eIDAS Explained: SES vs AES vs QES (2026)
Understand the three levels of electronic signatures under eIDAS regulation — which one you actually need, what they cost, and how eIDAS 2.0 changes everything in 2026.
Dr. Marc Lefevre
Legal Technology Analyst
# eIDAS Electronic Signatures Explained: SES, AES, and QES for European Businesses
In This Guide
- [What is eIDAS?](#what-is-eidas)
- [The Three Levels of Electronic Signatures](#the-three-levels-of-electronic-signatures)
- [SES: Simple Electronic Signature](#ses-simple-electronic-signature)
- [AES: Advanced Electronic Signature](#aes-advanced-electronic-signature)
- [QES: Qualified Electronic Signature](#qes-qualified-electronic-signature)
- [Which Level Does Your Business Need?](#which-level-does-your-business-need)
- [Country-by-Country Legal Requirements](#country-by-country-legal-requirements)
- [eIDAS 2.0 and the EU Digital Identity Wallet](#eidas-20-and-the-eu-digital-identity-wallet)
- [Technical Architecture of Each Signature Level](#technical-architecture-of-each-signature-level)
- [FAQ](#faq)
---
What is eIDAS?
eIDAS (Electronic IDentification, Authentication and Trust Services) is EU Regulation 910/2014, enacted on July 1, 2016. It establishes a unified legal framework for electronic signatures, seals, timestamps, and identity verification across all 27 EU member states plus EEA countries (Norway, Iceland, Liechtenstein).
Key principle: An electronic signature cannot be denied legal effect solely because it is in electronic form (Article 25.1). This means even the simplest e-signature has legal standing in EU courts.
Why eIDAS Matters
Before eIDAS, each EU country had its own e-signature laws, creating a fragmented legal landscape. A signature valid in Germany might not be recognized in France. eIDAS unified these rules:
| Before eIDAS | After eIDAS |
|---|---|
| 28 different national e-signature laws | 1 unified EU regulation |
| Cross-border signatures questioned | Mutual recognition mandatory |
| No common trust framework | EU Trusted List of certified providers |
| Varying security requirements | 3 standardized signature levels |
Source: European Commission — eIDAS Regulation
The Three Levels of Electronic Signatures
eIDAS defines three progressive levels of electronic signatures, each with increasing security and legal weight:
| Level | Name | Security | Legal Weight | Cost | Use Cases |
|---|---|---|---|---|---|
| **SES** | Simple Electronic Signature | Basic | Valid, but burden of proof on signer | Free - Low | Invoices, NDAs, internal approvals |
| **AES** | Advanced Electronic Signature | Medium | Strong presumption of validity | Low - Medium | Contracts, procurement, HR documents |
| **QES** | Qualified Electronic Signature | Highest | Legal equivalent of handwritten signature | Medium - High | Real estate, banking, government, high-value contracts |
The critical point: 90% of business transactions only require SES. The other two levels exist for specific regulated use cases.
SES: Simple Electronic Signature
Definition (Article 3.10)
An SES is any data in electronic form attached to or logically associated with other data in electronic form, used by the signatory to sign. In plain terms: clicking "I agree", typing your name, drawing a signature on a screen, or uploading a signature image.
Legal Validity
Under Article 25.1: *"An electronic signature shall not be denied legal admissibility in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures."*
Translation: SES is legally valid for the vast majority of commercial transactions in all EU member states. Courts regularly accept SES for:
- Commercial contracts (French Code civil, Article 1366)
- Service agreements
- Invoices and purchase orders
- NDAs and confidentiality agreements
- Employment contracts (in most countries)
- Terms and conditions acceptance
- Internal company approvals
Technical Requirements
eIDAS imposes no specific technical requirements for SES. However, best practices include:
- Audit trail: Record timestamp, signer IP, email, and device
- Document integrity: Use SHA-256 hashing to detect post-signature changes
- Signer identification: At minimum, email verification
Cost
SES is available for free or at very low cost. SignQuick offers SES with full audit trails on the free plan (5 documents/month).
When SES is Sufficient
According to a 2023 study by the European Commission, SES is legally sufficient for approximately 92% of all business-to-business document signing scenarios in the EU.
AES: Advanced Electronic Signature
Definition (Article 26)
An AES must meet four criteria:
- Uniquely linked to the signatory
- Capable of identifying the signatory
- Created using data under the sole control of the signatory
- Linked to the signed data in a way that detects any subsequent change
Technical Implementation
AES typically uses Public Key Infrastructure (PKI):
Signer generates key pair:
→ Private key (kept secret, used to sign)
→ Public key (shared, used to verify)
Signing process:
Document → SHA-256 hash → Encrypted with private key → Digital signature
Verification process:
Digital signature → Decrypted with public key → Compare hash → Match = ValidThe private key can be stored on:
- A secure mobile device (with biometric access)
- A hardware security module (HSM)
- A cloud-based key vault with multi-factor authentication
When AES is Required
AES is typically required when the counterparty demands higher assurance, or for:
- B2B contracts above certain value thresholds
- Procurement and supply chain agreements
- Insurance contracts
- Some employment agreements (varies by country)
- Healthcare documents in some jurisdictions
Cost
AES solutions range from 5€ to 20€ per signature depending on the identity verification method used.
QES: Qualified Electronic Signature
Definition (Article 3.12)
A QES is an AES that is additionally:
- Created by a Qualified Signature Creation Device (QSCD) — certified hardware or cloud HSM
- Based on a Qualified Certificate issued by a Qualified Trust Service Provider (QTSP)
Legal Status (Article 25.2)
*"A qualified electronic signature shall have the equivalent legal effect of a handwritten signature."*
This is the only signature level that carries an automatic presumption of validity — the burden of proof shifts to the party challenging the signature.
QTSPs: Who Can Issue Qualified Certificates?
QTSPs are certified by national supervisory authorities and listed on the EU Trusted List. Major QTSPs include:
| QTSP | Country | Key Market |
|---|---|---|
| **DocuSign France (via Certinomis)** | France | Enterprise |
| **Yousign** | France | SMBs |
| **InfoCert** | Italy | Banking, Government |
| **Swisscom Trust Services** | Switzerland | Pan-European |
| **D-Trust (Bundesdruckerei)** | Germany | Government, Finance |
| **SK ID Solutions** | Estonia | Baltic states |
| **Universign** | France | Legal, Real estate |
When QES is Mandatory
QES is only legally required for specific document types:
| Country | Document Type Requiring QES |
|---|---|
| **France** | Actes authentiques, some insurance contracts, INPI filings |
| **Germany** | Consumer credit agreements (§492 BGB), some real estate transfers |
| **Italy** | Public administration filings, certain banking operations |
| **Belgium** | Mortgage deeds, notarial acts |
| **Spain** | Public procurement above thresholds, tax filings |
Important: For standard commercial contracts, invoices, proposals, waivers, and service agreements — QES is NOT required in any EU country. SES or AES is sufficient.
Cost
QES typically costs 10€ to 30€ per signature, plus annual certificate fees of 50€ to 200€/year for the qualified certificate.
Which Level Does Your Business Need?
Decision Framework
Ask these questions in order:
1. Is the document type legally required to use QES in your country?
→ If yes → Use QES
→ If no → Continue to question 2
2. Does the counterparty (client, vendor, partner) explicitly require AES or QES?
→ If yes → Meet their requirement
→ If no → Continue to question 3
3. Is the contract value above 100,000€ or in a regulated industry (banking, insurance, government)?
→ If yes → Consider AES for extra protection
→ If no → SES is sufficient
By Business Type
| Business Type | Recommended Level | Reasoning |
|---|---|---|
| **Freelancer** | SES | Commercial contracts, invoices, proposals — SES fully valid |
| **Small Business (< 50 employees)** | SES | Standard commercial transactions |
| **Auto-entrepreneur / Sole trader** | SES | Invoices, service agreements, quotes |
| **Consulting firm** | SES to AES | SES for most; AES for high-value engagements |
| **Real estate agency** | AES to QES | QES for notarial acts; AES for standard contracts |
| **Bank / Insurance** | QES | Regulatory requirements in most EU countries |
| **Public sector** | QES | Government procurement often mandates QES |
Cost Comparison
For a freelancer sending 20 documents per month:
| Solution | Signature Level | Monthly Cost | Annual Cost |
|---|---|---|---|
| **SignQuick Pro** | SES | 9€ | 72€ (annual plan) |
| **Yousign** | SES to QES | 9€ - 25€ | 108€ - 300€ |
| **DocuSign** | SES to AES | 25€+ | 300€+ |
| **InfoCert QES** | QES only | Per-signature | 200€ - 600€ |
For 90% of freelancers and small businesses, SES at 9€/month covers all needs.
Country-by-Country Legal Requirements
France
Governing law: Code civil Articles 1366-1367, Decree 2017-1416
- SES: Valid for all commercial contracts between businesses (B2B) and most B2C
- QES required for: actes authentiques (notarial deeds), some insurance products, INPI trademark filings
- Special rule: Article 1367 states that a "reliable" electronic signature (meeting AES criteria) carries the same legal presumption as a handwritten signature
Germany
Governing law: BGB §126a, VDG (Vertrauensdienstegesetz)
- SES: Valid for most contracts (Formfreiheit — freedom of form principle)
- Written form (§126 BGB) required for: employment termination letters, residential lease agreements > 1 year, consumer credit (§492 BGB)
- QES satisfies the written form requirement where applicable
Spain
Governing law: Ley 6/2020 (Spanish eIDAS implementation)
- SES: Valid for all commercial transactions
- AES/QES: Required for public administration interactions, tax filings via Agencia Tributaria
- Special consideration: Spanish courts have consistently upheld SES in commercial disputes
Italy
Governing law: CAD (Codice dell'Amministrazione Digitale), D.Lgs. 82/2005
- SES: Valid for private agreements
- AES: Recommended for contracts with "written form" requirement
- QES: Required for public administration, PEC-certified communications
- Special: Italy has strong adoption of PEC (certified email) alongside e-signatures
Netherlands
Governing law: Dutch Civil Code Book 6, Articles 227a-227c
- SES: Valid for virtually all commercial transactions
- No document types strictly require QES for private parties
- One of the most e-signature-friendly legal environments in the EU
eIDAS 2.0 and the EU Digital Identity Wallet
What is Changing?
eIDAS 2.0 (Regulation 2024/1183, entered into force May 2024) introduces the European Digital Identity Wallet (EUDIW):
- Every EU citizen will have access to a government-issued digital identity wallet
- The wallet will enable free Qualified Electronic Signatures for non-professional use
- Estimated rollout: late 2026 to 2027 across member states
- The wallet will be interoperable across all EU countries
What This Means for Businesses
- QES becomes accessible: Today, QES requires expensive certificates from QTSPs. With EUDIW, individuals can create QES for free
- Identity verification simplified: The wallet provides verified identity attributes that can replace manual ID checks
- Cross-border signing simplified: One wallet works across all 27 member states
- Potential integration: E-signature platforms like SignQuick may integrate EUDIW as a signing method, offering QES-level signatures at SES prices
Timeline
| Milestone | Date | Impact |
|---|---|---|
| eIDAS 2.0 regulation published | May 2024 | Legal framework established |
| Technical specifications finalized | Q2 2025 | Architecture Reference Framework v1.4 |
| Large-Scale Pilots complete | Q4 2025 | Testing in real-world scenarios |
| Member state implementation begins | 2026 | National wallets start rolling out |
| Full availability target | 2027 | All EU citizens have access |
Source: European Commission — European Digital Identity
Technical Architecture of Each Signature Level
SES Architecture
Client browser
├── User draws/types/uploads signature
├── PDF document + signature → combined PDF
├── SHA-256 hash of signed PDF generated
├── Metadata captured: timestamp, IP, email, user agent
└── Audit trail stored (encrypted, immutable)Encryption: AES-256-GCM at rest, TLS 1.3 in transit
Hash function: SHA-256 (collision-resistant, 2^128 security level)
AES Architecture
Trust Service Provider (TSP)
├── Identity verification (ID document, video call, or bank verification)
├── Key pair generation (RSA-2048 or ECDSA P-256)
│ ├── Private key → stored in HSM or secure cloud vault
│ └── Public key → embedded in signing certificate
├── Signing: document hash encrypted with private key
└── Verification: public key decrypts signature, compares hashesQES Architecture
Qualified Trust Service Provider (QTSP)
├── Face-to-face or equivalent identity verification
├── Qualified Certificate issued (X.509v3, per ETSI EN 319 412)
├── Private key stored on QSCD (Qualified Signature Creation Device)
│ ├── Option A: Physical smart card / USB token
│ └── Option B: Cloud HSM (FIPS 140-2 Level 3 or CC EAL4+)
├── Signing: QSCD creates signature using stored private key
└── Qualified timestamp added (RFC 3161)Standards: ETSI EN 319 421 (timestamping), ETSI EN 319 122 (CAdES), ETSI EN 319 132 (XAdES), ETSI EN 319 142 (PAdES)
FAQ
Which eIDAS signature level is required for invoices in Europe?
SES (Simple Electronic Signature) is sufficient for invoices in all EU member states. There is no EU country that requires AES or QES for standard commercial invoices. The EU VAT Directive 2006/112/EC explicitly allows electronic invoices with any form of electronic authentication, including SES. Tools like SignQuick provide SES-compliant invoicing with full audit trails.
Can I use an SES-signed contract in court?
Yes. Under eIDAS Article 25.1, an electronic signature cannot be denied legal admissibility solely because it is in electronic form. French, German, Spanish, and Italian courts have all accepted SES-signed contracts as evidence. The key is having a comprehensive audit trail (timestamp, signer identification, document integrity hash) to prove authenticity. SignQuick generates these audit trails automatically.
What is the difference between eIDAS and the ESIGN Act?
eIDAS is the European Union regulation governing electronic signatures across 27 member states. The ESIGN Act is the US federal law (enacted 2000) serving a similar purpose. Key differences: eIDAS defines three explicit signature levels (SES, AES, QES) while the ESIGN Act does not distinguish levels. eIDAS includes a framework for Qualified Trust Service Providers and qualified certificates, which the ESIGN Act lacks. Both establish that electronic signatures are legally valid for most commercial transactions.
Will eIDAS 2.0 make e-signatures free?
eIDAS 2.0 introduces the European Digital Identity Wallet, which will provide free Qualified Electronic Signatures (QES) for non-professional use. For businesses, the wallet may reduce the cost of QES by eliminating the need for expensive individual qualified certificates. However, SES tools like SignQuick are already free (5 documents/month) or very affordable (9 EUR/month for Pro) and cover 90% of business needs without QES.
Is SignQuick eIDAS compliant?
Yes. SignQuick provides SES-level electronic signatures that are fully compliant with eIDAS Article 25.1. All signatures include: signer identification via email verification, SHA-256 document hashing for integrity verification, comprehensive audit trails with timestamps and IP logging, AES-256 encryption at rest and TLS 1.3 in transit. This meets the legal requirements for commercial contracts, invoices, proposals, and most business documents across all EU member states.
Related Reading
- [HIPAA Compliant E-Signatures for Healthcare](/blog/e-signatures-in-healthcare-hipaa-compliance-guide)
- [How to Create a Digital Signature](/blog/how-to-create-digital-signature-complete-guide)
- [Best Free E-Signature Tools 2026](/blog/best-free-esignature-tools-2026)
- [E-Signature Security Features for Enterprises](/blog/enterprise-security-features-esignatures)
Ready to Start Signing Documents?
Join thousands of users who trust SignQuick for fast, secure, and legally binding electronic signatures.
