Remote Signing

Remote Signing is a qualified electronic signature service model in which the Qualified Signature Creation Device (QSCD) is hosted and managed in the cloud by a Qualified Trust Service Provider, rather than being physically in the hands of the signatory. This approach eliminates the need for the signatory to carry a smart card, USB token, or other physical device to create Qualified Electronic Signatures. Instead, the signatory authenticates to the remote signing service, typically using multi-factor authentication, and authorises each signature, while the QSCD in the QTSP's secure infrastructure performs the cryptographic signing operation.

Remote signing has gained significant momentum in the eIDAS ecosystem and is further boosted by eIDAS 2.0. The regulation mandates that the EUDIW must enable users to create Qualified Electronic Signatures, and remote signing is the primary mechanism by which this will be achieved.

The wallet will act as the authentication and authorisation channel: when a user needs to sign a document, the wallet provides the identity assurance (via PID) and the user's consent, while the QTSP's cloud-based QSCD executes the signature. The relevant standard for remote signing is CEN EN 419 241 (Trustworthy Systems Supporting Server Signing), which defines the security requirements for server-based signature creation devices. Under eIDAS 2.

0, at least one remote signing service must be offered free of charge to wallet holders for non-professional use, significantly lowering the barrier to qualified signing. For organisations, remote signing simplifies the deployment of QES in business processes. Rather than distributing hardware tokens to all signatories, businesses can integrate with a QTSP's remote signing API and enable qualified signatures through a web or mobile interface, streamlining contract execution, regulatory filings, and any process requiring the highest level of signature assurance.