LegalApril 25, 2026Moshe Achouz

eIDAS electronic signatures explained: SES, AES, QES (2026)

eIDAS defines three levels of e-signature: simple, advanced, qualified. Here's what each means, when to use which, and the legal weight in the EU and beyond.

eIDAS Regulation (EU) 910/2014, amended by 2024/1183, defines three levels of electronic signature: SES (Simple), AES (Advanced) and QES (Qualified). Only QES is legally equivalent to a handwritten signature in all 27 EU member states (Article 25.2). For most B2B contracts, AES is the right default β€” robust, fast to deploy, recognized internationally.

Three eIDAS signature levels compared : SES (typed name, NDAs), AES (digital certificate, B2B contracts), QES (hardware token, notary/real estate)
Each level adds cryptographic identity-proof : SES = typed name, AES = digital certificate, QES = hardware token + qualified TSP.

You sign a contract online, hit "I agree," and it's done β€” but is it actually legally binding? In the European Union, the answer depends on which eIDAS signature level you used. Most signing tools don't make this clear, and businesses end up either overspending on qualified signatures they don't need, or signing critical contracts with a signature too weak to hold up in court. This guide unpacks the three eIDAS levels and where each one belongs.

What eIDAS actually is

eIDAS (Electronic Identification, Authentication and Trust Services) is EU Regulation 910/2014, in force since July 2016 and fully implemented across all 27 member states. It's directly applicable β€” no national transposition needed β€” which means a qualified electronic signature created in Germany has identical legal weight in France, Italy, or Poland.

eIDAS 2 β€” Regulation (EU) 2024/1183 β€” was published 30 April 2024 and entered into force on 20 May 2024. It amends the original 910/2014 regulation and introduces the European Digital Identity Wallet (EUDI Wallet). The first set of implementing acts was published 4 December 2024. Key 2026 deadlines: by late December 2026, all 27 Member States must offer EUDI Wallets to citizens; by late December 2027, very large online platforms (gatekeepers under the DMA) must accept the wallet for strong authentication on user request. The three signature levels (SES/AES/QES) themselves remain unchanged under eIDAS 2.

The regulation defines three signature levels, each with stricter identity-proof and tamper-evidence requirements:

  • SES β€” Simple Electronic Signature
  • AES β€” Advanced Electronic Signature
  • QES β€” Qualified Electronic Signature

Only one of them β€” QES β€” is legally equivalent to a handwritten signature across the EU.

Level 1 β€” SES (Simple Electronic Signature)

A SES is the lowest-friction e-signature: typing your name, clicking "I agree" or pasting a scanned signature image. It's admissible in EU courts (Art. 25.1) but its evidentiary weight is left to the judge's appreciation. Use it for low-risk internal documents and trusted-counterparty NDAs ; never for high-value or contested contracts.

Person drawing a cursive signature with their finger on a smartphone touchscreen as a Simple Electronic Signature on a contract
A typed name, a click on 'I agree', or a finger-drawn signature : all three count as SES under Article 3.10.

A SES is any electronic data attached to or logically associated with other data, which the signer uses to sign (Article 3.10). That's an extremely broad definition. It includes:

  • Typing your name in an email
  • Clicking "I agree" on a checkbox
  • Drawing a signature with your finger on a touchscreen
  • Pasting a scanned image of your handwritten signature into a PDF

Legal weight: admissible as evidence in EU courts (Article 25.1) β€” it cannot be denied just because it's electronic. But its evidentiary force is left to the judge's appreciation, and the burden of proof falls on the party trying to enforce it.

When to use SES: low-risk internal documents, NDAs with trusted parties, vendor proposals, meeting attendance sheets, internal approvals. For anything where a dispute is unlikely or the value is small (< €1,000 is a common threshold), SES is fine.

Don't use SES for: real estate contracts, employment terminations, divorce settlements, anything above €10,000, or anything where the other party might later deny signing.

Level 2 β€” AES (Advanced Electronic Signature)

AES is the sweet spot for 95% of business signing : a digital certificate uniquely linked to the signer, a tamper-evident hash, and an audit trail. It satisfies Article 26's four requirements without the cost or in-person friction of QES. Most EU courts accept AES at face value for commercial contracts.

Visual representation of an Advanced Electronic Signature : digital certificate, cryptographic hash chain, audit trail with timestamps
AES embeds a tamper-evident hash + signer's digital certificate, so any change to the document after signing is detectable.

An AES adds four cryptographic requirements (Article 26):

  1. Uniquely linked to the signer
  2. Capable of identifying the signer
  3. Created using signature creation data the signer can use under their sole control (typically a private key)
  4. Linked to the data signed in such a way that any subsequent change is detectable (typically a hash)

In practice, AES is implemented with a digital certificate issued by a trust service provider (TSP), often after a video identity check or document verification. The signature embeds a tamper-evident hash and an audit trail.

Legal weight: stronger evidentiary force than SES. The signer's identity is bound to the document cryptographically, so denying the signature requires proving compromise (e.g., stolen credentials). Most EU courts accept AES at face value for commercial contracts.

When to use AES: B2B commercial contracts, supplier agreements, lease agreements, employment offers, most sales contracts. AES is the default sweet spot for business: legally robust, fast to deploy, no in-person verification required.

iFillPDF supports AES signatures with cryptographic certificates, audit trail, and tamper-evident PDF embedding β€” which covers ~95% of business signing needs.

Level 3 β€” QES (Qualified Electronic Signature)

A QES is an AES + qualified hardware (smart card, USB token, or certified cloud HSM) + a qualified certificate from an EU-listed Trust Service Provider. Under Article 25.2 it has the same legal effect as a handwritten signature in all 27 EU member states β€” and the burden of proof is reversed if anyone challenges it. Required for notarized acts, certain labor terminations, and cross-border banking.

Hand inserting a USB hardware security token into a MacBook for Qualified Electronic Signature creation under eIDAS
QES requires a Qualified Signature Creation Device (QSCD) β€” typically a hardware token or smart card β€” plus identity verification with a TSP.

A QES is an AES that additionally:

  • Is created on a Qualified Signature Creation Device (QSCD) β€” a hardware token, smart card, or certified cloud HSM
  • Uses a qualified certificate issued by an EU Trust Service Provider listed on the official EU Trust List
  • Requires strong identity verification (in-person, video-ID with a notary, or eID wallet)

Legal weight (Article 25.2): a QES has the legal effect equivalent to a handwritten signature in all 27 EU member states. Courts must treat it as if you signed in ink. The burden of proof is reversed: anyone challenging the signature must prove it's invalid, not the other way around.

When you must use QES:

  • Some real estate transactions in certain countries (notarized acts in France, Germany, Spain)
  • Certain labor law contracts (e.g., termination by mutual consent in France, requiring "Γ©crit" on paper or QES)
  • Certain administrative procedures (tax declarations, customs, public procurement above thresholds)
  • Cross-border banking documents under PSD2

When QES is overkill: standard B2B contracts under €100,000, NDAs, freelance agreements, internal HR docs. QES costs €5–€20 per signature and requires the signer to enroll with a TSP (10–30 minutes the first time). Don't impose this friction unless the law or the counterparty requires it.

How to choose the right level

Default to AES for any commercial contract. Use SES only for trivial internal documents (NDAs, attendance sheets). Use QES only when the law specifically requires "the equivalent of a handwritten signature" or your counterparty insists.

A practical decision matrix:

  • Internal doc, no legal stakes β†’ SES (typed name or click)
  • B2B contract, value < €100k, both parties known β†’ AES
  • B2B contract, high value, or with unknown counterparty β†’ AES with strong identity check
  • Anything where the law requires "the equivalent of a handwritten signature" β†’ QES
  • Cross-border to a non-EU country (US, UK, Switzerland) β†’ AES is widely recognized; check the local equivalent (e.g., ESIGN Act in the US, eIDAS UK post-Brexit)

When in doubt, AES is the default. SES is for trivial cases, QES is for legal mandates.

What about US, UK, and the rest of the world?

  • United States: the federal ESIGN Act (Electronic Signatures in Global and National Commerce Act, 15 U.S.C. Β§Β§ 7001–7031, signed 2000) plus UETA (Uniform Electronic Transactions Act, adopted by 49 states + DC + USVI; New York has its own equivalent ESRA) make almost any e-signature enforceable, including SES. The two cornerstones: signer intent + record retention. For federal contracts and a handful of state-specific cases (wills, codicils, family-law adoptions), a higher assurance level is required.
  • United Kingdom: post-Brexit, the UK adopted its own version of eIDAS (UK eIDAS Regulations 2019, SI 2019/89). The UK no longer auto-recognizes EU QES; mutual recognition requires bilateral assessment. The Electronic Communications Act 2000 still governs admissibility.
  • Switzerland: ZertES (Federal Act on Certification Services in the Field of Electronic Signatures, SR 943.03) defines four levels β€” SES, AES, regulated, and qualified. Swiss QES and EU QES are mutually recognized for most cross-border use cases via Annex 6 of the bilateral agreement.
  • Brazil: MP 2.200-2/2001 (ICP-Brasil) for qualified; Law 14.063/2020 for general e-signatures. Mexico: NOM-151-SCFI-2016. Singapore: Electronic Transactions Act 2010. Australia: Electronic Transactions Act 1999.

Quick comparison β€” handwritten-equivalent threshold:

Region Top tier Statute
EU 27 QES eIDAS 910/2014 + 2024/1183 (Art. 25.2)
US Digital signature meeting ESIGN/UETA criteria 15 U.S.C. Β§7001
UK UK QES UK eIDAS Regulations 2019
Switzerland QES on QSCD ZertES (SR 943.03)
Brazil ICP-Brasil qualified MP 2.200-2/2001

For international deals, AES with a clear audit trail is your safest bet β€” it's recognized almost everywhere.

World map highlighting eIDAS-equivalent signature regimes : EU 27 (QES, eIDAS 910/2014), UK (UK eIDAS 2019), Switzerland (ZertES), US (ESIGN/UETA), Brazil (ICP-Brasil)
AES is the international common denominator. QES-equivalents exist in CH and BR ; the US ESIGN Act recognizes intent + record retention without requiring a specific level.

FAQ

What is the difference between SES, AES and QES? SES is any electronic mark of agreement (typed name, click on "I agree", drawn signature). AES adds cryptographic identity-binding via a digital certificate. QES is an AES created on a Qualified Signature Creation Device (smart card / USB token) with a qualified certificate from an EU-listed TSP. Only QES is legally equivalent to a handwritten signature across all 27 EU member states (Article 25.2).

Is an electronic signature legally binding in the EU? Yes, all three eIDAS levels are admissible in EU courts (Article 25.1). The difference is evidentiary weight : SES is admissible but its strength is judged case-by-case ; AES is presumed reliable unless contested ; QES has the same legal force as a handwritten signature without requiring further proof.

When do I need a Qualified Electronic Signature (QES) ? QES is mandatory for : notarized acts in France/Germany/Spain (real estate, marriage contracts), certain labor terminations (mutual-consent dismissal in France), tax/customs declarations, public procurement above EU thresholds, and cross-border banking under PSD2. For everything else (B2B contracts, NDAs, freelance agreements, employment offers under €100k), AES is enough and far cheaper.

How much does an eIDAS qualified electronic signature cost? QES costs typically range from €5 to €20 per signature, plus the one-time enrollment with a Trust Service Provider (free or €20-50, depending on the TSP). The signer must verify their identity in person, by video-ID with a notary, or via the EU eID Wallet (now mandated by eIDAS 2 to be available in all member states by late December 2026). AES signatures cost €0.50 to €3 per signature with no upfront enrollment.

Is an electronic signature recognized in the US? Yes. The federal ESIGN Act (15 U.S.C. Β§Β§ 7001-7031, 2000) and UETA (adopted by 49 states + DC + USVI) make almost any e-signature enforceable, provided the signer demonstrated intent and the record is retained. The US doesn't have eIDAS levels but most QES providers also issue US-recognized signatures. Wills, codicils and certain family-law adoptions still require wet ink in some states.

What is eIDAS 2 and when does it apply? eIDAS 2 = Regulation (EU) 2024/1183, in force 20 May 2024. It amends 910/2014 and introduces the European Digital Identity Wallet (EUDI Wallet). The three signature levels (SES/AES/QES) are unchanged. By late December 2026, all 27 Member States must offer EUDI Wallets to citizens ; by late December 2027, gatekeeper platforms (under DMA) must accept the wallet for strong authentication on user request.

Sign your next contract under eIDAS

If you're signing a B2B contract this week, an AES is what you need β€” fast to deploy, legally solid across the EU and most other markets. Drop your PDF into iFillPDF's e-signature tool, add signers, the platform handles certificate issuance, audit trail, and tamper-evident embedding automatically. For ready-made contract templates that pair well with e-signature, browse our legal templates library.

iFillPDF e-signature interface ready to add signers to a contract PDF, with an 'AES Β· eIDAS Article 26' compliance badge
Read next
Got a question about this article? Get in touch
eIDAS electronic signatures explained: SES, AES, QES (2026) β€” iFillPDF