What is the difference between Advanced and Qualified Electronic Signatures? (eIDAS AES and QES)

And when should you use them?

Former FBI Director Robert Mueller once said: “There are only two types of companies: those that have been hacked, and those that will be.”

No company is immune to cyber-attacks or fraud. And more than ever, it is important to ensure the right controls are in place to protect against fraud. Particularly against electronic signature fraud when signing contracts and important documents remotely for industries like the financial sector. Online fraud is becoming more common today due to people staying at home during the coronavirus pandemic, without the additional protection of corporate network security for example.

With digital fraud on the rise, now is a good opportunity for businesses to take responsibility with a signing process that prioritizes their clients’ personal security, without the need for complex identity checks.

Enter Advanced Electronic Signatures (AES) and Qualified Electronic Signature (QES).

Standard Electronic Signatures vs AES and QES

Under the eIDAS (Electronic Identification, Authentication and Trust Services) regulation, the three types of electronic signatures – Standard, Advanced and Qualified – are all legally valid.

Standard Electronic Signatures have been available for many years. However, they have not generally been used for complex high-risk transactions and contracts, such as loans or insurance. This can be a signature manually drawn on a desktop screen or scanned handwritten signatures. But you cannot be certain that the signature is linked to the signer, because it is no more than just a ‘scribble on a screen’. This can raise some challenges in relation to security. Is the person really who they say they are?

An Advanced Electronic Signature and a Qualified Electronic Signature, on the other hand, provide a higher level of security. This is because they use a digital signature, i.e. protecting the signed document by cryptographic means.

Both formats of electronic signatures have the following properties:

  • Both are tamper-evident – Both AES and QES are linked to the data signed in such a way that the document cannot be changed without it being detected, once it is signed.
  • Signature identification – There is the certainty that the signature is uniquely linked back to the signer.

Both will also require the involvement of a third-party electronic signature provider.

Read the Qualified Electronic Signatures guide

A QES is a step forward from AES

To put it briefly, a Qualified Electronic Signature is an Advanced Electronic Signature that meets additional requirements.

With a QES, a qualified certificate is needed to attest to the authenticity of an electronic signature and serve as proof of the identity of the signatory. The signature itself must also be created using special hardware and software, known as a Qualified Signature Creation Device (QSCD). This ensures that:

  • The signatory is the only one with control of the key used to create the electronic signature.
  • The signature data is managed by a Qualified Trust Service Provider (QTSP)
  • The signature data is unique and protected from forgery.

While Simple Electronic Signatures and Advanced Electronic Signatures both have their place, QES provides the strongest legal evidence when it comes to disputes over digital transactions, for example, and can help to protect both the consumer and the business against fraud.

How do I know whether to choose AES or QES?

In some countries, like Belgium, it is mandatory to use a QES when it comes to signing documents digitally. But in other countries, choosing an electronic signature is mainly based on choice and risk assessment.

When the risk is low, or an acceptable small risk, consider Standard Electronic Signatures or AES. It all boils down to trust. For example, if you are getting documents signed internally within a company, but you still need to identify people. If something went wrong, then it shouldn’t have a huge impact, as it is happening within the company.

QES can be more costly and complex to use. However, if the risk is high or serious, then a QES should be used. For example, when signing documents that require a witness or contracts that require execution under seal. It is, of course possible to add Long-Term Validation to any of the signatures (ES/AES/QES). This means the signature can be validated into the future.

However, if you don’t know the person or company you are dealing with, QES can provide the highest level of security. Under eIDAS, it ‘provides the highest level of admissibility in the EU courts and has the equivalent legal effect of a handwritten signature’.

Futureproof your business with Advanced or Qualified Electronic Signatures

According to award-winning science fiction writer, William Gibson, “the future is here, but it’s not evenly distributed.”

COVID-19 may just be the push companies need to start thinking about the technology that is available to help make their lives less difficult. And by using AES or QES, you can bring great rewards to your business, including efficiency and security.

Read our in-depth guide to Qualified Electronic Signatures to learn more.

Get in touch

Want to talk to us about what we do, or need some additional information? Don’t hesitate to get in touch.