What are the levels (simple, advanced and qualified) of electronic signatures?
The eIDAS Regulation defines three levels of electronic signature: 'simple' electronic signature, advanced electronic signature and qualified electronic signature. The requirements of each level are built on the requirements of the level below it, such that a qualified electronic signature meets the most requirements and a 'simple' electronic signature the least.
'Simple' electronic signatures
An electronic signature is defined as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign". Thus, something as simple as writing your name under an e-mail might constitute an electronic signature.
Advanced electronic signatures (AdES)
An advanced electronic signature is an electronic signature which is additionally:
- uniquely linked to and capable of identifying the signatory;
- created in a way that allows the signatory to retain control;
- linked to the document in a way that any subsequent change of the data is detectable.
The most commonly used technology able to provide these requirements relies on the use of a public-key infrastructure (PKI), which involves the use of certificates and cryptographic keys.
Qualified electronic signatures (QES)
A qualified electronic signature is an advanced electronic signature which is additionally:
- created by a qualified signature creation device (QSCD);
- and is based on a qualified certificate for electronic signatures;
- it is equivalent to a handwritten signature.
For more info, visit our eSignature dedicated FAQ page: https://ec.europa.eu/digital-building-blocks/wikis/x/j4BrBg