Electronic, Advanced and Qualified Signature: differences and legal validity

Electronic, Advanced and Qualified (Digital) Signature: differences and legal validity Electronic signature, advanced electronic signature and qualified signature: what they are, the differences and when they are used

The term electronic signature broadly refers to a heterogeneous set of tools and methods for digital subscription: it ranges from entering simple credentials (username and password) to digital signatures based on physical devices such as tokens or smart cards.

It is important to clarify that electronic signature and digital signature are not synonyms. In fact, they represent different categories, with varying levels of technical complexity, security, methods of signer identification and legal validity. To avoid confusion, it is useful to refer to the official definitions contained in the Italian Digital Administration Code (CAD) and the European eIDAS Regulation, which establish the requirements and characteristics of each type of signature.

What are the types of electronic signatures?

The eIDAS regulation (Electronic Identification, Authentication and Trust Services) identifies 3 different levels of signature:

• Simple Electronic Signature (SES): does not have overriding legal value and its evidential value is limited, but it is widely used, for example to identify the person signing a document or an action such as logging into a website or web service;
• Advanced Electronic Signature (AES): a stronger form than the SES, which can have the same legal validity as a handwritten signature for certain types of contracts and private writings;
• Qualified Electronic Signature (QES): also known as a digital signature, it allows citizens and businesses to sign contracts and documents with full legal validity.

Within these three categories of electronic signatures fall multiple forms of IT authentication: the PIN code entered to pay with a card is already an electronic signature, as is the scan of a handwritten signature on paper. Technically included among electronic subscriptions are also the use of username and password to access a website and authentication via one-time password (OTP).

Simple Electronic Signature (SES): the most accessible and widespread form of electronic signature

The Simple Electronic Signature (SES or QES) represents the most basic and widespread type of electronic signature. Legislation defines it as "data in electronic form which is attached to or logically associated with other electronic data and which is used by the signatory to sign".

The eIDAS Regulation sets out a key principle: an electronic signature cannot be denied legal effect solely because it is in digital form. In addition, Article 20, paragraph 1-bis of the Digital Administration Code (CAD) provides that the evidential value and suitability of the electronic document to meet the written form requirement shall be freely assessed in court, taking into account the security, integrity and immutability of the signature solution used. This means that the SES also enjoys legal recognition, albeit with some limitations; in particular, it is up to the user to prove its reliability.

To increase the security and legal value of the SES, the process can be supplemented with additional authentication systems, such as two-factor authentication, where a code sent by SMS or email is required to complete the signature.

An additional element that strengthens its credibility is the creation and storage of an audit trail, a complete record collecting all information relevant to the validity of the signature — such as sender and signer data, IP addresses, authentication methods and signed documents. This record acts as a safeguard in case of disputes, making it possible to accurately reconstruct the electronic signature process.

Use cases for Simple Electronic Signature

The simple electronic signature (SES) can be used where no legal obligation requires a higher level of signature (advanced or qualified), for example in the following cases:

• Home deliveries: signing on the courier’s handheld device to confirm receipt.
• Acceptance of policies: privacy, data processing, terms of service for an online service.
• Registrations for courses or events where simple user consent is sufficient.
• Commercial documents: Quotes, orders, order confirmations, and delivery notes (DDT).
• Internal orders and confirmations within a company: leave requests, approval of expense reports, confirmation of activities.

Advanced Electronic Signature (AES): what it is and when to use it

The Advanced Electronic Signature (AES or AdES) is the second type of electronic signature in terms of complexity and security, and allows documents to be signed with legal validity. Unlike the simple electronic signature, the AES is uniquely linked to the signatory, ensuring reliable identification.

Another feature of this type of signature is that it is bound to the document in such a way that any subsequent data changes are detectable. To qualify as AES, it must ensure:

• reliable identification of the signatory;
• the unique connection between signature, signatory and document;
• exclusive control by the signatory over the signature creation system;
• the ability for the signatory to detect any subsequent modifications to the document;
• identification of the certification authority issuing the certificate.

Examples of AES include biometric signatures (handwritten on tablets), fingerprint, facial or iris recognition. In dealings with the Public Administration, AES also includes signatures made with CIE, CNS, Health Card, Electronic Passport and SPID. However, this does not mean that such instruments can be equated with an Advanced Electronic Signature: in fact, being considered as such only within national borders, they do not comply with the European eIDAS Regulation (electronic IDentification Authentication and Signature).

Use cases for Advanced Electronic Signature

The advanced electronic signature can be used, for example, in the following cases:

• Real estate sector: property purchase agreements
• Banking services: account opening, banking contracts
• Insurance sector: life insurance, accident insurance, occupational disability, car liability insurance

Qualified Electronic Signature (QES): the signature with the highest level of security

The Qualified Electronic Signature (QES) represents the highest level of security provided by European and Italian legislation for an electronic signature. It is based on the use of cryptographic certification, well-defined legal constraints and has full legal value, equivalent to a handwritten signature.

According to the eIDAS Regulation, the Qualified Electronic Signature is an advanced electronic signature that meets specific additional requirements:

• It is created using a qualified electronic signature creation device
• It is based on a qualified electronic signature certificate
• It is issued by a Qualified Trust Service Provider (QTSP)
• It guarantees authenticity (reliable identification of the signer), integrity (the document cannot be altered after signing) and non-repudiation (the signer cannot deny having signed).

The CAD defines the QES as a signature “based on a system of cryptographic keys, one public and one private, correlated with each other, which allows the holder by means of the private key and the recipient by means of the public key, respectively, to make manifest and to verify the origin and integrity of an electronic document or a set of electronic documents”.

Its legal value is equivalent to that of a handwritten signature and it is legally recognized in all Member States of the European Union.

In Italy, one of the most widespread types of qualified electronic signature is the digital signature, which is used through physical devices such as smart cards, USB tokens or dedicated display devices. Another very important type is remote signature, which accounts for about 60% of qualified electronic signatures in the country. This solution is based on the use of a Cloud HSM (Hardware Security Module) and allows qualified certificates to be used remotely, ensuring signer authentication via a two-factor system.

In recent years, the so-called “disposable” or “one-shot” QES has also gained popularity. In this case, the signer accesses the platform only to sign one or more documents for a limited time, without the need to own a permanent signing tool. The signed documents are stored digitally, thus offering a practical solution for those who do not sign regularly. Onboarding procedures are particularly quick and streamlined if the user has SPID or Electronic ID Card credentials, minimizing the time and steps required for initial identification.

Use cases for Qualified Electronic Signature

The qualified electronic signature is used in cases where a high level of security and full legal validity equivalent to a handwritten signature is required. In particular, it is required for:

• Banking and financial contracts
• Important business contracts, such as employment contracts, company agreements and consultancy contracts.
• Legal and official acts requiring certainty about the signer’s identity and the integrity of the document.
• Tax and civil documents requiring full evidential value.
• Relations with the Public Administration such as high-value public tenders.
• Official communications with public bodies, complex tax declarations, concessions and authorizations
• Any situation where authenticity, integrity and non-repudiation of the signed document must be guaranteed.

 

Type	Legal value	Security level	Examples and use cases
Simple Electronic Signature (SES)	Limited evidential value, subject to judicial evaluation.	Low – can be reinforced with two-factor authentication or audit trail.	- Signature upon delivery of packages - Acceptance of online policies (privacy, terms of service) - Internal orders and confirmations in companies
Advanced Electronic Signature (AES)	May have the same value as a handwritten signature for certain contracts.	Medium – unique connection between signature, signer and document; detects subsequent changes.	- Banking and insurance contracts - Real estate sector (property purchase agreements) - Access to services with SPID, CIE, CNS (in relations with the PA)
Qualified Electronic Signature (QES) (Digital signature)	Full legal value, equivalent to a handwritten signature throughout the EU.	High – based on qualified certificate and secure device (smart card, token, HSM, remote signature).	- Business and employment contracts - Official legal and tax acts - Public tenders and relations with the Public Administration

On Openapi.com you can request all types of electronic signatures — simple, advanced, qualified and massive, directly via API.