Guide to Understanding Electronic Signatures: Essentials and Insights

In the digital age, electronic signatures have become an integral part of our daily lives, revolutionising the way we conduct business and interact with public authorities. The European Union's eIDAS regulation, enacted in 2014, provides a framework for the legal validity and cross-border recognition of electronic signatures, including three main types: Simple Electronic Signature (SES), Advanced Electronic Signature (AES), and Qualified Electronic Signature (QES).

Simple Electronic Signature (SES)

The most basic form of electronic signature, SES involves minimal identity verification and can take various forms such as a tick box on a website or a scanned signature. While generally legally valid, SES offers limited security and evidentiary value.

Advanced Electronic Signature (AES)

A step up from SES, AES requires a stronger connection between the signatory and the signature. It is uniquely linked to the signatory, capable of identifying them, and linked to the signed data in such a way that any change is detectable. AES often involves Certificate Authorities and audit trails but does not meet all the strictest criteria of QES.

Qualified Electronic Signature (QES)

QES is the highest security level and has the same legal effect as a handwritten signature across the EU. It requires the use of a qualified digital certificate issued by a Qualified Trust Service Provider (QTSP), a formal identity verification process, and PKI-based cryptographic technologies. QES signatures comply fully with the eIDAS regulation and are recognised as legally binding and non-repudiable in all EU member states.

When Each is Mandatory in Italy and Europe

SES can be used in most everyday electronic transactions where high security is not required, such as low-risk agreements or internal business processes. It is often sufficient where convenience is prioritized over stringent legal formalities.
AES is suitable where a higher level of evidence is needed but a QES is not mandatory, such as in some commercial contracts or document workflows requiring a reliable link to the signatory.
QES is mandatory or strongly recommended where the law expressly requires a high level of assurance and legal certainty equivalent to a handwritten signature. In Italy and all EU countries, it is mandatory in contexts such as public procurement and official government contracts, certain legal, financial, and administrative procedures requiring maximum signature security and verification, and where national laws or sector regulations specifically require it.

For example, Italy’s public eInvoicing system (Sistema di Interscambio - SDI) mandates compliance with European standards, often using qualified electronic signatures or legally recognised equivalent digital signatures to ensure authenticity and integrity of invoices transmitted to public authorities.

In summary:

| Signature Type | Security & Verification | Legal Status | Typical Use & Mandate | |-----------------------------|-----------------------------------|------------------------------|---------------------------------------------------------| | Simple Electronic Signature (SES) | Basic, minimal verification | Legally valid but less reliable | Low-risk, convenience-focused transactions | | Advanced Electronic Signature (AES) | Strong link to signer and data | Higher evidential value | Commercial agreements requiring reliable signatures | | Qualified Electronic Signature (QES) | Requires QTSP-certified digital certificate, strong ID verification, PKI | Equivalent to handwritten signature under EU law | Mandatory in public contracts, high-trust legal contexts |

All three types are regulated under the EU eIDAS framework, which applies uniformly across EU member states, including Italy. Additionally, national electronic identity cards with digital signature capabilities support QES usage across Europe, enhancing secure and legally compliant digital signing.

In Europe, there is no doubt about the validity of an electronic signature, even in the United Kingdom after Brexit. Furthermore, both AES and QES have "probative value," meaning they can be used in court to prove a document, agreement, or contract has been signed.

When examining a signature strategy or solution for one's company, it is important to understand which contracts or acts are normally signed or used and to have a clear idea of which signature solution can be used for a particular type of contract rather than another. The validity of an extra-EU electronic signature depends on the country that regulates the contract, and it is good practice to verify the legislation of the country in which one operates.

Article 21 of the CAD provides indications on contracts, acts, and documents in which it is mandatory to use a Qualified Electronic Signature and on those in which an Advanced Electronic Signature can be used. At the eIDAS level, Article 25 states that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form or because it does not meet the requirements for qualified electronic signatures.

Grafometric Signature, a type of electronic signature drawn by a signer on a special tablet that collects biometric data to determine the authenticity of the signature, falls under the category of Advanced Electronic Signatures. Advanced electronic signatures, including Grafometric Signature, and Qualified Electronic Signatures (therefore also Digital Signature) are equated to a handwritten signature according to Article 20 of the CAD.

The electronic signature has many advantages, including time saved, costs saved, increased customer satisfaction, and environmental benefits. Businesses offering solutions for digital transformation, such as Sorgenia, provide services like Document Archiving in Compliance with Regulations, Digital Customer Onboarding, EDI - Electronic Data Interchange, Electronic Invoice Platform, International Electronic Invoicing, Corporate Electronic Signature, Electronic Seal, Document Management Software, and Supply Chain Management.

In conclusion, understanding the differences between SES, AES, and QES and their respective uses and mandates is crucial for businesses and individuals in the EU to ensure secure, legally compliant, and efficient digital transactions.