Not all electronic signatures carry the same legal weight. An email with a typed name at the bottom is technically an electronic signature — but it provides very different legal assurance from a signature backed by a qualified trust certificate issued by an accredited provider. Understanding these distinctions is essential for businesses, legal professionals, and anyone managing compliance requirements in 2026.
Under the EU's eIDAS regulation (Electronic Identification, Authentication and Trust Services), electronic signatures are categorised into three tiers: Simple Electronic Signatures (SES), Advanced Electronic Signatures (AES), and Qualified Electronic Signatures (QES). Each tier offers a different level of identity assurance, legal presumption, and audit trail capability. US law under ESIGN and UETA uses different terminology but maps to similar concepts in practice.
SES A Simple Electronic Signature is any data in electronic form attached to, or logically associated with, other electronic data that the signatory uses to sign. In practical terms: a typed name, a scanned handwritten signature image, a checkbox confirming agreement, or a "I Accept" button click.
SES requires no specific technology or identity verification. The signatory doesn't need to be authenticated beyond whatever the platform normally provides (a login, for example). This makes SES fast and friction-free — but it also means its evidentiary value in a legal dispute is minimal.
AES An Advanced Electronic Signature must meet four specific requirements under eIDAS Article 26:
In practice, AES typically relies on a combination of identity verification at account creation (email verification, phone authentication, or knowledge-based authentication) and cryptographic signing that produces a tamper-evident audit trail. Platforms like DocuSign, Adobe Sign, and SignedDocsRepublic produce AES-level signatures by default for most business use cases.
AES relies on asymmetric cryptography: the signatory holds a private key, the signed document is encrypted with that key, and verification uses the corresponding public key. Any change to the document content after signing invalidates the cryptographic hash, making tampering immediately detectable — even if a single character is altered.
QES A Qualified Electronic Signature is an Advanced Electronic Signature that additionally:
The signer's identity must be verified in person or through a government-equivalent digital identity process before a Qualified Certificate is issued. This creates the highest possible assurance of identity — the certificate-issuing body has legally verified that the person named on the certificate is who they claim to be.
Under eIDAS Article 25(2), a QES has the legal equivalent of a handwritten signature across all EU member states. This is the only electronic signature type for which cross-border legal equivalence is explicitly guaranteed under EU law. Courts in all member states must presume the integrity of a QES — the burden of disproving it lies with the contesting party.
To create a QES, you must obtain a qualified certificate from an accredited QTSP (Trust Service Provider) listed on your country's national Trusted List under eIDAS. Issuance typically requires either an in-person identity verification appointment or a video identification procedure using government-issued ID. In several EU countries, national eID infrastructure (Germany's nPA, Austria's a-trust, France's FranceConnect) can be used to obtain qualified certificates digitally.
| Feature | SES | AES | QES |
|---|---|---|---|
| Identity verification required | No | Varies (platform-level) | Yes — by accredited QTSP |
| Tamper evidence | No | Yes | Yes |
| EU legal equivalence to handwritten signature | No | No | Yes (eIDAS Art. 25) |
| Qualified Certificate required | No | No | Yes |
| Cross-border EU recognition guaranteed | No | Partial | Yes |
| Friction for signer | Very low | Low | High (one-time setup) |
| Typical use case | Internal acknowledgements | Commercial contracts | High-value regulated documents |
In the United States, the federal ESIGN Act (2000) and the UETA (Uniform Electronic Transactions Act, adopted in 49 states) establish the legal framework for electronic signatures. US law does not use the SES/AES/QES tiered structure of eIDAS, but takes a technology-neutral approach: any electronic signature is valid if the parties intend to sign and consent to electronic processes.
This means that US courts generally evaluate electronic signatures based on their evidentiary value — audit trails, IP addresses, time stamps, authentication records — rather than assigning legal weight based on a tiered taxonomy. Platforms that produce strong audit trails (equivalent to AES in practice) provide substantially better legal protection than simple typed-name signatures, even though US law doesn't formally distinguish between them in the same way eIDAS does.
For US-EU cross-border transactions, where EU parties may require documents to meet eIDAS standards, using an AES or QES compliant platform is strongly recommended to avoid disputes about enforceability in European jurisdictions.
Different document types have different signature level requirements under both European and international frameworks:
| Document Type | Minimum Recommended Level | Notes |
|---|---|---|
| NDAs and confidentiality agreements | AES | SES sufficient for low-value relationships |
| Standard commercial contracts | AES | Standard for most B2B transactions |
| Employment contracts | AES to QES | Varies by jurisdiction; Germany requires QES for fixed-term contracts |
| Real estate transactions | QES or notarial | Most EU jurisdictions require notarial certification |
| Financial regulated documents | AES minimum | QES for high-value investment products in some jurisdictions |
| Consumer agreements / T&Cs | SES | Checkbox or click-through generally sufficient |
The practical decision framework is straightforward. For most commercial and business documents, AES is the appropriate default — it provides a strong audit trail, tamper-evident protection, and is accepted across the EU and US without the setup overhead of QES. For documents involving high value, regulated industries, or jurisdictions that explicitly require it, QES is necessary and worth the additional friction of qualified certificate issuance.
If you are uncertain about the requirements for a specific document or jurisdiction, the safest approach is to consult with a legal professional familiar with the applicable laws. This guide provides a general framework, not legal advice for specific circumstances.