Qualified Electronic Signatures (QES) under the EU eIDAS framework rely on a single Qualified Trust Service Provider (QTSP), introducing critical single-point-of-failure and vendor-lock-in risks. Method: We propose QoeSiGN, a distributed QES generation framework based on Privacy-Preserving Collaborative Computation (P2C2). It systematically integrates P2C2 into an eIDAS-compliant architecture via two synergistic pathways: “multi-party Hardware Security Modules (HSMs)” and “user-participatory secure multi-party computation (MPC)”, ensuring cryptographic agility, legal validity, and user-exclusive control over signing operations. Contribution/Results: Through STRIDE/DREAD threat modeling, formal MPC protocol design, and trusted channel integration, QoeSiGN demonstrates superior distributed robustness, dynamic cryptographic algorithm upgradability, and genuine user agency—outperforming conventional QES schemes. It provides concrete, deployable implementations across diverse real-world scenarios while fully preserving eIDAS compliance.

eSignatures ensure data's authenticity, non-repudiation, and integrity. EU's eIDAS regulation specifies, e.g., advanced and qualified (QES) eSignatures. While eSignatures' concrete legal effects depend on the individual case, QESs constitute the highest level of technical protection and authenticity under eIDAS. QESs are based on a qualified certificate issued by a qualified trust service provider (QTSP). Despite legal requirements, technically, a QTSP represents a single point of failure. Contrary, privacy-preserving collaborative computations (P2C2s) have become increasingly practical in recent years; yet lacking an extensive investigation on potential integrations in the QES landscape. We perform a threat analysis on the QES-creation process of Austria's national eID, using STRIDE and a DREAD-like model to extract requirement challenges (RCs) primarily related to: (1) Distributed Service Robustness, (2) Agile Crypto Deployment, and (3) Active User Involvement. To address these RCs, we present QoeSiGN, utilizing novel P2C2 technologies. While currently no P2C2 addresses all RCs, legal aspects, and practical efficiency simultaneously, QoeSiGN gives instantiation possibilities for different needs. For instance, "Multi-Party HSMs" for distributed hardware-secured computations; or secure multi-party computation (software) for highest crypto agility and user involvement, where the user participates in the QES computation. Deployment-wise, QTSPs would need to adapt the signing process and setup trusted communication channels. Legal-wise, QoeSiGN's implementation appears permissible, needing further analysis for realization. Technically, QoeSiGN addresses some regulation requirements better than the current solution, such as "sole control" or crypto agility. Our identified threats and extracted requirements can be transferred to the general QES ecosystem.