The three levels of electronic signatures

Under the EU's eIDAS regulation, an electronic signature is not one single thing — it sits at one of three levels: Simple (SES), Advanced (AES), or Qualified (QES). The level you need depends on the type of document, who has to sign it, and what evidence you may need to produce if it is ever contested.

What eIDAS actually defines

eIDAS — Regulation (EU) No 910/2014 — is the framework that governs electronic signatures and trust services in the European Union and the European Economic Area. It does two important things:

  • It states that an electronic signature cannot be denied legal effect or admissibility as evidence in court solely because it is electronic.
  • It defines three tiers — SES, AES, and QES — each with its own technical and procedural requirements. A higher tier inherits everything the lower tier provides and adds further guarantees.

The UK retained an aligned framework after Brexit through its own version of eIDAS, and Switzerland has an equivalent regime (ZertES). Outside Europe, the US uses a different model based on the ESIGN Act and UETA — described further down.

Simple Electronic Signature (SES)

An SES is any data in electronic form attached to or logically associated with other data, used by a signer to sign. There is no minimum technical requirement. A scanned signature, a typed name at the bottom of an email, a drawn signature on a touchscreen, a click on an "I agree" button — all qualify.

SES is admissible in court. Its evidential weight depends on the surrounding context: the audit trail captured at sign time, identifiers such as IP address, email confirmation, timestamps, and whether the document hash was preserved after signing. A well-implemented SES with a tamper-evident audit trail is sufficient for the overwhelming majority of business documents:

  • commercial contracts (NDAs, SaaS agreements, supplier orders)
  • HR onboarding documents, offer letters
  • internal approvals, expense forms
  • quotes, statements of work, intent letters

Advanced Electronic Signature (AES)

An AES has to satisfy four cumulative conditions set out in Article 26 of eIDAS:

  1. It is uniquely linked to the signer.
  2. It is capable of identifying the signer.
  3. It is created using signature creation data that the signer can, with a high level of confidence, use under their sole control.
  4. It is linked to the signed data in such a way that any subsequent change is detectable.

In practice, an AES involves a digital certificate tied to a verified identity, asymmetric cryptography (the signer holds a private key), and a hash binding the signature to the document content. Identity is typically verified through methods such as a bank-grade eID, a video identification session, or a chain of prior authentication factors.

AES is used when the parties want stronger evidence of who signed what, without going as far as the heavy identity verification of QES. Some sectors (banking, insurance, certain real-estate transactions in some EU member states) require AES by regulation. Cross-border B2B contracts of significant value often specify AES in their signature clauses.

Qualified Electronic Signature (QES)

A QES is an AES that is, in addition, created by a qualified signature creation device and based on a qualified certificate issued by a Qualified Trust Service Provider (QTSP) listed on the EU Trusted List. The identity verification step is performed face-to-face or via a regulator-approved video identification process.

QES is the only signature tier that Article 25 of eIDAS grants the same legal effect as a handwritten signature throughout the EU. Member states recognise QES from any other member state without further verification.

QES is typically required when the law mandates a handwritten signature for a specific act. Examples vary by country, but commonly include:

  • notarial deeds and acts that need to be recorded by a notary
  • certain real-estate transfer documents
  • some employment contract terminations in specific jurisdictions
  • specific procedural filings before courts and tax authorities

Because QES requires onboarding through a QTSP and the use of a qualified signature device, it is slower and more expensive to issue than SES or AES. It is reserved for the narrow set of documents that genuinely require it.

Side-by-side comparison

SESAESQES
Identity verificationEmail / contextualStrong (eID, video)In-person or qualified video
Tamper detectionThrough audit trailCryptographic, mandatoryCryptographic, mandatory
CertificateNot requiredDigital certificateQualified certificate from a QTSP
Legal effectAdmissible, evidentiaryAdmissible, stronger evidenceEquivalent to handwritten signature
Typical useMost business documentsRegulated industries, cross-border B2BNotarial acts, specific legal filings

How the US compares: ESIGN Act and UETA

The United States does not use the SES / AES / QES tiering. Two statutes govern electronic signatures:

  • The ESIGN Act (Electronic Signatures in Global and National Commerce Act, 2000) is a federal law that gives electronic signatures the same legal effect as handwritten signatures for transactions in or affecting interstate or foreign commerce.
  • UETA (Uniform Electronic Transactions Act) is a model state law adopted by 49 states (all except New York, which has its own statute), covering electronic signatures in state-governed transactions.

Both statutes are technology-neutral and define an electronic signature broadly: an electronic sound, symbol, or process attached to or logically associated with a record and executed with intent to sign. There is no built-in distinction between a click-to-sign and a certificate-based signature; the validity of a signature is judged on the surrounding evidence — intent, attribution, integrity of the record, and consent to do business electronically.

In practical terms, an SES delivered through a competent e-signature platform satisfies both ESIGN and UETA for almost all business documents. A handful of categories are excluded from these statutes (wills, certain family-law documents, court orders) and remain governed by their own paper-based requirements.

Which level do you actually need?

For day-to-day business documents — NDAs, service agreements, employment offers, internal approvals, supplier orders — an SES with a proper audit trail is sufficient under both eIDAS and ESIGN/UETA. The vast majority of e-signatures delivered every day worldwide are SES.

You should consider AES when a specific regulator or industry code requires it (parts of finance, insurance, healthcare in some jurisdictions), or when the parties to a cross-border contract want a stronger guarantee of signer identity than an SES alone provides.

You should look at QES only when a national law explicitly requires the legal equivalence of a handwritten signature — for example, certain notarial acts or specific filings before public authorities. If you are not sure whether QES is required for a given document, the right reference is the national civil code or sector-specific regulation of the country where the document has legal effect.

References