Ein Mann verwendet eine Signaturkarte am Lesegerät.

The different digital signature levels – explained clearly!

published on 31.05.2023

Electronic signatures are replacing personal signatures in the digital world. Depending on the security level and legal effect, there are three different signature types: Simple Electronic Signature (SES), Advanced Electronic Signature (AES) and Qualified Electronic Signature (QES). We will explain the differences here.

Digital signatures – indispensable for digitisation

Electronic signatures are an important tool for the digitisation of business processes. They prevent the media disruption caused by a manual signature, where documents are printed out, signed by hand, then digitally scanned again. This incurs costs and is time-consuming, as it stops and slows down the process for many customers. Electronic signatures help here by supporting end-to-end digital workflows.

The three signature levels

The legal basis for digital signatures is established in the European eIDAS Regulation. It creates a uniform legal framework throughout the EU for trust services, including electronic signatures.

The regulation distinguishes between three levels of digital signatures:

the Simple Electronic Signature (SES),
the Advanced Electronic Signature (AES),
the Qualified Electronic Signature (QES).

Simple Electronic Signature (SES)

With the simple electronic signature, data in digital form is added to or logically connected with other digital data. For example, this is the case with the email signature. Simple electronic signatures also include scanned signatures inserted into documents as graphics.

Even though simple electronic signatures are still very widespread, they cannot be validated by the recipient or third parties and do not provide security in digital processes.

Advanced Electronic Signature (AES)

The advanced electronic signature provides a higher level of security. It has to meet the following requirements:

It is unambiguously assigned to the person signing and allows him/her to be identified.
It is created by electronic means and triggered by a release (such as authentication by means of one factor).
It is linked to the signed data in such a way to enable any subsequent change or manipulation of the data to be detected.

In practical application, advanced electronic signatures use modern cryptographic procedures, which protect the contents of the documents from subsequent manipulation (integrity). In addition, the identity of the signature holder is verified (authenticity). For recipients or third parties, the identity is correspondingly traceable and can be validated with the AES.

Qualified Electronic Signature (QES)

The qualified electronic signature has the highest level of security and the strongest legal effect. In this case, the identity of the signature holder is confirmed by a trust service provider – such as D-Trust GmbH, a company of the Bundesdruckerei Group – and can be validated at any time for recipients or third parties (authenticity). The signed document cannot be changed unnoticed or the signature transferred to another document (integrity).

Qualified electronic signature: maximum security and highest evidential value

German law requires many contracts and documents to be in written form. Of all three signature levels, only the qualified electronic signature complies with the legally prescribed written form requirement and is thus able to replace the handwritten signature in these cases.

What is the difference between the advanced and qualified electronic signature?

Advanced and qualified electronic signatures differ in the way certificates are issued, in the authentication procedure and in their legal effect.

According to the eIDAS Regulation, qualified electronic certificates may only be issued by qualified electronic trust service providers (formerly known as trust centres). They are subject to particularly strict data protection and IT security requirements. They are regularly audited by national supervisory authorities – by the Federal Network Agency in Germany. A company’s own office can also issue, manage and distribute the certificates for advanced electronic signatures.

The second distinguishing feature is the authentication procedure used. The qualified electronic signature requires two-factor authentication, such as via an app or SMS-TAN.

And thirdly, the burden of proof is legally reversed for the qualified electronic signature: If advanced electronic signatures are subjected to a free judicial assessment of evidence in court, the far-reaching evidentiary value applies in a legal dispute over a QES, both with regard to the assumption of the authenticity of the content and the verified identity. In order to achieve this increased evidentiary value, even where there are high liability risks, a QES can always be used for all electronic documents, regardless of legal regulations. To put it simply, this applies in a double sense: When in doubt, go with the QES.

Areas of Application

The opportunities for using electronic signatures cover a wide range of industries and applications:

In government agencies and public institutions, for example, signatures are used for funding applications, building permits, public tenders or in the electronic waste verification procedure (eANV).
In the health care sector, health insurance statements, prescriptions, surgery consent forms or discharge letters can be signed electronically.
Companies in the free market economy benefit with employment contracts or electronic invoice processing.

As mentioned above, qualified electronic signatures must be used wherever the law stipulates the written form. It has the highest level of security and the strongest legal effect. However, using the QES can be helpful in other situations as well, especially if organisations want to safeguard themselves in business-critical cases or if legal disputes cannot be ruled out.

Digital signatures: technically sophisticated and legally secure

All three digital signature levels can replace handwritten signatures with an electronic alternative. The technologies are sophisticated and widely used. A high degree of legal effectiveness is ensured for the AES and especially for the QES. The eIDAS Regulation is the impetus for rapid dissemination: It sets a uniform, Europe-wide legal framework for digital signatures and defines the signature procedures used today.

One of the procedures is remote signature: This makes electronic signatures possible even on the move, such as via a tablet or smartphone. The D-Trust sign-me product shows how this works in practice.

D-Trust also offers signature cards for qualified electronic signatures. Both products can complement each other depending on the area of application and are tailored to the requirements of each customer.

Electronic Health Professional Card (eHPC)

Members of the professional groups doctors, dentists, psychotherapists, pharmacists, nurses, obstetrics, physiotherapists and emergency paramedics can use the electronic Health Professional Card as a means of personally identifying themselves in the specially protected Telematics Infrastructure.

Article

Qualified website authentication certificates: EU plan to boost web security

According to plans by the European Commission (EC), browsers will have to accept the European standard for qualified website authentication certificates in future. Opponents of the plan believe that it would present major security risks for internet users. Is this criticism valid?

Seal Cards: Qualified Electronic Seals

Secure the integrity and origin of your digital documents with our eIDAS-compliant seal cards.

doctor and patient in video consultation

Article

TI 2.0: a look into the future

Faster, more flexible and fit for remote use: telematics infrastructure 2.0 is the next big milestone in digital healthcare. A practical use case shows how digital identities help doctors and insured persons to benefit from new treatment options.

Personal and organization certificates

Employees can use secure personal certificates as digital proof of identity, to sign and encrypt e-mails as well as to sign or seal documents.

Article

eIDAS at government organizations – A visit to Wiesbaden

The City of Wiesbaden shows how trust services can advance digital government. And still the potential has not yet been fully exploited.

SSL/TLS certificates for trusted websites

An SSL/TLS certificate assures the user that a real and trusted person or institution is behind an Internet presence.

Woman and man have a meeting in the office

BehördenIdent: simplified application for signature and seal cards

Public authority employees apply for their official signature and seal cards simply, conveniently and quickly on site from their own offices.

Expert Interview

Secure identities for the Telematics infrastructure (TI) 2.0

Dr. Kim Nguyen

Geschäftsführer der D-Trust GmbH

Article

The KHZG: Incentives for Secure Data in Hospitals

The German Federal Government is providing billions for the digitalisation of hospitals in Germany. However, the funding is subject to conditions. Whoever wants to receive the money must invest in IT security.

Expert Interview

Working from home securely thanks to trust services

Dr. Kim Nguyen

CEO of D-Trust GmbH