Advanced Electronic Signature (AES)

AES provides stronger legal standing than SES but does not automatically equal a handwritten signature like QES does.

**The four requirements of AES (eIDAS Article 26)**

An AES must satisfy all four criteria simultaneously:

1. **Uniquely linked to the signatory:** The signature must be traceable to one specific person, not shared or generic.

2. **Capable of identifying the signatory:** There must be a reliable mechanism to determine who signed — typically through cryptographic keys or verified credentials.

3. **Created using data under the signatory's sole control:** Only the signer can create the signature. This rules out shared credentials or delegated signing without proper authorisation.

4. **Linked to the data in such a way that any subsequent change is detectable:** If the document is modified after signing, the signature becomes invalid. This is typically achieved through cryptographic hashing (e.g., SHA-256).

**AES in practice**

Many e-signature providers claim to provide AES-level signatures, but the classification depends on the specific implementation. A signature created using a personal cryptographic key stored on a secure device, with SHA-256 tamper detection, likely qualifies as AES. A typed name on a web form typically does not.

**When do you need AES?**

For most business contracts in the EU, SES is legally sufficient — the burden of proof simply shifts. AES provides a higher level of assurance and may be required by: - Internal compliance policies - Industry-specific regulations - B2B contracts where both parties want non-repudiation - Cross-border EU transactions where parties want additional legal certainty

If your use case legally requires the absolute highest standard, you need QES (Qualified Electronic Signature), not just AES.