Understanding the Qualified Electronic Seal (QES)

This article explains what a Qualified Electronic Seal is, why it's important for digital credentials, and how it works in Credentium.

What is a Qualified Electronic Seal?

A Qualified Electronic Seal (QES) is a digital seal applied to documents by organizations to prove:

1. Authenticity - The document genuinely comes from the stated organization
2. Integrity - The document has not been altered since it was sealed
3. Non-repudiation - The organization cannot deny issuing the document

Think of it as the digital equivalent of an organization's official stamp or seal, but with cryptographic security that makes it impossible to forge.

Legal Standing

Under the eIDAS Regulation (EU Regulation 910/2014), a Qualified Electronic Seal has the same legal effect as a traditional organizational seal. This means:

• Documents sealed with QES are legally recognized across all EU member states
• Courts and government agencies must accept QES-sealed documents
• The seal provides legal certainty about the document's origin and integrity

How It Works in Credentium

Sealing Process

When you issue a credential in Credentium:

1. PDF Certificate Generation - A PDF diploma/certificate is created with the credential information
2. QES Application - The PDF is digitally sealed using the organization's Qualified Electronic Seal
3. JSON-LD Signing - The machine-readable credential (JSON-LD) is also cryptographically signed
4. Delivery - Both formats are delivered to the recipient

Seal Types

Credentium supports two seal configurations:

Custom Seal (Own Organization Seal)

If your organization has its own Qualified Electronic Seal:

• Your seal certificate details are displayed in Organization Settings
• Your organization's seal stamp image appears on certificates
• The seal is issued by a qualified Trust Service Provider
• Certificate information shown: Subject Name, Legal Identifier, Serial Number, Validity

Shared Seal (CloudTeam Seal)

If you don't have your own QES:

• Credentium uses the CloudTeam sp. z o.o. shared seal
• Still provides full legal validity under eIDAS
• A standard Credentium seal stamp appears on certificates
• Subject: CloudTeam sp. z o.o., Identifier: VATPL-5252388265

Viewing Seal Information

To view your organization's seal configuration:

1. Go to Organization Settings
2. Click the Subscription tab
3. Find the Qualified Electronic Seal section

You will see:

• Seal Type - "Custom Seal" or "Shared Seal"
• Status - Active, Expiring Soon, or Expired
• Certificate Details - Subject name, identifier, serial number
• Validity Period - When the seal certificate expires

Seal Verification

Recipients and third parties can verify sealed documents:

PDF Certificates

• Open the PDF in Adobe Acrobat or another PDF reader
• Look for the signature/seal panel
• The reader will show if the seal is valid and who applied it

Credentium Wallet

• The wallet displays verification status
• Shows "This credential has been issued by verified publisher"
• Click Verify credential to see detailed verification results

Why QES Matters

For Issuers

• Legal Compliance - Meet requirements for official documents
• Trust - Recipients know credentials are authentic
• Tamper-proof - Any modification invalidates the seal
• Audit Trail - Clear proof of when credentials were issued

For Recipients

• Verified Credentials - Employers and institutions trust sealed credentials
• International Recognition - Valid across EU member states
• Self-verifiable - Anyone can verify without contacting the issuer

Certificate Expiration

Seal certificates have expiration dates. Credentium shows warnings when:

• Expiring Soon (Yellow) - Less than 30 days until expiration
• Expired (Red) - Certificate has expired

Important: If your seal certificate expires, you cannot issue new credentials until it is renewed. Contact Credentium Support to arrange certificate renewal.

Getting Your Own Seal

To upgrade from the shared seal to your own organization's Qualified Electronic Seal:

1. Go to Organization Settings > Subscription
2. Click Contact for seal in the seal section
3. A Credentium representative will guide you through the process

Requirements typically include:

• Organization legal registration documents
• Authorized representative identification
• Agreement with a qualified Trust Service Provider

Frequently Asked Questions

Is the shared seal as legally valid as a custom seal?

Yes. Both provide the same legal validity under eIDAS. The difference is that your organization's name appears on custom seals, while the shared seal shows "CloudTeam sp. z o.o." as the sealing party.

Can I issue credentials if my seal expires?

No. You must renew your seal certificate before issuing new credentials. Existing credentials remain valid even after the seal expires.

How long is a seal certificate valid?

Typically 1-3 years, depending on the Trust Service Provider. Credentium will notify you before expiration.

Can sealed documents be modified?

No. Any modification to a sealed document will invalidate the seal. This is a security feature that ensures integrity.

Need Help?

If you have questions about Qualified Electronic Seals or need to upgrade your seal configuration, please contact:

Credentium Support Email: support@credentium.com

Last updated: January 2026