Electronic signatures play an essential role in electronic transactions by facilitating the digital signing of documents and agreements - from business documents to invoices, through to contracts between employees and sales contracts. The levels of security, legal validity, and functionality can vary significantly based on the type of electronic signature used.
In this article, we take a look at the different types of electronic signatures - Simple (SES), Advanced (AdES) and Qualified (QES) electronic signatures and their appropriate use cases for each type.
An Introduction to eIDAS
Enacted in 2016, the European Union (EU) eIDAS regulation was a collaborative effort by lawmakers and regulators aimed at establishing a unified foundation and framework for secure electronic signatures.
The eIDAS regulation delineates three distinct categories of electronic signatures:
Simple Electronic Signatures:
- For general use
- Considered the most basic form or electronic signatures
Advanced Electronic Signatures:
- Supported by authentication through digital certification provided by a trusted third-party
- Offers an elevated level of security compared to basic signatures
Qualified Electronic Signatures:
- Authenticated by a third-party granted authority by the EU, known as a Qualified Trust Provider (QTSP)
- Represents the highest level of trust and security according to EU standards.
These three levels of e-signatures serve as indicators of the trustworthiness of signed agreements, providing a framework for understanding and implementing electronic signatures across different contexts.
A Simple Electronic Signature
A Simple Electronic Signature is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign" (eIDAS Article 3.10). It can be a drawn signature on a tablet, a box that’s checked, using an ‘I accept’ button, or a scanned picture of a wet signature.
Use Case Examples
- Used in everyday transactions
- Signing internal company documents, including emails
- Low-risk agreements
- Parcel delivery terminals
The primary drawback of Simple Electronic Signatures is the lower level of security and authentication they offer when compared to Advanced and Qualified Electronic Signatures. This characteristic renders SES more susceptible to forgery and disputes, especially in high-risk transactions or when handling sensitive information.
An Advanced Electronic Signature
An advanced electronic signature, as defined in eIDAS Article 26, is an electronic signature that possesses the following characteristics:
- Uniquely linked to and capable of identifying the signatory;
- Created in a way that allows the signatory to retain control;
- Linked to the document in a way that enables the detection of any subsequent changes to the data.
The predominant technology capable of delivering these attributes is the utilization of a public-key infrastructure (PKI), which entails the application of digital certificates and cryptographic keys. The PKI process is how a digital certificate verifies digital signatures.
Use Case Examples
- Financial documents such as finance agreements and banking documents
- Legally binding documents, such as employment contracts
- Purchase orders
It is crucial to emphasize that in scenarios involving stringent legal requirements or high-value transactions, the use of Qualified Electronic Signatures becomes essential for ensuring optimal security and compliance. Qualified Electronic Signatures offer a higher level of authentication, legal validity, and protection, making them the preferred choice when the stakes are elevated in terms of legal and financial implications.
A Qualified Electronic Signature
A qualified electronic signature (eIDAS Article 3.12) is an advanced electronic signature which is additionally:
- Applied using a Qualified Signature Creation Device (QSCD) which must comply with strict security and technical standards to ensure the highest level of trust and authenticity in the signature creation process
- and is based on a qualified certificate for electronic signatures and issued by a Qualified Trust Service Provider
Qualified Electronic Signatures undergo a rigorous validation process involving multiple steps, incorporating encrypted keys and authentication. A Qualified Trust Service Provider vets the identity of signers before they are authorized to issue a Qualified Electronic Signature. This robust authentication process adds an extra layer of security and trust, aligning with the high standards set for Qualified Electronic Signatures.
Use Case Examples
- Filing patent applications
- Signing land registry documents
- Signing a commercial proposal
- Signing of a legal consent
- Major sales agreements
Although various levels of electronic signatures may be suitable for different situations, it is important to note that only qualified electronic signatures are explicitly recognized to have the equivalent legal standing of handwritten signatures throughout the European Union.
The primary distinction among the three types of signatures lies in the level of security they offer and the complexity of the signer identity verification system each employs. The robustness of a signature is, therefore, determined by the confidence it instills regarding the identification of the signer and the assurance that the document is indeed the one that has been signed.
From a legal perspective, surrounding the eIDAS regulation, there is a substantial distinction between Qualified Electronic Signatures and Simple or Advanced Electronic Signatures. Qualified Electronic Signatures adhere to precisely defined regulatory constraints regarding the verification of the signer's identity and the protection of the signature key. Their legal effect is explicitly equivalent to that of a handwritten signature. In contrast, other levels of electronic signatures, such as Simple or Advanced, carry probative value but do not necessarily enjoy the same level of legal recognition as Qualified Electronic Signatures.
GlobalSign’s Document Signing Solutions enables organizations to sign documents with confidence, integrity and trust which have been designed to suit a variety of organizational needs.
If you would like to learn more about innovations on the horizon and how digitalization is driving the adoption of electronic signature services in both the EU and UK, read GlobalSign's eBook.