Electronic signatures have many advantages, including increasing process efficiency and contract conversion. However, not all types of electronic signatures are the same. Three electronic signatures differ in technical complexity and legal and regulatory acceptance. This guide explains what an advanced electronic signature (short: AES) is and how it differs from other electronic signatures.
Since digital signing is only sometimes secure, various technical procedures have been developed to make paperless signing more secure. The advanced electronic signature is one of the three types of electronic signatures. Due to its complexity, it has a high level of security and is often used for informal agreements and standard contracts.
An electronic certificate is an integral part of the advanced electronic signature. The certificate allows verification of an AES, and you can assign the data it contains to a person confirming their identity.
According to Section 4, Article 26 of the EU Regulation on Electronic Identification and Trust Services for Electronic Identification (eIDAS), an advanced electronic signature must meet the following requirements:
When concluding a contract and other legally binding transactions, people still tend to use paper due to security concerns. However, paper-based processes create higher costs and decrease efficiency. For example, if you draft a contract on paper, you create it digitally on the computer, print it out, place it in an envelope, and send it via post. This process can take several days and create additional costs.
Using the advanced electronic signature instead of the traditional handwritten signature, you can shorten your processes. In addition, processes become more efficient, save costs and create a higher contract conversion rate. Another significant advantage is that with the advanced electronic signature, subsequent changes in data are detectable.
In contrast to the advanced signature, the simple electronic signature has very little complexity. And security.
While the advanced electronic signature requires encryption software, it is unnecessary when using a simple electronic signature. It is sufficient to sign a PDF on the tablet or to insert an image of the scanned signature. Sending the simply signed file is also unencrypted.
The advanced electronic signature is a lot more secure because it can be used to verify the origin and authenticity of the signature and thus exclude forgery. This is made possible by using digital security keys and certificates.
The qualified electronic signature is the most secure type of electronic signature and has a higher security level than the advanced electronic signature. Only the qualified electronic signature is legally equivalent to the handwritten signature, thus fulfilling the legal form requirement for concluding contracts.
Both the qualified and the advanced signature use the exact technical mechanisms. In the case of the qualified signature, however, you can validate the identity and authenticity of the signatory, it is based on a qualified electronic certificate, and a signature key must be available in a qualified electronic security unit.
Although the technical processes of the advanced electronic signature are complex, the technical requirements for the user are limited. All that is needed to create an advanced electronic signature is suitable software for signing the document.
This program creates a public verification key and a signature key with which the recipient can verify the signature's authenticity.
Since the advanced electronic signature is very secure due to its complexity, its probative value in court is relatively high. Nevertheless, the advanced signature is not comparable to a handwritten signature's probative force and legal validity. However, according to German Civil Code paragraph 127, section 3 BGB, an advanced electronic signature is sufficient if this has been contractually agreed upon beforehand.
Since the advanced electronic signature is relatively secure, it is often used in agreements and standard contracts that do not require the written form. An example of this is a PGP-signed e-mail.