Electronic signatures facilitate many processes in B2B companies and help to create and send contracts efficiently and with legal validity. To fulfil legal requirements, choosing the right type of electronic signature is crucial. Let’s take a look at the advanced electronic signature (AES) and the qualified electronic signature (QES).

eIDAS: Differences between AES and QES

eIDAS (electronic IDentification, Authentication and Trust Services) is an EU regulation that defines the legal framework for electronic identification and trust services in the area of electronic transactions. In detail, eIDAS distinguishes between three types of signatures: simple, advanced and qualified signatures. If companies sign electronically as a legal entity, this is also referred to as an electronic seal. The main difference between the three types of signature lies in the technical requirements and the possible applications.

An advanced electronic signature (AES) offers a higher level of security than a simple electronic signature. It is linked to the signature creation data of the person signing and enables them to be identified – for example by verifying their telephone number. The AES must also be able to prove any subsequent changes to the signed document.

Digital illustration of an ID card with a photo of a woman, next to it a green lock symbol and a blue sign with a white tick, symbolising security and verification.

The qualified electronic signature (QES) goes one step further. It fulfils all the requirements of the AES, but is based on a qualified certificate that can only be issued by a trust service provider. This certificate contains the unique identity data of the signatory. The identity is verified by means of an identity document.

The QES from a technical perspective: the role of the trust service provider

The trust service provider (VDA) is a state-recognised certification authority. It provides physical or digital signature cards or offers the option of remote signing. With remote signatures, certificates encrypt the signature process and no special hardware or software is required.

In the case of qualified electronic signatures as remote signatures, trust service providers create and administer the key pairs in a qualified signature creation device. It is the responsibility of the VDA to make the private key (signature key) available exclusively to the signatory. As a rule, this is achieved with an additional security factor. Before generating a signature key, the VDA must identify the signatory and securely store the recorded identity data.

Certificate seal “QES valid” in Adobe Reader, written in English, in a rectangle with a blue border and a large tick symbol – indicating that a qualified electronic signature (QES) is valid.

To determine whether a document has been signed with a QES, the certificate must be checked. Programmes such as Adobe Reader have this function. Once you have opened the PDF file there, you will receive a message at the top about the validity of the signature. By opening the signature window, you will receive further data such as the signature type (QES), the name of the signatory and the time of signature.

Advantages of the electronic signature

Instead of causing high printing, paper and postage costs as well as long waiting times, electronic signatures are cost-effective and efficient. Companies benefit from faster signature processes and contract conclusions. You enjoy complete flexibility, as your contractual partners do not have to be in the same place and can sign at any time of day.

With the advanced electronic signature, identification is carried out using the signatory’s mobile phone number. The AES is completed in a short time, but still guarantees the integrity of the document. This is because a change to the file would invalidate the verification key and would therefore be recognised immediately.

The major advantage of the qualified electronic signature lies in its legal validity and forgery-proof identification, as this is carried out using an ID document. The QES fulfils all the requirements of the advanced electronic signature and additional security criteria. With the right tool, documents can still be signed intuitively and quickly – with our QES Ident solution, identity verification is possible without video agents or additional app downloads.

Legal validity and application for B2B companies

The use of a qualified electronic signature is always necessary if you require a high level of probative value or if the document to be signed is subject to the written form requirement. This is the case, for example, with annual financial statements or fixed-term employment contracts. The QES is legally equivalent to a handwritten signature – this is stipulated by the eIDAS Regulation for all EU member states. However, companies must ensure that the implementation of the signature complies with the laws of the respective country.

In addition to the mandatory use of a QES, there may be other regulations. For example, employment contracts in Germany can be signed digitally, but the main contractual terms and conditions are also required in paper form due to the Evidence Act. In rare cases, the electronic form is also completely excluded by law – as is the case with the cancellation of an employment contract.

Digital representation of a document with security features, including a padlock, key and binary code, symbolising data protection and digital signature.

The advanced electronic signature is recognised as a legally valid alternative to the handwritten signature if the legislator has not stipulated a formal requirement for the signed document. For B2B contracts, there is often no formal requirement, which is why the AES is well suited here. For example, it can be used for purchase contracts, orders or the conclusion of an open-ended rental agreement. Although a simple electronic signature (SES) would also be possible here, it does not offer the desired probative value and integrity of the document.

In addition to complying with eSignature requirements, companies must also ensure that the signature process is compliant with data protection regulations. To fulfil the requirements of the GDPR or the Swiss DSG/VDSG, you should obtain detailed information about the security of your data from your desired eSignature provider.

Electronic signature providers: How to choose the perfect tool

There are numerous providers of electronic signatures. This makes it all the more important to ensure that the tool meets the requirements of your company and fulfils certain quality features. These include

  1. Certifications such as ISO 27001
  2. the availability and location of the servers
  3. the availability of the support team
  4. the scope of the signature standards offered
  5. the type of data processing and encryption

Local data processing is always more secure than storage in the cloud. In addition, documents should always be sent end-to-end encrypted. Because as soon as your documents leave your company’s own IT environment, you must rely on your eSigning provider to provide sufficient security measures.

At Certifaction, on the other hand, we rely on processes that make access by third parties impossible “by design. Only you have control over your data, documents and their content. At the same time, both advanced and qualified electronic signatures are quick and intuitive with us.

Conclusion

Electronic signatures offer many advantages for B2B companies. In order to choose the right type of signature, you should consider the respective use case and legal requirements. While the advanced electronic signature (AES) is well suited for B2B contracts, other documents require the written form and therefore the qualified electronic signature (QES).