--- title: "eIDAS QES validation checks for relying parties" canonical_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/qes-validation" source_url: "https://www.sorena.io/artifacts/eu/eidas/qes-validation" author: "Sorena AI" description: "How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "eIDAS QES validation" - "qualified electronic signature validation" - "QTSP" - "trusted lists" - "qualified certificate" - "QSCD" - "DSS" - "EU eIDAS Regulation" - "eIDAS" - "QES validation" - "qualified electronic signature" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # eIDAS QES validation checks for relying parties How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records. *Artifact Guide* *EU* ## eIDAS QES Validation Validate a qualified electronic signature by checking the signature result, the qualified certificate, the issuing QTSP, trusted-list status, QSCD indication, signed-data integrity, and security-relevant issues. Use this page as a relying-party checklist for accepting or rejecting a QES validation result and retaining evidence that can be rechecked later. Under eIDAS, a qualified electronic signature is not validated just by opening a PDF or seeing a visible signature panel. The validation process must confirm that the supporting certificate was qualified and valid at signing time, issued by a qualified trust service provider, tied to the signatory, matched to the validation data, created with a qualified electronic signature creation device, and attached to data whose integrity has not been compromised. ## What eIDAS requires a QES validation process to confirm Article 32 of Regulation (EU) No 910/2014 sets the validation requirements for qualified electronic signatures. A relying party should treat the validation output as a legal and technical conclusion, not as a simple cryptographic pass/fail. The check should be anchored at the time of signing. A certificate can be revoked later, but QES validation still needs evidence about whether the certificate was qualified, issued by a QTSP, and valid at the relevant signing time. - Confirm the supporting certificate was a qualified certificate for electronic signature at the time of signing. - Confirm the qualified certificate was issued by a qualified trust service provider and was valid at signing time. - Confirm the validation data corresponds to the data provided to the relying party. - Confirm the signatory-identifying data in the certificate is correctly provided, including any pseudonym indication. - Confirm the signature was created by a qualified electronic signature creation device and that signed-data integrity has not been compromised. - Confirm the Article 26 advanced-signature requirements were met at the time of signing. Sources for this answer: - [Regulation (EU) No 910/2014 (eIDAS), Article 32](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Defines the validation requirements for qualified electronic signatures, including certificate qualification, QTSP issuance, validation data, signatory data, QSCD use, integrity, and Article 26 requirements. - [Regulation (EU) No 910/2014 (eIDAS), Article 25](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Explains why the validation result matters: a qualified electronic signature has the equivalent legal effect of a handwritten signature. ## Trusted-list and QTSP checks The trusted-list check is the control that prevents a relying party from accepting a certificate as qualified only because a vendor label says it is. ETSI explains that EU Member State trusted lists include qualified trust service providers and their qualified trust services, and that the Commission publishes a central List Of Trusted Lists for access to Member State lists. For QES validation, retain the trusted-list status used by the validator: the Member State list or LOTL source, the service type, the service status and history, the qualified certificate status, and the time at which the trust-list evidence was evaluated. - Resolve the issuer through the EU trusted-list chain rather than only through a local certificate store. - Check that the provider and service were listed as qualified for the relevant service at the signing time. - Check service status history, not only current status, when validating older signatures. - Retain the trusted-list snapshot, LOTL reference, status value, and validation timestamp used for the decision. - Do not treat a non-qualified trust service or an unlisted service as a QES basis unless separate evidence supports the qualified status required by eIDAS. Sources for this answer: - [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Explains that EU trusted lists contain supervised qualified trust service providers and services, and that listed qualified services are necessary for users to benefit from the legal effect associated with a qualified trust service. - [European Commission List Of Trusted Lists XML](https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml?ref=sorena.io) - Machine-processable central List Of Trusted Lists location referenced by ETSI for accessing Member State trusted-list locations. - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Technical specification for trusted-list format and content, including TSP information, service information, current status, status dates, history, and pointers to other trusted lists. ## Certificate, revocation, and signing-time checks Certificate validation should capture both current cryptographic checks and signing-time context. eIDAS requires the certificate to have been qualified, QTSP-issued, and valid at signing time; the certificate also needs usable validity or revocation status information. A validation report can show a current revocation while still reaching a qualified-signature conclusion if the signature contains reliable time evidence and the revocation happened after the best signature time. That conclusion depends on the selected validation process and the retained timestamp, revocation, and trust-list evidence. - Validate the certificate chain, issuer, validity period, qualification indication, and signatory identity data. - Fetch and record revocation information, such as OCSP or CRL data, for the signing certificate and relevant chain certificates. - Use best-signature-time evidence when the validation profile supports long-term validation or archival data. - Record whether the validator concluded that the signing certificate was qualified at issuance time and at best signature time. - Escalate any INDETERMINATE, REVOKED_NO_POE, unavailable revocation data, or trust-list mismatch instead of converting it into a business approval. Sources for this answer: - [Regulation (EU) No 910/2014 (eIDAS), Article 24](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Requires qualified certificate issuers to register revocations, publish revocation status promptly, and provide validity or revocation status information to relying parties. - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Shows how DSS detailed reports separate signature, timestamp, revocation-data, and validation-process indications, including examples where current revocation does not automatically decide the overall result. ## How to read a DSS-style validation result DSS is useful grounding for implementation because its reports make the validation decision inspectable. The detailed report separates validation processes from building blocks, so a relying party can see whether a failure came from the signature, a timestamp, revocation data, certificate validation, or trusted-list interpretation. For QES acceptance, do not retain only a green banner or a PDF viewer screenshot. Retain the diagnostic data, detailed report, validation policy or constraints, trusted-list source, certificate path, revocation responses, timestamp evidence, and the final indication that the signature was qualified. - Record the overall result, such as TOTAL_PASSED, together with the specific validation process used. - Record any sub-process indication that was not passed and the reason it did not change the final conclusion. - Keep the qualification determination: qualified certificate at issuance time, qualified certificate at best signature time, and QSCD indication. - Keep the original signed object, detached contents if applicable, signature container, validation report, and validator configuration. - Document whether the tool was used as a validation library, a demonstration, or a qualified validation service from a QTSP. Sources for this answer: - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Documents DSS validation reports, validation processes, building blocks, best-signature-time logic, qualification determination, and evidence-record support. - [Regulation (EU) No 910/2014 (eIDAS), Article 33](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Distinguishes a qualified validation service from ordinary tool use by requiring a QTSP, Article 32 validation, automated relying-party results, and the provider's advanced signature or seal on the result. ## Evidence to retain before accepting a QES The retained evidence should let a later reviewer reproduce why the signature was accepted as qualified. The key question is not only whether the document was signed, but whether the validation result proves the eIDAS conditions at the relevant time. If the business depends on the signature's qualified status, store validation evidence with the transaction record, not only inside a temporary signing platform. Re-run validation when the signed object, detached contents, trust-list configuration, validation policy, or certificate status evidence changes. - Signed file or container, detached contents, signature format, signer certificate, certificate chain, and signing-time evidence. - Validation report, diagnostic data, validation policy or constraint set, validator version, and validation date. - Trusted-list evidence: LOTL source, Member State trusted list, QTSP/service status, status history, and any trust-list validation warnings. - Revocation evidence: OCSP or CRL responses, response times, responder certificate checks, and any unavailable status source. - Qualification evidence: qualified certificate determination, QSCD indication, and whether the result came from a qualified validation service. - Acceptance record: business transaction, relying party, reviewer, unresolved warnings, rejection reason if not accepted, and retention location. Sources for this answer: - [Regulation (EU) No 910/2014 (eIDAS), Article 32](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Provides the legal checklist that the retained validation evidence should be able to support. - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Supports retaining detailed reports, diagnostic data, trusted-list interpretation, timestamp evidence, and evidence records for later verification. - [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Supports keeping trusted-list evidence because qualified provider and service status is established through Member State trusted lists. *Recommended next step* *Placement: before sources* ## Validate the signature, certificate, QTSP status, and retained proof together Sorena can help turn the eIDAS QES validation checks on this page into reusable evidence requests, review steps, and acceptance criteria for relying-party workflows. - [Open Research Copilot for eIDAS](/solutions/research-copilot.md): Ask source-linked questions about QES validation, QTSP status, trusted lists, and retained validation evidence. - [Review an eIDAS QES validation workflow](/contact.md): Check whether your validation process captures the certificate, trusted-list, revocation, report, and acceptance evidence needed for later review. ## Primary sources - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Primary eIDAS text for legal effect, Article 32 QES validation requirements, Article 33 qualified validation services, and revocation-status duties for qualified certificate issuers. - Quote: "Requirements for the validation of qualified electronic signatures" - [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Explains trust service providers, qualified certificate authorities, Member State trusted lists, the Commission LOTL, and why listed qualified service status matters for relying parties. - Quote: "Trusted lists are essential elements in building trust" - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Technical specification for trusted-list structure, TSP information, service information, current status, status history, and pointers to other trusted lists. - Quote: "Electronic Signatures and Trust Infrastructures (ESI); Trusted Lists" - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Implementation reference for DSS signature validation reports, certificate and revocation checks, trusted-list handling, qualification determination, and retained evidence records. - Quote: "Digital Signature Service" - [European Commission List Of Trusted Lists XML](https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml?ref=sorena.io) - Machine-processable central LOTL URL referenced by ETSI for access to Member State trusted lists. - Quote: "List Of Trusted Lists" ## Related Topic Guides - [eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services](/artifacts/eu/eidas/deadlines-and-compliance-calendar.md): Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence. - [eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes](/artifacts/eu/eidas/eidas2-vs-eidas.md): Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision. - [eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks](/artifacts/eu/eidas/certificates-and-authentication.md): Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence. - [eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties](/artifacts/eu/eidas/checklist-and-evidence.md): Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls. - [eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties](/artifacts/eu/eidas/compliance.md): Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records. - [eIDAS electronic signatures: SES, AES, QES legal effect and evidence](/artifacts/eu/eidas/electronic-signatures-and-legal-effect.md): A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records. - [eIDAS penalties and fines for trust service providers](/artifacts/eu/eidas/penalties-and-fines.md): Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence. - [eIDAS Qualified Trust Services: QTSP Selection](/artifacts/eu/eidas/qualified-trust-services-and-qtsp-selection.md): How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records. - [eIDAS remote signature and cloud HSM controls for QTSPs](/artifacts/eu/eidas/remote-signature-and-cloud-hsm-controls.md): Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks. - [eIDAS signature legal effect selector: SES, AES, AES-QC, or QES](/artifacts/eu/eidas/signature-legal-effect-selector-workflow.md): Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition. - [eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer](/artifacts/eu/eidas/trust-service-role-scoping-workflow.md): Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP. - [eIDAS trusted list validation: LOTL, QTSP status, and evidence](/artifacts/eu/eidas/trust-list-validation.md): How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports. - [eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws](/artifacts/eu/eidas/eidas-vs-esign-and-ueta.md): Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps. - [eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements](/artifacts/eu/eidas/eidas-vs-etsi-en-319-401.md): Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls. - [eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations](/artifacts/eu/eidas/eidas-vs-gdpr-identity-data.md): Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights. - [eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations](/artifacts/eu/eidas/eidas-vs-nis2-trust-services.md): Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers. - [Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation](/artifacts/eu/eidas/electronic-attestations-of-attributes.md): Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect. - [EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates](/artifacts/eu/eidas/applicability-test.md): A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence. - [EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks](/artifacts/eu/eidas/faq/attribute-attestations.md): What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify. - [EU eIDAS checklist for signatures, trust services, and wallets](/artifacts/eu/eidas/checklist.md): Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records. - [EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation](/artifacts/eu/eidas/faq.md): FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence. - [EU eIDAS QTSP authorization and supervision guide](/artifacts/eu/eidas/qtsp-authorization-and-supervision.md): How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence. - [EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence](/artifacts/eu/eidas/qtsp-due-diligence-workflow.md): Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence. - [EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence](/artifacts/eu/eidas/requirements.md): Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties. - [EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence](/artifacts/eu/eidas/faq/trusted-lists.md): How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties. - [EUDI Wallet readiness for service providers under eIDAS](/artifacts/eu/eidas/eudi-wallet-readiness.md): Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence. - [EUDI Wallet Relying Parties under eIDAS](/artifacts/eu/eidas/faq/eudi-wallet-relying-party.md): What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence. - [EUDI Wallet Relying Party Onboarding Workflow under eIDAS](/artifacts/eu/eidas/wallet-onboarding-workflow.md): A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties. - [EUDI Wallet Relying Party Registration Under eIDAS](/artifacts/eu/eidas/eudi-wallet-relying-party-registration.md): What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps. - [EUDI Wallet Technical Architecture Guide under eIDAS](/artifacts/eu/eidas/eudi-wallet-technical-architecture-guide.md): Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls. - [QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence](/artifacts/eu/eidas/faq/qes-vs-ades.md): Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence. - [QWACs under eIDAS: website authentication certificates](/artifacts/eu/eidas/qwacs.md): A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks. - [What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs](/artifacts/eu/eidas/what-eidas-covers.md): A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations. - [What is a qualified trust service provider under eIDAS?](/artifacts/eu/eidas/faq/qualified-trust-service-provider.md): How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records. - [What is a QWAC under the EU eIDAS Regulation?](/artifacts/eu/eidas/faq/qwac.md): Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/eidas/qes-validation