Prologue: One Cent, One Hash, One No

Imagine the following scenario: Elena is a product manager at a small software studio in Leipzig. It is a rainy Tuesday evening, and on Elena’s screen lies a finished contract with a new client in Vienna. Both sides agree, time is pressing, and Elena wants to document the contract conclusion cleanly — without lengthy registration with a third-party provider, without card readers, without “please contact your trust service provider.”

She takes the hash of the PDF document — a cryptographic checksum — and inserts it into the reference field of a one-cent bank transfer:
“By this I sign the attached document, hash: 36e9…c5.”
Online banking confirms the transaction using biometric authentication; the bank has known her identity for years and maintains timestamps and audit logs. The next morning, Elena writes to the client: “You have received the contract hash, the transaction ID, and a tamper-proof timestamp from me as a one-cent transfer. That is my signature.”

Two days later: a polite, formal no.
“Unfortunately, we cannot accept your signature. For legally binding agreements, we require a qualified electronic signature in accordance with eIDAS.”

Elena reads the sentence twice. What happened? In substance, she delivered the three things every legal system traditionally requires of a signature: identifiability (the bank knows who she is), declaration of intent (she signed deliberately), and attribution/integrity (the hash irrevocably binds the declaration to the document). Yet because her method was not ritualized in the prescribed way by a “trust service provider,” it is not considered “qualified.” Form overrides function.

She is not alone in her frustration.

Chapter 1: Two Ways of Thinking About Trust

There are two ways to think about trust.

The first is social-institutional: trust arises when a recognized authority — a notary, an office, a “trusted service provider” — formally certifies that something is correct. This tradition has shaped legal transactions for centuries. In the EU, it is codified in the eIDAS framework: qualified electronic signatures (QES) are legally equivalent to handwritten signatures if — and only if — they are issued by certified trust services using qualified certificates and approved signature-creation devices.

The second is technical-cryptographic: trust arises because something is mathematically almost impossible to forge and because third parties can verify the chain of evidence without a central authority. This is how hashes, public-key cryptography, and ultimately blockchains work. An immutable ledger anchors a digital statement that anyone can independently verify.

Elena stands at the intersection of these two worlds. Her one-cent protocol is functionally robust: anyone with the bank record, the hash, and the document can verify the chain, without “belief.” But EU regulation demands more than function — it demands formality. And so a paradoxical Europe emerges: technologically advanced, legally standardized, yet still formalistic when it comes to digital autonomy.

Chapter 2: Why the Paradox Hurts

The core pain point is simple: in the physical world, a signature is an act of personal autonomy. No third party “creates” it for you; it emerges from your person. In the digital EU world, full legal effect is achieved only if the opposite is true: a signature is maximally effective only when it is generated not directly by you, but via an approved intermediary. You become a user of a ritual, not the author of an act.

Legally, this practice is justified: a single market needs interoperability and uniform evidentiary standards across 27 jurisdictions. From this, policymakers and administrators have drawn a flawed conclusion: without centrally vetted trust anchors, it cannot work. Technically, however, this is only one possible solution. The other — trustless, verifiable proofs — exists and works millions of times a day (from code signing to software supply chains). It generates trust from mathematics and auditable protocols, not from institutions.

The result is a gap between what people perceive as rational and fair and what formal categories permit. Elena feels this gap acutely.

Chapter 3: The One-Cent Protocol — A Conceptual Laboratory Setup

Elena tells friends about her idea, and the reactions are strikingly consistent: “Basically watertight.” Cryptographers nod. Lawyers raise eyebrows — “interesting, but not eIDAS-compliant.” Entrepreneurs ask: “If I can present a complete, verifiable chain of evidence in court, why isn’t that enough?”

Let us reconstruct the “protocol” in laboratory terms:

Create document → generate hash.
Embed hash in an original, person-bound, strongly authenticated process (e.g., a bank transfer authorized only by the individual).
Attach timestamping and third-party verifiability (bank ledger, audit log, transaction ID).
Counterparty receives hash, transaction receipt, and document and can verify the chain.

The key point: this chain is not only verifiable, it is portable. It does not depend on the continued existence of a specific trust provider with proprietary infrastructure, but on generic, verifiable artifacts that many independent parties can inspect (banks, auditors, courts, experts).

Why is this not sufficient? Because eIDAS does not primarily define evidentiary value; it defines the formality of a specific procedure. The highest “quality class” of signatures — QES — requires that precisely the “right” institution issues, stores, and ritualizes the act. That may be appropriate for high-risk transactions; it becomes intrusive when citizens must surrender their digital agency to third parties for everyday declarations of intent.

Chapter 4: The Shadow of Monopolies

At this point, a suspicion arises that deserves discussion: has the architecture of trust services — intentionally or not — led to de facto oligopolization? Trust that can only be generated by approved providers creates market entry barriers. Certification is expensive, ongoing supervision complex, and hardware security modules and qualified devices are capital-intensive. The result is a small, manageable circle of players controlling access to “fully legally binding” digital acts.

No ill intent needs to be assumed to understand the incentives. Those already certified have little interest in radically open alternatives that emphasize function over form. Lobbying is normal in Europe; the concern is that — combined with well-meaning regulation — it has stabilized a path that inhibits rather than fosters innovation beyond the certified model. In everyday terms, this feels like a de facto monopoly: “If you want to be truly legally binding, you have to go through us.”

For Elena, this translates to: not because her proof is insecure, but because it did not pass through the right gate, it counts for less. Form beats function, market power beats ingenuity — sanctioned by EU law.

Chapter 5: What Autonomy Really Means

Autonomy in the digital world does not mean anarchy. It means that the person remains the bearer of agency — even digitally. Institutions may be used, but they should not always be mandatory. This is the tension: a modern society needs both institutional trust (for interoperability, minimum standards, consumer protection) and cryptographic self-empowerment (for innovation, resilience, and freedom).

The question is not “QES or nothing,” but how we can design a system that allows both — and that recognizes the functional evidentiary power of autonomous, transparently verifiable signatures instead of ignoring them.

Chapter 6: A Reform Proposal — Seven Building Blocks

Function-based recognition layer
Alongside procedural quality classes (QES/AdES), there must be a functional recognition layer. Anyone who provides a verifiable chain of evidence (identity, time, integrity) receives legally defined evidentiary value — regardless of whether a certified service was involved. This would not replace QES, but create a second path to legal effect.

Hash anchors in recognized ledgers
Legally allow document hashes to be anchored in certain auditable ledgers (bank ledgers, public timestamp servers, even public blockchains) as “recognized integrity and time proofs.” When combined with strong, person-bound authentication, this creates a legal presumption in favor of the signature.

Zero-knowledge signatures for identity privacy
Enable methods by which signers can prove attributes (e.g., qualifications, memberships) without disclosing their full identity. This protects privacy and reduces pressure to route all actions through a single, de facto centralized identity.

Self-sovereign identity (SSI) and DIDs as a bridge
Allow verifiable credentials (VCs) and decentralized identifiers (DIDs) broadly — not as a niche, but as a state-adjacent option. The state can provide trust anchors (e.g., an ID credential), while signatures occur client-side without a trust provider co-signing every act.

FRAND obligations for trust infrastructures
Where infrastructures (timestamps, OCSP/CRL services, HSM clouds) are systemically relevant, fair, reasonable, and non-discriminatory access conditions should apply. This reduces monopolistic tendencies without sacrificing security.

Certification sandboxes and equivalence paths
Create regulated sandboxes for alternative signature protocols (such as Elena’s one-cent model or blockchain-based timestamps) with clear conformity criteria. Meeting these criteria grants equivalence status for defined legal acts.

Enforce portability and interoperability
Keys, certificates, identity claims — everything must be portable, from hardware tokens to wallets. No lock-ins via proprietary protocols. Using a particular trust service becomes an option, not an obligation.

Chapter 7: Possible Objections — and Why They Fail

Objection 1: “Without central authorities, security collapses.”
Response: No one is calling for abolishing central authorities. The demand is to allow a functional path alongside the central one. Security arises from transparency and verifiability, not solely from certification rituals.

Objection 2: “Courts will be flooded with exotic evidence chains.”
Response: Standardization is possible. Legal minimum requirements for autonomous chains can be defined (strong authentication, traceable logs, recognized time anchors). This is no more chaotic than today’s diversity of QES implementations.

Objection 3: “Privacy suffers if signatures rely on bank or blockchain logs.”
Response: Zero-knowledge techniques, selective disclosure, and pseudonymous ledgers minimize exposure. Moreover, QES gateways themselves are observation points. The goal is choice, not forced publicity.

Objection 4: “Laypeople will misuse it.”
Response: That is why liability and due-care obligations exist. Those who sign autonomously bear responsibility. The status quo delegates responsibility to third parties — at the cost of dependency. Maturity is not a security risk; it is a civic right.

Chapter 8: The Hidden Cost Ledger of the Status Quo

For Elena and thousands like her, today’s system carries invisible costs:

Transaction costs: registration, identity checks, devices, subscriptions.
Friction: waiting times, outages, accessibility issues.
Single points of failure: when gateways fail, legal transactions halt.
Innovation barriers: new protocols never leave the lab due to lack of recognition.
Power asymmetries: citizens and SMEs are users of a mono-system, not shapers.
Potential indiscretion: those handing contract data to trust providers cannot verify whether the data is fully shielded from external access.

If Europe takes digital sovereignty seriously, technically equivalent solutions to QES must be legally recognized. Sovereignty does not mean having the “right” oligopolies; it means being capable of shaping outcomes — technically, legally, socially.

Chapter 9: A Day in a Reformed Europe (A Small Vision)

Imagine the same Tuesday evening five years from now. Elena again has a contract, the clock is ticking. She opens her wallet app. Inside are:

Her state-issued, portable identity credential (used only if she chooses).
A generic signature module that generates keys locally and documents the act — certified against open criteria, without provider co-signing.
A “Set hash anchor” button with options: bank time anchor, public timestamp, or — depending on sensitivity — a private, party-visible anchor.

Elena signs locally; the app produces proof: “I confirm that I am Elena Musterfrau and declare my intent to sign this document,” anchoring the hash at location X. The client in Vienna verifies automatically: signature OK? time anchor OK? identity attributes sufficient? He clicks “Accepted.” Done. No gatekeeping. High verifiability. Minimal friction. Full autonomy.

Epilogue: A Fair Anger

Elena is angry today — rightly so. Her anger is not anti-state, not tech-naïve, not anarchic. It is civic in the best sense: she wants to do what a free person should be able to do — make binding declarations that others can verify, without asking permission.

The European response need not be to tear down the existing system. It can be to complete it: open a functional path alongside certified ones; recognize evidentiary power where it objectively exists; curb monopolistic tendencies; prioritize portability and open standards; seriously integrate zero-knowledge and SSI.

And perhaps, quite practically, one day also accept that a cleanly logged one-cent transaction with a hash in the reference field — embedded in strong authentication and auditable time anchors — is not worth less than a signature called “qualified” merely because the right gate stamped it.

The dignity of the digital person begins where form and function meet again. Until then, Elena’s one-cent signature remains a quiet but clear protest: against unnecessary dependency, against avoidable friction — and for an autonomy worthy of the name.

RFC