• Audited issuance: It must be issued exclusively by a Qualified Trust Service Provider (QTSP) included in the European Union's Trust Lists.
• Secure Device (QSCD): Cryptographic keys must be stored in high-security hardware.

Cloud signature: Currently, the law allows this certificate to be hosted on Cryptographic Servers (HSM) in the cloud, allowing the user to sign from their mobile phone with two-factor authentication (2FA).

Differences between simple electronic signatures, advanced electronic signatures, and recognized electronic signatures

The eIDAS Regulation classifies electronic signatures into three technical and legal levels. Choosing the right one is vital to ensure the legal certainty of corporate agreements:

• Simple Electronic Signature: Basic security level. This is data attached to other data (e.g., accepting cookies or web terms). It does not allow the signer to be unequivocally identified and requires additional evidence to be provided in the event of a lawsuit.
• Advanced Electronic Signature: High security level. It uniquely identifies the signatory, detects any subsequent alterations, and guarantees the integrity of the document through cryptography. It is the most efficient solution for employment contracts and B2B agreements.
• Recognized (Qualified) Electronic Signature: Maximum security level. It requires the use of a qualified certificate and a secure signature creation device (QSCD). It reverses the burden of proof in litigation and is mostly used in procedures with public administrations.

Legal validity and regulatory framework: the eIDAS Regulation

Regulation (EU) No. 910/2014 (eIDAS) is the cornerstone of the digital trust ecosystem in Europe. Its main objective is to ensure that cross-border electronic interactions between businesses, citizens, and public authorities are secure and seamless. 

In Spain, this regulation is complemented by Law 6/2020 regulating certain aspects of electronic trust services.

Equivalence with handwritten signatures

The most important legal principle of recognized electronic signatures is found in Article 25.2 of the eIDAS Regulation: "A qualified electronic signature shall have the same legal effect as a handwritten signature."

This means that no judge or administration can reject a document simply because it is signed electronically if it has a qualified signature. 

It also provides the principle of non-repudiation: the signer cannot deny having signed the document unless they can technically prove that the certificate was hacked or stolen.

Use cases where recognized signatures are required by law

There are regulated sectors where advanced electronic signatures are not sufficient and the law explicitly requires the use of recognized electronic signatures:

• Public Administration (AAPP): Filing of high-value taxes, public tenders, and signing of official resolutions.
• Legal and Notarial Sector: Issuance of authorized electronic copies, notarial policies, powers of attorney, and binding communications with the Administration of Justice (LexNET in Spain).
• Healthcare Sector: Signing of electronic prescriptions or medical records, where integrity and auditing are a matter of life and death.
• Accounting Audit: Registered auditors must use a recognized electronic signature to sign their annual audit reports, giving the document public faith.

When is an advanced electronic signature sufficient?

Although a recognized signature offers maximum security, it requires a certificate issuance process (onboarding) that can cause commercial friction.

For 95% of administrative and commercial procedures, the advanced electronic signature is the ideal option. The advanced electronic signature is fully valid, legal, and much faster for the user experience (UX).

If a biometric or OTP (SMS) signature solution is used, a very robust legal shield is maintained without requiring the customer to have a prior certificate, and for high-risk processes, it can be complemented with KYC to achieve the same level of probative and legal value as a recognized or qualified signature.

Why choose advanced signature over recognized signature?

• Agility: It allows the user to sign instantly from their smartphone without having to install certificates in advance or possess a USB token. Evidence is collected through biometrics (speed, stroke pressure, graph), geolocation, IP, and time stamping.
• Conversion: In B2C or B2B sales processes, requiring the customer to provide a recognized signature can cause the sale to fall through if the customer does not have an active electronic ID or does not know how to use it. Advanced signatures using OTP (One Time Password) via SMS are legal, secure, and increase contract closure rates.
• Success stories: It is the de facto standard for Human Resources Contracts (payroll, NDAs, risk prevention), rental contracts, confidentiality agreements, purchase and sale of services, SEPA bank mandates, and logistics (delivery notes).

How to obtain and use a recognized electronic signature step by step

If your company or you as an individual need to use a qualified electronic signature, the process must follow a strict chain of trust dictated by eIDAS:

1. Choose a Qualified Trust Service Provider (QTSP): Check the EU Trust List to ensure that the certification authority is authorized to issue qualified certificates.
2. Certificate Application: Start the application process for the "Qualified Electronic Signature Certificate." This can be for an individual, a representative of a legal entity, or a company's electronic seal.
3. KYC Identification Process: Go through the identity validation process. Today, the most advanced solutions allow you to complete this step 100% online using VideoID in just a few minutes, without the need to travel anywhere.
4. Key Generation and QSCD Device: Decide whether you will use a local QSCD (smart card/USB) or a cloud-based QSCD (recommended). If you choose the cloud, the provider will generate your keys in a secure HSM and grant you access through two-factor authentication (mobile app, PIN, biometrics).
5. Signature Execution: When signing a PDF document, the signature platform will request your authorization. You will validate the action using your Second Factor Authentication (2FA). The system will apply cryptography and stamp a qualified time stamp, generating a document (usually PAdES format for PDF) with immediate legal validity.

The current process has left obsolete card readers and USB tokens behind. Today, cryptographic keys are securely stored on HSM servers in the cloud, allowing users to sign from their smartphones using simple two-factor authentication (2FA).

Best practices and recommendations for implementing recognized electronic signatures

For companies looking to scale, digitize their document flows, and ensure regulatory compliance worldwide, implementing electronic signatures should not be seen as a simple "digital patch," but as a comprehensive business transformation. Below, we list the best practices in the market:

• Choose comprehensive and certified platforms: It is essential to have technology providers that offer end-to-end solutions. Leading tools such as Tecalis Sign not only allow you to execute recognized and advanced electronic signatures with full legal validity under eIDAS, but also combine digital identity verification (KYC/AML), the issuance of qualified certificates in real time, and document orchestration in a single operational flow. This avoids having to hire three different providers, reducing operating costs and eliminating security gaps in technical integrations.
• API integration: Choose solutions that have robust RESTful APIs. This allows you to embed the recognized or advanced signature experience directly into your ERP, CRM, or employee portal, making the workflow invisible and automated for your internal teams.
• Maximize Operational Efficiency: Electronic signatures reduce contract cycle times by 80%. Eliminate low-value administrative tasks such as printing, scanning, courier delivery, and physical filing.
• Sustainability and ESG Policies: Going paperless not only saves direct costs, but also dramatically reduces the organization's carbon footprint, aligning the company with the United Nations Sustainable Development Goals (SDGs) on its path to becoming paperless.
• Customer Experience (CX) at the Center: If you need to issue recognized signatures to external customers, make sure that Cloud Signature technology is responsive and user-friendly (mobile-first). If the signing and registration process is cumbersome, cart or contract abandonment will be imminent. Technology must adapt to the user, not the other way around.

Implementing recognized electronic signatures ensures maximum legal protection for corporations and opens the door to a truly digital, efficient, and globalized economy.

Tags