April 21, 2026 · Compliance Guide
AES vs QES vs SES: Electronic Signature Levels Explained for Developers
The EU eIDAS Regulation defines three levels of electronic signatures. Most developers only need the simplest one. Here's how to tell which level your application requires — and what it costs to implement each.
Founder, Signbee
TL;DR
SES (Simple Electronic Signature) covers 95% of use cases: B2B contracts, freelance agreements, terms of service, NDAs. It's legally valid under both the US ESIGN Act and EU eIDAS. AES (Advanced Electronic Signature) adds identity verification and tamper detection — use it for regulated industries and higher-value contracts. QES (Qualified Electronic Signature) equals a handwritten signature in the EU — required only for real estate, certain government filings, and specific regulated transactions. Cost goes from $0.50/doc (SES) to $5-20/doc (QES).
The three levels at a glance
| SES | AES | QES | |
|---|---|---|---|
| Full name | Simple Electronic Signature | Advanced Electronic Signature | Qualified Electronic Signature |
| Legal basis (EU) | eIDAS Art. 3(10) | eIDAS Art. 3(11), Art. 26 | eIDAS Art. 3(12), Art. 25 |
| Legal basis (US) | ESIGN Act § 106 | Not defined (SES is sufficient) | Not defined |
| Identity verification | Email only | Email + SMS OTP or ID check | Face-to-face or video ID |
| Tamper detection | Audit trail | Cryptographic seal | QSCD + timestamp |
| Legal equivalence | Admissible evidence | Strong evidence | = handwritten signature |
| Typical cost | $0.50/doc | $2-5/doc | $5-20/doc |
| API integration | ~30 minutes | ~2-4 hours | ~1-2 days + QTSP contract |
SES: Simple Electronic Signature
A Simple Electronic Signature is any electronic data attached to or logically associated with other electronic data, used by the signatory to sign. This includes typed names, drawn signatures, checkbox acceptances, and API-generated signature pages.
Under the US ESIGN Act and UETA, SES is the only level defined — and it's sufficient for virtually all commercial contracts. Under EU eIDAS, SES cannot be denied legal effect solely because it's in electronic form (Article 25.1).
When SES is enough
- B2B service agreements and SOWs
- Freelance contracts and consulting agreements
- NDAs and confidentiality agreements
- Terms of service and privacy policy acceptances
- Offer letters and employment contracts (most jurisdictions)
- Invoices and purchase orders
- SaaS subscription agreements
Signbee uses SES with SHA-256 cryptographic certificates and full audit trails — stronger than basic SES but without the cost and complexity of AES/QES identity verification.
AES: Advanced Electronic Signature
An Advanced Electronic Signature must meet four requirements defined in eIDAS Article 26:
- Uniquely linked to the signatory
- Capable of identifying the signatory
- Created using signature creation data under the signatory's sole control
- Linked to the signed data so any subsequent change is detectable
In practice, this means the signing flow includes an additional identity verification step — typically SMS OTP, email verification code, or government ID upload. The document is then cryptographically sealed so modifications are detectable.
When to use AES
- Financial services agreements (loan applications, investment mandates)
- Insurance contracts in the EU
- Healthcare consent forms (varies by jurisdiction)
- Cross-border EU contracts where legal disputes are likely
- Government procurement contracts
- Any contract where the signatory's identity is likely to be challenged
QES: Qualified Electronic Signature
A Qualified Electronic Signature is an AES created by a Qualified Signature Creation Device (QSCD) and based on a qualified certificate issued by a trust service provider on the EU Trusted List.
Under eIDAS Article 25.2, QES has the legal equivalent of a handwritten signature across all 27 EU member states. This is the highest level of legal certainty available.
Warning: QES adds significant cost and friction
QES requires the signatory to verify their identity through a Qualified Trust Service Provider (QTSP) — either in person or via video identification. Each signature costs $5-20 depending on the provider. The onboarding process adds 5-15 minutes per signer. Only use QES when legally required.
When QES is required
- Real estate transfers (some EU countries — Germany, Austria, France)
- Court filings and notarised documents
- Consumer credit agreements (Germany — BGB §492)
- Employment termination letters (some EU jurisdictions)
- Company formation documents (varies by country)
- Any document that national law requires "in writing" (Schriftform)
Implementation comparison
US vs EU: the practical difference
In the United States, the ESIGN Act and UETA don't distinguish between signature levels. Any electronic signature — from a checkbox to a biometric scan — is legally valid if the signatory intends to sign and consents to electronic records. The key legal test is intent, not technology.
In the European Union, eIDAS creates a hierarchy. SES is admissible but can be challenged. AES provides stronger presumption of validity. QES is irrefutable — equivalent to a handwritten signature by law.
For developers building products used in both markets: implement SES with strong audit trails (timestamps, IP addresses, browser fingerprints, cryptographic hashes). This satisfies US requirements and provides a solid foundation for EU use. Add AES/QES capabilities only for specific regulated workflows.
Frequently Asked Questions
What is an Advanced Electronic Signature (AES)?
An AES is an electronic signature that meets four criteria under eIDAS Article 26: uniquely linked to the signatory, capable of identifying them, under their sole control, and tamper-evident. It's stronger than a Simple Electronic Signature but doesn't require a qualified certificate.
Is a Simple Electronic Signature legally binding?
Yes. Under both the US ESIGN Act and EU eIDAS, Simple Electronic Signatures cannot be denied legal effect solely because they are in electronic form. For most B2B contracts, NDAs, and service agreements, SES is legally sufficient. The strength of the signature depends on the audit trail and evidence of intent, not the technology used.
Can I implement AES or QES via API?
AES can be implemented by adding identity verification (SMS OTP, email code, or ID check) to your signing flow. Most e-signature APIs support this. QES requires integration with a Qualified Trust Service Provider (QTSP) like Swisscom, DocuSign France, or InfoCert. This typically involves a partner contract and video identification for each signer.
Start with SES — $0.50/doc, SHA-256 audit trails, legally valid worldwide.
Last updated: April 21, 2026 · Michael Beckett is the founder of Signbee and B2bee Ltd. This article is for informational purposes and does not constitute legal advice.