Advanced Electronic Signature (AES)

Compared to the Simple Electronic Signature (SES), the advanced electronic signature (AES) improves on the basic level of trust. It provides a higher level of security, with signer verification and protection from tampering. It is the simpler of the two types of digital electronic signature defined by European and UK regulations.

The advanced electronic signature requires a technical implementation to achieve the much stricter verification requirements. The signature must be created using electronic signature creation data. Only the signer should have control of this signature creation data.

The eIDAS regulations specify four main criteria that an AES must meet:

It must be uniquely linked to the signer.
It is capable of identifying the signer.
The signature creation data used is under the sole control of the signer.
The signature must be linked to the data signed in such a way that any subsequent change in the data is detectable.

Digital electronic signatures are usually implemented using a standard format of Public Key Infrastructure (PKI). This involves the creation of two keys – a public key and a private key. The digital signature is created using the signer's private key, which is always kept by just the signer.

The receiver of the signed document also receives the public key. If the signature has not been changed, then the receiver should be able to decrypt it using the public key. If it has been changed, it will not decrypt correctly, and the signature can be treated as invalid.

Such implementation sounds technical and complex, but there are many products available that implement it.

A digital signature is used whenever greater security over signed documents is needed. A simple electronic signature may suffice for basic contracts or purchase orders. When more protection is needed or the document has value, a digital signature makes more sense.

Importantly, the SES can be dismissed legally just due to the fact that it is electronic. Moving to a digital electronic signature (AES or QES) removes this critical limitation. If a digital signature is implemented correctly, its integrity and authenticity are guaranteed and accepted legally. With an AES, if the validity of the signature is questioned, it is up to the signatory to prove it is valid.

The additional security provided by a QES transfers this burden of proof to the party disputing the validity. This makes a QES the method of choice for the most important documents when the highest level of legal security is needed. The IDnow eSign service can provide qualified electronic signatures.

European eIDAS, and the equivalent UK regulations, define standards for accessing public services in a safe and secure manner. This includes the use of electronic signatures. Regulations also ensure the acceptance of such signatures across borders.

The regulations define three levels of electronic signature, with increasing levels of security. They also define the acceptability of each type of signature:

At the lowest level of the SES, there is no legal guarantee offered. A SES can be dismissed purely based on the fact that it is electronic. The responsibility to prove authenticity lies with the party requesting the signature. There is no traceable link between the signature and the signer, so it will be hard to prove if needed.

Moving to a digital signature (AES or QES) removes the problem of the signature being dismissed legally just because it is electronic. With an AES, if the validity of the signature is questioned, it is up to the signatory to prove it is valid.

At the highest level of QES, the signature holds the same legal power as a traditional signature. If there is doubt, it is the responsibility of the party doubting the signature to provide proof.