Advanced Electronic Signature (AES)

What is an Advanced Electronic Signature (AES)?

The advanced electronic signature is a version of the electronic signature which uniquely links to the signer, enables identification of the signer, and allows the signer to retain control. It also links to the signed data in a way that any subsequent change to this data is detectable.

The European eIDAS and the corresponding UK regulations define different standards for electronic signatures. There are three levels of increased sophistication. The lowest level of simple electronic signature (SES) can take any form that is acceptable to both parties, with no technical requirements for implementation.

Digital electronic signatures take this further with the technical ability to verify the signer and prevent forgery. There are two levels of digital electronic signature - the advanced electronic signature (AES) and the qualified electronic signature (QES). These offer increased security, but at a higher cost of implementation.

An AES should reliably identify the signer of the documents. The signature should also be protected against forgery or changes made after signing.

What makes AES a safer way of electronic signing than SES?

Compared to the Simple Electronic Signature (SES), the advanced electronic signature (AES) improves on the basic level of trust. It provides a higher level of security, with signer verification and protection from tampering. It is the simpler of the two types of digital electronic signature defined by European and UK regulations.

How does the advanced electronic signature work?

The advanced electronic signature requires a technical implementation to achieve the much stricter verification requirements. The signature must be created using electronic signature creation data. Only the signer should have control of this signature creation data.

The eIDAS regulations specify four main criteria that an AES must meet:

  • It must be uniquely linked to the signer.
  • It is capable of identifying the signer.
  • The signature creation data used is under the sole control of the signer.
  • The signature must be linked to the data signed in such a way that any subsequent change in the data is detectable.

How can digital electronic signatures be implemented?

Digital electronic signatures are usually implemented using a standard format of Public Key Infrastructure (PKI). This involves the creation of two keys – a public key and a private key. The digital signature is created using the signer's private key, which is always kept by just the signer.

The receiver of the signed document also receives the public key. If the signature has not been changed, then the receiver should be able to decrypt it using the public key. If it has been changed, it will not decrypt correctly, and the signature can be treated as invalid.

Such implementation sounds technical and complex, but there are many products available that implement it.

When should a digital electronic signature be used?

A digital signature is used whenever greater security over signed documents is needed. A simple electronic signature may suffice for basic contracts or purchase orders. When more protection is needed or the document has value, a digital signature makes more sense.

Importantly, the SES can be dismissed legally just due to the fact that it is electronic. Moving to a digital electronic signature (AES or QES) removes this critical limitation. If a digital signature is implemented correctly, its integrity and authenticity are guaranteed and accepted legally. With an AES, if the validity of the signature is questioned, it is up to the signatory to prove it is valid.

The additional security provided by a QES transfers this burden of proof to the party disputing the validity. This makes a QES the method of choice for the most important documents when the highest level of legal security is needed. The IDnow eSign service can provide qualified electronic signatures.

What is the difference between SES, AES, and QES according to eIDAS?

European eIDAS, and the equivalent UK regulations, define standards for accessing public services in a safe and secure manner. This includes the use of electronic signatures. Regulations also ensure the acceptance of such signatures across borders.

The regulations define three levels of electronic signature, with increasing levels of security. They also define the acceptability of each type of signature:

  • At the lowest level of the SES, there is no legal guarantee offered. A SES can be dismissed purely based on the fact that it is electronic. The responsibility to prove authenticity lies with the party requesting the signature. There is no traceable link between the signature and the signer, so it will be hard to prove if needed.
  • Moving to a digital signature (AES or QES) removes the problem of the signature being dismissed legally just because it is electronic. With an AES, if the validity of the signature is questioned, it is up to the signatory to prove it is valid.
  • At the highest level of QES, the signature holds the same legal power as a traditional signature. If there is doubt, it is the responsibility of the party doubting the signature to provide proof.

Learn more in our Quick Guide to electronic signatures.