Electronic signatures have moved from a tech novelty to a business requirement for any organisation that wants to close agreements quickly, securely, and with full legal standing. This guide covers what they are, how they work, and the critical differences between the types recognised under EU law.
What is an electronic signature?
An electronic signature is any data in electronic form that is attached to or logically associated with other data in electronic form and is used by the signatory to sign. This definition — taken from EU Regulation eIDAS 910/2014 — is intentionally broad. It spans everything from ticking an "I agree" checkbox to signing with a qualified certificate issued by a Trust Service Provider.
The three eIDAS tiers
The eIDAS Regulation defines three tiers of electronic signature with different technical requirements and legal effects:
1. Simple Electronic Signature (SES)
The most basic tier. It can be as minimal as typing your name at the bottom of an email or clicking "Accept" on a form. It carries no strong guarantee of signer identity or document integrity.
Best for: low-risk internal approvals, newsletter opt-ins, informal agreements.
2. Advanced Electronic Signature (AES)
Must meet four technical requirements:
- Uniquely linked to the signatory.
- Capable of identifying the signatory.
- Created using data under the signatory's sole control.
- Linked to the signed data so that any subsequent change is detectable.
Best for: commercial contracts, service agreements, HR documentation, NDAs.
3. Qualified Electronic Signature (QES)
The highest level of legal assurance. Legally equivalent to a handwritten signature across the entire EU. Requires a qualified certificate from a Trust Service Provider (TSP) on the national trusted list of an EU Member State.
Best for: notarial acts, public-sector filings, regulated financial transactions.
Legal validity
In the EU, a document signed with an advanced or qualified electronic signature is admissible as evidence in court. The key things you need to demonstrate are:
- Signer identity — who signed it.
- Document integrity — the document hasn't been altered since signing.
- Intent — the signer clearly intended to sign.
A comprehensive audit trail — timestamped access logs, IP addresses, email verification, and an RFC 3161 tamper-proof timestamp on the final document — is what makes this case in practice.
How it works under the hood
Advanced and qualified signatures rely on asymmetric cryptography:
- A cryptographic hash (digital fingerprint) of the document is computed.
- The hash is encrypted with the signer's private key to produce the signature.
- The signature is embedded in or attached to the document.
- Any recipient can verify the signature by decrypting it with the signer's public key and checking that the resulting hash matches the document they received.
If anyone modifies the document after signing — even changing a single character — the hashes will no longer match and the signature is flagged as invalid.
Choosing the right tier
| Use case | Recommended tier | |---|---| | Internal approvals, low-value | Simple (SES) | | Commercial contracts, HR, NDAs | Advanced (AES) | | Public-sector, regulated, cross-border | Qualified (QES) |
When in doubt, opt for AES. It provides strong legal protection for the vast majority of commercial use cases without the friction of a hardware token or in-person identity verification.
Getting started with SignDeal
SignDeal supports all three eIDAS tiers. Our identity verification flow is built into the signing process — no external tools or certificates required for AES. Every document gets a sealed audit trail with an RFC 3161 timestamp so you're court-ready from day one.