When a digital document needs to be signed, organizations and individuals can turn to electronic signatures.
These are digital counterparts to handwritten signatures and serve a similar purpose.
But not all electronic signatures are created equal.
Let’s look at the three levels of electronic signatures as defined by eIDAS and where electronic sealing fits into the picture.
What are the three types of electronic signatures?
eIDAS defines an electronic signature as follows:
“An electronic signature is a data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign, where the signatory is a natural person.”
At the same time, the legal weight an electronic signature carries depends on its type.
Under the eIDAS regulations, electronic signatures fall into three distinct layers, with different verification requirements and legal validity.
These are related to the three levels of assurance in the EUDI Framework—low, substantial, or high—which refer to the “degree of confidence in the claimed identity of a person.”
Let’s look at the three types of signatures and their use cases.
For more about the different assurance levels, read “eIDAS Levels of Assurance in Different National eID Schemes.”
The three electronic signature levels: explained
A quick scribble on a touchscreen is technically an electronic signature. So is a cryptographically verified signature tied to a national eID.
What you use depends on your situation and how certain you want to be in the signer’s identity. The three levels build on each other, and each new level has to meet the minimum requirements of the lower one.
Level 1: Simple electronic signatures (SES)
This refers to any electronic indication of an intent to sign. At this level, there are no specific requirements as to identity verification, certificates, or tamper detection.
Some examples of simple electronic signatures:
- Pasting a scanned handwritten signature into a document (e.g. PDF)
- Typing your name on an email related to agreements
- Clicking “I agree” on an online form
- Drawing a scribble on a touchscreen
Simple electronic signatures are enough for most low-stakes everyday situations, such as package receipts, employee consent forms, and online terms of service.
But for scenarios that require a more robust proof of identity, you’ll need something stronger.
Level 2: Advanced electronic signatures (AES)
Advanced electronic signatures are a significant step up from SES and provide cryptographic proof of the signer’s identity.
Under eIDAS, a signature must meet a few specific requirements to be considered AES:
- It must be uniquely linked to and capable of identifying the signer
- The signer must retain control of the signing
- Any subsequent change to the original signature must be detectable
In practice, this often involves the signer using a national eID to authenticate. This binds the signature cryptographically to the document, meaning any future tampering is easy to detect.
When someone opens an AES-signed document, the signature panel will display the individual signer’s name. This way, recipients can instantly see who signed the document without having to check any external sources.
Advanced electronic signatures are often used for contracts, loan applications, and other agreements that require a validated personal signature.
Idura is working on offering person-based AES. If you’re interested, sign up for early access.
Level 3: Qualified electronic signatures (QES)
For the vast majority of signed contracts, advanced electronic signatures are sufficient.
But in certain industries, regulations may require an even stronger method.
That’s where QES comes in. Qualified electronic signatures have two additional requirements:
- A QES must be created by a qualified signature creation device (QSCD). These are smartcards, SIM cards, USB sticks, etc. that are capable of protecting the person’s electronic signature creation data.
- QES must be based on a qualified certificate, issued by a provider that has been officially granted a “qualified” status by a national authority. You can find these providers on the EU Trusted List.
One example of an industry where QES is explicitly required is the Norwegian utility sector. Here, recent regulations require electricity suppliers to collect QES as proof of customer consent when switching providers.
What makes this possible is the fact that Stø (the company behind Norwegian BankID) is on the EU trust list, whereas Danish MitID and Swedish BankID aren’t yet backed by similar qualified standards.
QES is only ever truly necessary when strict regulations warrant it, such as tax filings, regulatory submissions, and compliant patient records. The additional effort and complexity aren’t worth it for situations where AES already does the job.
Idura offers QES in Norway. Learn more: “Idura Provides Qualified Electronic Signatures through Norwegian BankID”
The three levels: Side-by-side comparison
Here’s a look at the signature levels and how they compare to each other:
|
SES |
AES |
QES |
|
|
Identity verification |
No |
Yes (national eID) |
Yes (trust-listed eID) |
|
Tamper detection |
No |
Yes |
Yes |
|
Legal weight |
Valid (but can be contested) |
Strong |
Handwritten signature equivalent |
|
Requirements |
None |
National eID integration |
QSCD + qualified certificate |
|
Implementation effort |
Minimal |
Moderate |
High |
Where does “sealing” fit in?
So far, we’ve been focusing on electronic signatures made by individuals.
But eIDAS has a separate “sealing” track for legal entities. Here’s the official definition of an electronic seal (emphasis ours):
“An electronic seal is a data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity, where the creator of a seal is a legal person (unlike the electronic signature that is issued by a natural person).”
In other words, a signature is tied to a person (and expresses their consent) while a seal is tied to an organization (and confirms the origin and integrity of a document).
A parallel three-tier structure for seals
Just like electronic signatures, electronic seals follow a near-identical track: Simple, Advanced, and Qualified. The requirements at each level also mirror the ones for signatures, with minor exceptions.
The key difference is which certificate appears on the document.
When you open a sealed document in e.g. Adobe Reader, the “signature” field will actually show the name of the organization behind the seal instead of the individual signer. Notably, the signer’s identity is still captured in the process (e.g. via eID), but it becomes embedded as evidence in the document instead of being displayed directly.
Why B2B customers may prefer authenticated sealing
Many providers of signing services, including Idura Signatures, actually operate on a sealing track instead of the signature one.
That’s because most B2B customers find sealing both convenient and sufficient for their needs. For instance, Danish investment platform Tobi uses the Idura Signatures "authenticated sealing" product to let customers sign with MitID, which covers all the legal requirements like KYC.
Here's how Idura Signatures works in practice:
- A decrypted to-be-signed document is shown to the signer.
- The signer authenticates with their national eID and signs the document.
- Idura embeds the signer’s identity as evidence inside the document.
- Idura seals the document with its own EUTL certificate.
- The sealed PDF is re-encrypted and stored on secure servers.
The result is a legally binding document with tamper detection and a full audit trail. The signer’s identity is verified in the background and “Signed by Idura Signature Service” shows up in the PDF panel.
When is sealing not enough?
Sealing covers most of our customers’ business requirements.
But if you or your counterparties must show the identity of the individual who signed the document (instead of the signature service behind it), a signature with a personal certificate becomes necessary.
This way, the signer’s name is displayed prominently instead of simply being embedded as evidence.
Idura is working on offering person-based electronic signatures. If you’re interested, sign up for early access.
How to choose the right option
What’s right for your business depends on how you answer two key questions:
- Do you need to display the signer’s name on the document?
- What level of assurance do you require?
The first answer tells you if you need an electronic signature or an electronic seal.
The second answer dictates which of the three levels—simple, advanced, or qualified—you should go for.
Here is how Idura’s current product offerings fit into the picture:
|
Signatures |
Sealing |
|
|
Simple |
Drawable (SES) |
- |
|
Advanced |
||
|
Qualified |
- |
Picking your electronic signature provider
Once you settle on sealing vs. signatures and know which level you’re after, the next step is picking a signature service.
The right choice often depends on whether you want to design your own flow or use a ready-to-sign platform.
Idura Signatures provides you with white-label eID signature and sealing solutions.
To try it for yourself, create your free account and start testing in a few clicks.
If you want a better understanding of how Idura Signatures work, check out our documentation.
How to Add White-Label eID Signatures to Your Own Product
.png)
Ready-To-Sign Platform vs. Your Own eID Signature Flow: How to Choose the Right Approach?
