Advanced vs Qualified Electronic Signatures: What is the Difference?
In the wake of the digital revolution that has swept the world, countries updated their regulations to incorporate digital signatures to facilitate online business. In the EU, eIDAS regulation has classified three primary types of e-signatures: SES, AES and QES. This post clarifies the different digital signatures and provides guidance on which one may suit your business needs.
Advantages of Digital Signatures
Digital signatures have increasingly become a standard business practice in the EU for people and companies to provide legal consent. What is a digital signature? Digital signature is a cryptographic technique that ensures the authenticity and integrity of a digital message or document, confirming that the content has not been altered and verifying the identity of the signer. Everything from multimillion-dollar contracts down to basic record management and accessing government services is now possible via digital signatures.
There are many advantages of adopting digital signatures in place of wet ink on paper. It facilitates ease of access to government for citizens, reduces a company’s vulnerability to fraud, and cuts down costs and time.
Indeed, there are many reasons a company or organisation should get on board with e-signatures, particularly focusing on QES as we will elaborate shortly, stating the difference between advanced and qualified electronic signatures, providing a brief explanation of the simple e-signature.
eIDAS Regulation and Its Impact on Digital Signatures
Within the EU, the electronic IDentification Authentication and trust Services, commonly known as eIDAS, regulates electronic signatures. To build a better understanding of eIDAS regulation, what it eIDAS regulation is, its meaning, and how it applies, it's essential to know that it provides the legal framework for electronic identification and trust services across the EU.
These include:
- Simple Electronic Signatures (SES)
- Advanced Electronic Signatures (AES)
- Qualified Electronic Signatures (QES)
Companies must consider their business needs when selecting the appropriate e-signature method. The core point of differentiation between the three formats of e-signatures relates to the level of security provided. SES is designed for low-risk scenarios, AES for moderate risk with high-volume demands, whereas QES is a robust signature format suited for large financial transactions that require a high level of security.
What Is a Simple Electronic Signature (SES)?
An SES is the most basic level of e-signature that enables a user to accept something electronically. eIDAS provides a broad definition of what accounts for SES. To paraphrase the legalese, it is data on an electronic form that is used by a signatory to sign. For example, SES accepts scanned signatures and webpage tick-boxes for accepting terms and conditions.
The benefit for non-highly regulated companies using SES is that it is just a click. However, from a data security perspective, it does not ensure the integrity or authenticity of the signed document and limits the reach of a company’s digital performance and offering. The SES is not accepted as a compliant method for customer onboarding, as it is considered a high-risk operation.
Advanced vs Qualified Electronic Signatures (AES vs QES): Key Differences
More advanced digital signatures include AES and QES, with different strengths and weaknesses.
Advanced Electronic Signatures (AES) means a signature that is uniquely linked to the signatory, is capable of identifying them, and is created using secure signature creation data that is under the signatory’s sole control. The Advanced Electronic Signature (AES), unlike an SES, guarantees the authenticity and integrity of a signed document.
An AES provides a more robust approach to electronic signatures by incorporating additional key security protocols. Under the measures stipulated by eIDAS, an AES must be uniquely linked to the individual and capable of identifying the signatory. In addition, the form being used must be tied to the signature data to ensure any changes are detectable.
These requirements are most commonly met when using Public Key Infrastructure (PKI) technology. Digital signatures that use PKI technology qualify for the AES standard as defined by eIDAS. The documents that may require an AES include employment contracts, bank documents and One-Time Passwords sent via text or email for login verification.
Qualified Electronic Signature (QES) means a type of advanced electronic signature that is created by a qualified signature creation device and is based on a qualified certificate issued by a Trust Service Provider (TSP). Even more advanced, a Qualified Electronic Signature provides the highest level of security for electronic signatures.
Only Trust Service Providers (TSPs) and Certification Authorities, such as Signicat, are eIDAS-approved organisations legally permitted to provide a QES certificate in the EU.
In addition, unlike AES, a QES requires face-to-face or video verification of the signer as a pre-requisite before being granted QES signatory capability. KYC companies such as Signicat are equipped with automatic video identification to provide their customers with the freedom of remote identification. Once the user has been verified, they are provided with a unique PIN code to create a two-factor authentication of the signature user.
With the high level of security offered with a QES, in the case of a dispute, the burden of proof lies with the party disputing the validity of the signature instead of the company, opposite to what happens with the AES.
Due to this, a QES is often used for the onboarding process and major contracts and documents such as commercial contracts, sale agreements and mortgage documents.
How to Choose Between Advanced and Qualified Electronic Signatures
The primary factors a company needs to consider when weighing up its decision on a digital signature are what regulatory requirements the company is obliged to comply with and how far it wants to go to do so.
If a company is highly regulated and one of its most important business concerns is maintaining a high level of security because they are dealing with major commercial agreements, then opt for a QES. It is the gold standard of electronic signatures and holds the same weight in court as a handwritten witnessed document. If you want to learn more, see our guide on “Are electronic signatures legally binding?
Besides, with QES Multi onboarding from Signicat, choosing the Qualified Electronic Signature as your go-to for customer onboarding and all other processes of identity proofing not only assures you comply with the highest European regulatory standards but also, thanks to VideoID, that you offer the best user experience to your clients with a fully digital and automated flow they can complete seamlessly in seconds.