What is the difference between Advanced Electronic Signature (AES) and Qualified Electronic Signature(QES)?

To understand the difference between these two levels of electronic signature, as defined by eIDAS, it helps to start out by showing the difference between AES and an electronic signature on the basic level. An AES has four requirements that set it apart from a basic ES, two of them are about the identity of the signatory, one about the sole control of the signatory, and the last about integrity protection.

According to the eIDAS regulation, an AES must be “uniquely linked to the signatory” and be “capable of identifying the signatory”. While eIDAS is technology neutral, the identity proofing and sole control criteria required for an AES is typically achieved with an eID means like Swedish BankID, iDIN (Netherlands) or MitID (Denmark). To learn more about eIDAS and electronic identity schemes in the EU, refer to the Scrive Trust Centre article Standardising Digital Identity in the EU.

In eIDAS, the requirements of each level are built on the requirements of the level below it. Thus, a QES is an AES which is additionally: (i) created by a qualified signature creation device (QSCD), and (ii) is based on a qualified certificate for electronic signatures. These technical requirements are typically the responsibility of the e-signature service provider and their partners, not the parties signing the document.

Simply put, these requirements mean that the technical solution used to sign with QES needs to be certified/approved. This implies that the methods of identification, sole control and integrity protection used are also approved. However, not all such methods that are available for the AES level do fulfill that criteria. In effect, the options for QES are more limited and the feasibility, user friendliness etc. thereof may also be affected due to stricter requirements. This may make AES, or even ES, a more attractive alternative for your business and your counterparts – provided this is sufficient to comply with your regulatory requirements and to manage your business risk.

General disclaimer: Scrive does not provide legal advisory services. The purpose of this information is only to give general information based on Scrive’s research and current understanding and knowledge of applicable regulations. The reader may use the information provided solely on own responsibility and risk. For legal advice, please refer to qualified legal expertise within your own jurisdiction and business area.

How to start using qualified electronic signatures?

Through partnerships Scrive may offer solutions for QES on different markets throughout Europe. To implement support for QES in your business may only require the integration of Scrive’s eSign service into your system or service.

Contact sales

About Swisscom

As the leading provider of communication, IT and entertainment in Switzerland, Swisscom is uniquely positioned to offer their identification and signing capabilities to help businesses achieve a qualified electronic signature. With their history of technical innovation and sustainability, they’ve proven to be the perfect partner for Scrive to guide customers through the complexities of digital transformation and the regulations therein.

About Verimi

Verimi are hard at work developing the future of digital identity management. Being on the forefront of of the ever-evolving digital identity landscape, with partners such as Allianz, Deutsche Bank, Deutsche Telekom, Samsung and Volkswagen, Verimi are poised to play a major role in shaping the use of eIDs for years to come.

ItsMe

About itsme

itsme® (also known as Belgian Mobile ID) is a smartphone-based eID that provides a secure and convenient way to identify yourself, share your ID data, log in to apps and websites and sign documents. itsme® is ISO27001 certified and conforms with Belgian laws and EU laws regarding digital identity, e-signatures and data sharing, including eIDAS and GDPR. Data is always encrypted when stored or communicated with itsme® partners.

SmartID

About SmartID

Smart-ID is the most popular mobile authentication solution across the Baltics, with over 3 million users in Estonia, Latvia and Lithuania. Smart-ID is recognised as a Qualified Signature Creation Device (QSCD) according to the eIDAS Regulation. This means that Smart-ID users can electronically sign documents with a signature on the Qualified level, the highest level according to eIDAS. A Qualified Electronic Signature is the legal equivalent of a handwritten signature and is valid throughout the EU.