Is a Digital Signature Binding? SES/QES/AES: Legality and Security

Signing documents online is fast, convenient, and in many cases, legally binding - but not all digital signatures offer the same level of protection or recognition.

If you're navigating contracts or compliance, understanding which type to use depends on the document's risk level and regulatory context.

Under the eIDAS Regulation, electronic signatures fall into three core types: Standard Electronic Signature (SES), Advanced Electronic Signature (AES), and Qualified Electronic Signature (QES).

If you need to prove who signed, defend the signature's validity, or meet strict legal requirements, the distinction between them is the starting point.

What Is a Digital Signature?

A digital signature is a secure, encrypted mark or code added to an electronic document to confirm the signatory's identity and their intent to agree - in effect, a digital "handshake."

In the European Union, the eIDAS Regulation governs how digital signatures work and their legal weight in court.

The Three eIDAS Signature Types

• Standard Electronic Signature (SES): The simplest "tick-the-box" or typed-name signature
• Advanced Electronic Signature (AES): Offers higher security and certainty, usually backed by cryptography
• Qualified Electronic Signature (QES): The gold-standard, legally equivalent to a handwritten signature EU-wide

How Binding Is Each Digital Signature Type?

Standard Electronic Signature (SES)

SES is any digital indication of agreement, like signing an email with your name or clicking "I accept."

These signatures are legally valid under eIDAS, but their strength in legal disputes is generally limited without supporting evidence.

They're easy, cost-effective, and great for low-risk, everyday agreements.

However, SES is also vulnerable to forgery and impersonation, and it offers minimal evidence if challenged in court.

Advanced Electronic Signature (AES)

AES steps up the requirements. The signature must be:

• Uniquely linked to the signatory
• Capable of identifying them
• Created under their sole control
• Linked to the document so it's tamper-evident (you can see if it's changed)

This level is most often backed by Public Key Infrastructure (PKI), using encrypted keys and certificates.

AES carries greater evidentiary value in legal disputes and is a strong choice for medium-risk transactions (like employment contracts or financial documents).

Qualified Electronic Signature (QES)

QES takes security further. It's an AES that is:

• Created by a Qualified Signature Creation Device (QSCD)
• Based on a qualified certificate issued by a government-approved Qualified Trust Service Provider (QTSP)

QES has the highest legal status - it's the only type considered equal to a handwritten signature throughout the EU (and recognised by UK law post-Brexit for most regulated sectors).

QES is required for high-stakes legal acts like land registration, government dealings, and cross-border filings.

QES is the most tamper-resistant option, but more complex and costly to implement.

It usually requires specialised software, devices, and face-to-face or video ID checks.

"PKI-backed signatures only help if the audit trail shows who signed, when, and on what document. Without that evidence, even an advanced signature can be hard to defend in a dispute."

Michael Wakefield, CTO, Mailock / Beyond Encryption

With all three levels defined, the practical differences come down to evidence, cost, and setup.

Quick Comparison: SES vs AES vs QES

• Legal Validity (EU):
  • SES: Valid, lowest weight
  • AES: Valid, higher evidence
  • QES: Valid, highest/handwritten equivalence
• Security Level:
  • SES: Basic
  • AES: Enhanced, tamper-evident
  • QES: Maximum, identity checked by a trusted authority
• Use Cases:
  • SES: Low-risk, everyday agreements
  • AES: Medium-risk, financial/employment docs
  • QES: High-risk, real estate, legal, and regulatory filings
• Cost:
  • SES: Lowest
  • AES: Moderate
  • QES: Highest
• Ease of Use:
  • SES: Easiest
  • AES: Moderate
  • QES: Requires setup/ID check

How To Choose the Right Digital Signature

You need to think about:

• Risk Level: How sensitive is the document?
• Legal And Regulatory Needs: Does the law require a certain type?
• Practicality: What can your signatories easily use?
• Budget: Is this document worth an extra security investment?

For day-to-day, low-risk work, SES is often fine.

For anything valuable, personal, or regulated, AES is the safer default.

For deeds, court, or major regulated transactions, only QES will do.

Best Practice: Platform Security & Evidence

Whatever signature you use, make sure the platform itself is secure, compliant, and transparent in audit logs.

Document who signed, when, from where, and with what evidence.

This helps you prove intent and identity if a dispute arises.

"There is no 'good and bad' when it comes to security.

SES is a great example of a tool that meets this demand head-on, giving businesses the tools to move forward without friction.

It can be adequate for a majority of processes."

Paul Holland, Founder and CEO, Mailock / Beyond Encryption

The signature tier you choose should match the document, but the platform behind it still needs to record who signed and when.

FAQs

Are Digital Signatures Legally Binding in the UK and EU?

Yes. All signature types are legally recognised under eIDAS (and UK eIDAS), but evidentiary strength and acceptance vary.

Is an Email "Signature" or Tick-Box Always Enough?

For minor, informal, or internal agreements, yes. For high-risk or regulated deals, use AES or QES for additional security and legal protection.

Can a Digital Signature Be Challenged in Court?

Yes, but a more secure signature (AES/QES) and detailed audit trail make disputes less risky to defend.

References

Regulation (EU) No 910/2014 (eIDAS Regulation), European Union, 2014

ICO Guide to eIDAS, ICO, 2025

Electronic Execution of Documents, UK Government, 2019

Adobe: eIDAS Compliance, Adobe, 2024

Reviewed by

Sam Kendall, 02.06.26

This content is for general information only and is not legal advice.