Types of Digital Signature: AES, QES, SES, explained
Written by Arianna Russo Hernandez, Support Communications Manager at DocuSign
What is the difference between electronic signatures and digital signatures?
Very broadly, electronic signatures are a category of methods for signing a document. DocuSign eSignature is a classic example here. Electronic signature solutions are fast to set up and extremely simple for signers to use, e-signatures are found in everything from business contracts to offers of employment, from invoices to purchase orders and sales contracts with customers.
A digital signature is a specific type of electronic signature that uses a specific technical implementation to meet the needs of highly regulated industries. The use of digital signatures is regulated in legal texts, such as the European eIDAS regulation of 2014 and the United Kingdom’s Electronic Identification and Trust Services for Electronic Transactions Regulations of 2016. This article explains more about the different types of digital signatures: Simple (SES), Advanced (AES), and Qualified (QES)Electronic Signature, and when they might be used.
They may seem complex, but digital signatures become easier to understand after a few key elements are explained. We recommend reading our Digital Signature FAQ guide if this is the first time you’ve heard of them.
What is a digital signature?
A digital signature is a specific type of e-signature that complies with strict legal regulations, securely associating a signer with a document and providing the highest level of assurance of a signer’s identity.
A digital signature securely associates the signatory with a document in a recorded transaction. Digital signatures use a standard, accepted format, called Public Key Infrastructure (PKI), to provide the highest levels of security. They are a specific signature technology implementation of electronic signature.
Now let’s take a deeper look at simple electronic signatures and the two kinds of digital signatures legally accepted in the UK, going from least to most stringent:
Simple electronic signature (SES): For everyday transactions
This is the most basic electronic signature available. It does not require strong signer authentication or identity verification. For transactions that can use this type of signature, it is enough to know the signer’s email address, or that they received a unique access code before signing. This type of signature does not require the creation of additional data to verify the ID. An example of a use for a simple electronic signature could be a day-to-day sales and procurement agreement or the creation of a simple form that needs signing. Standard DocuSign envelopes fall into this category.
Advanced electronic signature (AES): For high-value transactions.
An AES includes additional user authentication steps: a signer may be asked to produce and use a valid, government-issued document to confirm their identity, pass various biometric detection checks, and uses a unique access code after the signing process. Advanced signatures also require a digital certificate to be generated and attached to the envelope as part of this transaction.
Because of these additional features, AES accomplish two very important things:
- They reliably identify the signer.
- They establish a unique link between the signature and the signer.
Employment offer letters are an example of a use case for AES: a candidate goes through in-person interviews and is chosen for the role. The HR team prepares a formal offer letter for their future employee, who can sign it electronically after receiving a PIN via text message. Then, the DocuSign eSignature platform asks them to take a photograph of their driving licence with their smartphone to confirm their identity. DocuSign ID Verification provides AES signatures for this use case.
Qualified electronic signature (QES): For highly regulated transactions.
On 1 February 2022, the expert Industry Working Group on Electronic Execution of Documents published their interim report, which sets out their analysis of the current state of e-signatures in England and Wales. In its report, the group concludes that Qualified Electronic Signatures (QESs) 'are capable of fulfilling the same objectives as physical witnessing and attestation'. A QES offers the highest level of trust through a face-to-face, or equivalent, ID verification process by a Qualified Trust Service Provider - which may be from either the UK or EU – and the resulting digital certificate created with an electronic signature device. Given the complete audit trail created by the system, the working group found that 'there is also an argument to be made that a QES is likely to be more reliable than a signature witnessed in an unsupervised environment.' This process unquestionably establishes the validity of the signature process to the extent that a QES is considered the legal equivalent of a wet (handwritten) signature under UK law. There are many QES examples in Europe. In the UK, GOV.UK Verify is a QES-enabled service. DocuSign’s ID Verification for EU Qualified solution streamlines the EU and UK eIDAS-compliant QES attainment process, by enabling customers to attain these types of digital signatures within minutes. Depending on the country, DocuSign also supports QES signatures for “signer-held” digital certificates issued by a trusted Certificate Authority, installed in devices such as smart cards, USB drives or on their personal computer.
In summary: How does qualified electronic signature (QES) work with DocuSign?
QES requires identity authentication before a digital certificate is issued. It offers the highest level of trust through face-to-face, or equivalent, ID verification. Customers are asked to electronically identify themselves during the signing process when prompted to verify ID. Your digital certificate proving identity is automatically attached to the signature behind the scenes following verification. DocuSign offers multiple options for QES with ID verification options, such as its ID Verification for EU Qualified offering. Digital certificates are issued by Certificate Authorities, also called Trust Service Providers. DocuSign is a Trust Service Provider on the EU Trust List. DocuSign accepts qualified certificates issued by Trust Service Providers on the EU Trust List.
How does advanced electronic signature (AES) work with DocuSign?
An Advanced Electronic Signature with DocuSign includes additional user authentication steps: a signer will be asked to produce a valid document to confirm their identity, as well as a unique access code after the signing process. DocuSign issues AES PKI digital signatures that satisfy legal requirements and provide flexible options to verify the identity of signers using DocuSign ID Verification or another established identity verification process. DocuSign has ID verification options to meet both Advanced and Qualified Electronic Signature levels under eIDAS and around the world when combined with our Standards-Based Signatures offerings.
How does a simple electronic signature (SES) work with DocuSign?
DocuSign eSignature meets the eIDAS requirement for electronic signatures. Simple electronic signatures are broadly accepted throughout the world as an electronic replacement to handwritten signatures and are sufficient for most use cases, customers and locations. For example, a simple electronic signature is appropriate for internal documents, business-to-consumer transactions or agreements with existing partners or signers. It’s simple and has few requirements associated with it, making it an efficient form of e-signature for most agreements. If ID verification is needed, an advanced or qualified electronic signature may be required. To learn the facts about current e-signature laws, visit the DocuSign eSignature Legality Guide.
The content in this post is for general informational and/or educational purposes only and is not intended to be legal advice. Please consult an attorney regarding your specific legal questions.