Types of Digital Signature: AES, QES, SES, explained
Written by Arianna Russo Hernandez, Support Communications Manager at DocuSign
What is the difference between electronic signatures and digital signatures?
Very broadly, electronic signatures are a category of methods for signing a document. DocuSign eSignature is a classic example here. Fast to set up and extremely simple for signers to use, e-signatures are found in everything from business contracts to offers of employment, from invoices to purchase orders.
A digital signature is a specific type of electronic signature that uses a specific technical implementation to meet the needs of highly regulated industries. The use of digital signatures is regulated in legal texts, such as the European eIDAS regulation of 2014 and the United Kingdom’s Electronic Identification and Trust Services for Electronic Transactions Regulations of 2016.
They may seem complex, but digital signatures become easier to understand after a few key elements are explained. We recommend reading our Digital Signature FAQ guide if this is the first time you’ve heard of them.
What is a digital signature?
A digital signature is a specific type of e-signature that complies with the strict legal regulations, securely associating a signer with a document and providing the highest level of assurance of a signer’s identity.
A digital signature securely associates a signer with a document in a recorded transaction. Digital signatures use a standard, accepted format, called Public Key Infrastructure (PKI), to provide the highest levels of security. They are a specific signature technology implementation of electronic signature.
Now let’s take a deeper look at simple electronic signatures and the two kinds of digital signatures legally accepted in the UK, going from least to most stringent:
Simple electronic signature (SES): For everyday transactions
This is the most basic electronic signature available. It does not require strong signer authentication or ID verification. For transactions that can use this type of signature, it is enough to know the signer’s email address, or that they received a unique access code before signing.
An example of a use for a simple electronic signature could be an day-to-day sales and procurement agreements. . Standard DocuSign envelopes fall into this category.
Advanced electronic signature (AES): For high-value transactions.
An AES includes additional user authentication steps: a signer will be asked to produce a valid document to confirm their identity, as well as a unique access code after the signing process. Advanced signatures also require a digital certificate to be generated and attached to the envelope as part of this transaction.
Because of these additional features, AES accomplish two very important things:
- They reliably identify the signer.
- They establish a unique link between the signature and the signer.
Employment offer letters are an example of a use case for AES: a candidate goes through in-person interviews and is chosen for the role. The HR team prepares a formal offer letter for their future employee, who can sign it electronically after receiving a PIN via text message. Then, the DocuSign eSignature platform asks them to take a photograph of their driving licence with their smartphone to confirm their identity. DocuSign EU Advanced Signature provides AES signatures for this use case, including the ID verification step.
Qualified electronic signature (QES): For highly regulated transactions.
On 1 February 2022, the expert Industry Working Group on Electronic Execution of Documents published their interim report, which sets out their analysis of the current state of e-signatures in England and Wales.
In its report, the group concludes that qualified electronic signatures (QESs) 'are capable of fulfilling the same objectives as physical witnessing and attestation'. A QES offers the highest level of trust through a face-to-face ID verification process by a Qualified Trust Service Provider - which may be from either the UK or EU – and the resulting digital certificate created with an electronic signature device.
Given the complete audit trail created by the system, the working group found that 'there is also an argument to be made that a QES is likely to be more reliable than a signature witnessed in an unsupervised environment.'
This process unquestionably establishes the validity of the signature process, to the extent that a QES is considered the legal equivalent of a wet signature under UK law. There are many QES examples in Europe. In the UK, GOV.UK Verify is a QES-enabled service. Depending on your needs and your location, you can choose DocuSign or a trusted third-party partner to handle the ID verification and issue the digital certificate for the QES. Depending on the country, DocuSign also supports QES signatures for “signer-held” digital certificates issued by a trusted Certificate Authority, installed in devices such as smart cards, USB drives or on their personal computer.
If your business has legal requirements to use one of these digital signature types, take a closer look at our Standards-Based Signatures solutions. Reach out to our expert Sales team, who can set up a free 30-day trial so you can try it out for yourself.
The content in this post is for general informational and/or educational purposes only and is not intended to be legal advice. Please consult an attorney regarding your specific legal questions.