Jul 21, 2022
Difference between advanced and qualified electronic signatures
In the wake of the digital revolution that has swept the world, countries updated their regulations to incorporate digital signatures to facilitate online business. In the EU, eIDAS regulation has classified three primary types of e-signatures: SES, AES and QES. This post clarifies the different digital signatures and provides guidance on which one may suit your business needs.
Advantages of digital signatures
Digital signatures have increasingly become a standard business practice in the EU for people and companies to provide legal consent. Everything from multimillion-dollar contracts down to basic record management and accessing government services is now possible via electronic signatures.
There are many advantages of adopting digital signatures, in place of wet ink on paper. It facilitates ease of access to government for citizens, reduces a company’s vulnerability to fraud, and cuts down costs and time.
Indeed, there are many reasons a company or organisation should get on board with e-signatures, with QES especially as we will explain now stating the difference of advanced vs qualified electronic signature, and a brief explanation of the simple e-Signature.
eIDAS and regulatory electronic signature standards
Within the EU, the electronic IDentification Authentication and trust Services, commonly known as eIDAS, regulates electronic signatures. eIDAS regulation defines three assurance levels of e-signatures to facilitate a common regulatory standard across EU member countries.
- Simple Electronic Signatures (SES)
- Advanced Electronic Signatures (AES)
- Qualified Electronic Signatures (QES)
Companies must consider their business needs when selecting the appropriate e-signature method. The core point of differentiation between the three formats of e-signatures relates to the level of security provided. SES is designed for low-risk scenarios, AES for moderate risk with high-volume demands, whereas QES is a robust signature format suited for large financial transactions that require a high level of security.
Download the guide on eIDAS and AML and get into the regulations affecting financial companies in Europe.
Simple Electronic Signature (SES): a brief explanation
An SES is the most basic level of e-signature that enables a user to electronically accept something. eIDAS provides a broad definition as to what accounts for SES, and to paraphrase the legalese, it is data on an electronic form that is used by a signatory to sign. For example, SES accepts scanned signatures and webpage tick-boxes used for accepting terms and conditions.
The benefit for non-highly regulated companies using SES is that it is just a click. However, from a data security perspective, it does not ensure the integrity or authenticity of the signed document and limits the reach of a company’s digital performance and offering. The SES is not accepted as a compliant method for customer onboarding, as it is considered a high-risk operation.
Advanced vs Qualified Electronic Signature (AES vs QES)
More advanced digital signatures include AES and QES, both with different strengths and weaknesses.
The Advanced Electronic Signature (AES), unlike an SES, guarantees the authenticity and integrity of a signed document. An AES provides a more robust approach to electronic signatures by incorporating additional key security protocols. Under the measures stipulated by eIDAS, an AES must be uniquely linked to the individual and capable of identifying the signatory. In addition, the form being used must be tied to the signature data to ensure any changes are detectable.
These requirements are most commonly met when using Public Key Infrastructure (PKI) technology. Digital signatures that use PKI technology qualify for the AES standard as defined by eIDAS. The documents that may require an AES include employment contracts, bank documents and One-Time Passwords sent via text or email for login verification.
Even more advanced, a Qualified Electronic Signature (QES) provides the highest level of security for electronic signatures. It is based on the same security protocols as an AES. However, a key difference between advanced and qualified signatures is that a QES requires a Qualified Signature Creation Device (QSCD) that generates signatures with a qualified certificate.
In the EU, only Trust Service Providers (TSPs) and Certification Authorities, such as Electronic IDentification, are eIDAS-approved organisations that are legally permitted to provide a QES certificate.
In addition, unlikeAES, a QES requires face-to-face, or video verification of the signer as a pre-requisite before being granted QES signatory capability. eKYC companies such as Electronic IDentification are equipped with automatic video identification to provide their customers with the freedom of remote identification. Once the user has been verified, they are provided with a unique PIN code to create a two-factor authentication of the signature user.
With the high level of security offered with a QES, in the case of a dispute, the burden of proof lies with the party disputing the validity of the signature instead of the company, opposite to what happens with the AES.
Due to this, a QES is often used for the onboarding process and major contracts and documents such as commercial contracts, sale agreements and mortgage documents.
Watch our QES+ recorded webinar and discover the most disruptive onboarding technology for Europe.
Which Assurance Level does my company need? Choosing Between Advanced Electronic Signature vs Qualified.
The primary factors a company needs to consider when weighing up their decision on a digital signature are what regulatory requirements the company is obliged to comply with and how far it wants to go to do so.
If the company is highly regulated and achieving a high level of security is its most important business concern because they are dealing with major commercial agreements, then opt for a QES. It is the gold standard of electronic signatures and holds the same weight as a handwritten, witnessed document in court.
Besides, with QES+ onboarding from Electronic IDentification, choosing the Qualified Electronic Signature as your go to for customer onboarding and all other processes of identity proofing not only assures you comply with the highest European regulatory standards, but also, thanks to VideoID, that you offer the best user experience to your clients with a fully digital and automated flow they can complete seamlessly in seconds.
Watch how QES+ onboarding process works live and open your company to more than 500M customers Europe-wide.