Advanced vs qualified electronic signatures: which do you need?
Under the EU's eIDAS regulation, electronic signatures come in three levels. An advanced electronic signature (AES) is uniquely linked to the signer, capable of identifying them, and tamper-evident — enough for the vast majority of business agreements. A qualified electronic signature (QES) is an AES that adds two things: it's created using a qualified signature-creation device, and it's backed by a qualified certificate from a government-supervised trust service provider. A QES carries the same legal weight as a handwritten signature across the EU. Most organizations need an AES; a QES is for the narrow set of documents where law explicitly demands the highest tier.
Three tiers, not one
People often talk about "electronic signatures" as if they're a single thing. Under the EU's eIDAS regulation — the reference framework most of the world's e-signature thinking borrows from — there are actually three distinct levels, each with different requirements and legal standing:
- Simple electronic signature (SES) — the broadest category. A typed name, a scanned signature, a clicked "I agree." Legally recognized, but it proves little about identity or integrity on its own.
- Advanced electronic signature (AES) — a signature that meets specific security criteria around identity and tamper-evidence.
- Qualified electronic signature (QES) — an advanced signature with additional, strictly regulated components that give it the highest legal status.
The interesting decision for most organizations is between the second and third tiers. Let's unpack them.
What makes a signature "advanced" (AES)
An advanced electronic signature must satisfy four requirements. It must be:
- Uniquely linked to the signer — tied specifically to that individual.
- Capable of identifying the signer — the signature can be traced back to a verified identity.
- Created using data the signer can control with high confidence — typically a private key that only they hold.
- Linked to the signed data so any later change is detectable — tamper-evidence, usually via cryptographic hashing and a digital seal.
In practice, an AES is built on the same PKI foundations as any strong digital signature: a key pair, a certificate binding the key to an identity, and a hash that makes tampering obvious. For everyday contracts, sales agreements, HR paperwork, NDAs, and the overwhelming majority of business documents, an AES provides robust, defensible assurance.
What makes a signature "qualified" (QES)
A qualified electronic signature is an AES — it meets all four of the above — plus two additional, tightly regulated requirements:
- A qualified signature-creation device (QSCD). The signature must be generated using specially certified secure hardware or a certified remote signing service that protects the private key to a high standard.
- A qualified certificate. The certificate binding the signer's identity must be issued by a qualified trust service provider (QTSP) — an entity that is audited and formally supervised by an EU member state, and listed on that country's official Trusted List.
The payoff is legal: under eIDAS, a QES has the same legal effect as a handwritten signature and enjoys automatic cross-border recognition throughout the EU. It also shifts the burden of proof — a QES is presumed valid, so a challenger has to disprove it rather than the other way around.
The practical difference
Think of it as a trade-off between friction and legal weight:
| | Advanced (AES) | Qualified (QES) | |---|---|---| | Uniquely linked to signer | Yes | Yes | | Identifies the signer | Yes | Yes | | Tamper-evident | Yes | Yes | | Secure creation device required | Not required | Required (QSCD) | | Certificate from supervised QTSP | Not required | Required | | Legal status | Strong, admissible evidence | Equivalent to handwritten signature | | Signer identity verification | Reasonable assurance | Rigorous, often in-person or video ID |
A QES demands more from the signer — stronger identity proofing, a certified signing mechanism — which adds friction. That's justified when the law requires it, and unnecessary overhead when it doesn't.
Which one do you actually need?
For most organizations, most of the time, an advanced electronic signature is the right choice. It gives you a signature that's tied to a verified identity, tamper-evident, and defensible in a dispute — without imposing heavyweight identity-verification steps on every signer.
You should look specifically for a qualified electronic signature when a particular law or regulation names it. Certain high-stakes transactions in specific EU jurisdictions — some notarial acts, particular financial or governmental filings, certain property or employment matters — explicitly require a QES. The rule of thumb: default to AES, and step up to QES only where a statute or regulator tells you to.
A quick note on geography: these precise tiers are an EU (eIDAS) construct. In the US, the ESIGN Act and UETA take a more technology-neutral approach and don't use the AES/QES vocabulary — but the underlying security ideas (identity, intent, integrity, and a solid audit trail) still govern how defensible a signature is.
Where PearSign fits
PearSign is built on the same cryptographic foundations these tiers rely on: signatures bound to verified identities, SHA-256 hashing, and an AATL-backed digital seal that makes any later change detectable — the core properties behind an advanced electronic signature, paired with a tamper-evident audit trail and certificate of completion for defensibility.
FAQ
What is the difference between an advanced and a qualified electronic signature?
An advanced electronic signature (AES) is uniquely linked to the signer, can identify them, and is tamper-evident. A qualified electronic signature (QES) is an AES that additionally uses a certified secure signing device and a qualified certificate from a government-supervised trust service provider. A QES carries the same legal weight as a handwritten signature across the EU.
Which type of electronic signature do most businesses need?
Most businesses need an advanced electronic signature for the vast majority of documents. It provides identity assurance and tamper-evidence sufficient for contracts, agreements, and HR paperwork. A qualified electronic signature is generally only necessary when a specific law or regulation explicitly requires it.
What is eIDAS?
eIDAS is the European Union regulation that establishes a legal framework for electronic identification and trust services, including electronic signatures. It defines the three signature levels — simple, advanced, and qualified — and sets the requirements each must meet, along with the rules for trust service providers.
Does a qualified electronic signature apply outside the EU?
The QES designation is specific to the EU's eIDAS framework. Other regions, such as the US with its ESIGN Act and UETA, use technology-neutral approaches without the AES/QES tiers. The underlying principles — verified identity, clear intent, and tamper-evidence — remain important everywhere, but the exact QES status is an EU concept.
Why does a qualified electronic signature require more steps?
A QES demands rigorous identity verification and a certified secure signing device because it carries the highest legal status — equivalent to a handwritten signature, with a presumption of validity. That extra assurance justifies the added friction for high-stakes documents, but it's unnecessary overhead for routine agreements, where an advanced signature suffices.
Ready to send your first document with PearSign?
AI drafts it, places the fields, and collects every signature — sealed and audit-trailed.
This article is general information about electronic signatures and related standards — not legal advice. For your specific situation, consult qualified counsel in your jurisdiction.