Imagine you need to sign an important contract at short notice to close a deal. However, your business partner is on the other side of the country - face-to-face meetings or by post are not an option. In such cases, digital signatures, especially advanced electronic signatures (AES), offer the ideal solution: they allow you to digitally sign the document in a legally secure manner without losing time or having to go through complicated technical processes. Find out in this article how FES works, what advantages it offers and why it is indispensable in today's business world.
The advanced electronic signature, known as Advanced Electronic Signature (AES), is a digital signature that is suitable for various contracts. It combines a high level of security with a simple and efficient application, which makes it particularly practical for everyday business processes. What sets FES apart is its ability to clearly verify the identity of the signatory without having to resort to complex procedures. As a rule, authentication is carried out using efficient methods such as verification by cell phone or e-mail. This keeps the signature process efficient and uncomplicated, while still ensuring a high level of security.
In contrast to the simple electronic signature (EES), where a scanned signature is sufficient and therefore has little probative value, the FES offers significantly more security. The identity of the signatory is verified and the signature is secured by a digital certificate. This legal protection gives the FES much greater validity and makes it difficult to question its validity.
Companies often ask directly for the QES, but this is often not necessary and only costs an unnecessary amount of time and resources.
1. easier to use:
A major advantage of advanced electronic signatures is their ease of use. In contrast to QES, FES often only requires the verification of a cell phone number or e-mail address, which speeds up the process considerably and still offers a high level of security.
2. lower costs:
The FES is not only user-friendly, but also cost-efficient. Compared to QES, many additional costs are eliminated as no special qualified certificates or Hardware Security Modules (HSMs) are required. Identification services are easier and cheaper to perform, making the implementation of FES a cost-effective solution, especially for companies that regularly need to sign contracts digitally.
3. flexibility and speed:
Another advantage of the FES is its flexibility. It can be used in a variety of business and legal contexts where legal protection is important but no formal written form is required. This makes the FES a flexible tool that adapts perfectly to the requirements of modern, digital business processes.
Like the QES, the FES meets the requirements of the eIDAS Regulation and is therefore officially recognized throughout the EU. It is particularly suitable for documents with a medium liability risk. This means that the FES is ideal for situations where security and authenticity are important, but the signature requirements do not have to be at the highest level as with the QES.
As with simple and qualified electronic signatures, the eIDAS Regulation (Regulation (EU) No. 910/2014) also prescribes specific requirements for the FES to ensure its security and legal validity. These include:
Thanks to these requirements, the FES offers a high level of security without compromising on flexibility and user-friendliness. It is an efficient solution for companies and private individuals to sign digital documents quickly and securely.
The advanced electronic signature is ideal for cases in which legal security is important but no legal written form is required. It enables the signatory to be clearly identified, which strengthens the probative value in the event of a dispute. In addition, the FES guarantees the integrity of the document by ruling out subsequent changes. This makes it suitable for contracts where protection against manipulation is required, but not the highest security level of the qualified electronic signature (QES). Typical areas of application include
In these cases, FES offers a reliable, legally secure solution without the complexity of the qualified electronic signature (QES).
An advanced electronic signature (AES) is created in a few clear steps that are easy to understand for both companies and private individuals. The signature software ensures that the signed document remains secure and authentic. Here is an overview of the process:
1. prepare the document
First,the document to be signed is prepared and transferred to the signature software. This integrates the necessary signature keys and prepares the authentication.
2. identity check
To ensure that the signature can be clearly assigned to the signatory, the identity is verified. This is often done using a simple authentication method, such as verifying a cell phone number. The signatory receives an SMS code that confirms that the signature is legitimately assigned to this person.
3. technical encryption
The document is encrypted in the background with a unique signature key, which ensures that it remains unchanged after signing. A hash algorithm generates a unique character string so that even the smallest subsequent changes to the data are recognized and manipulations are detected.
4. visible signature
An image of the signature is often inserted for the signatory, giving the document a visual signature. However, this image is for visualization purposes only and has no legal significance. The actual, legally binding part of the signature is the digital encryption in the background.
5. audit trail
An audit trail is also created that documents the entire signature process without any gaps. This audit trail contains all relevant information - from the authentication of the contracting party to the linking of the signature with the document, making the FES and process traceable and contractually secure at all times.
6. sending the document
After successful signing, the encrypted document is forwarded to the recipient together with the certificates. These certificates enable the recipient to verify the authenticity and integrity of the signature.
1. decryption with the public key
The recipient uses the public key to decrypt the encrypted signature. This restores the original character string created by the hash algorithm.
2. application of the hash algorithm
The recipient encrypts the received document with the same hash algorithm that was used to create the signature. This generates a new character string.
3. comparison of the character strings
The two character strings - the decrypted one and the newly generated one - are now compared. If they match, it is guaranteed that the document is unchanged and the signature is authentic.
This process ensures that the document remains unchanged and can be clearly assigned to a signatory. The advanced electronic signature therefore offers a legally recognized, secure and efficient way of signing digital documents and preventing tampering.
The advanced electronic signature offers a high level of security, in particular through the ability to uniquely identify the signatory. Various authentication methods are used to ensure that the signature is assigned to the correct signatory without unnecessarily complicating the process. The most common identification methods are as follows:
These authentication procedures ensure that the signature process remains secure and reliable without increasing complexity, as is the case with qualified electronic signatures (QES).
An audit trail is a chronological record of all important events and activities in the signature process, which makes it possible to trace the entire process exactly. It contains important information such as timestamps, the identity of the signatory and the actions performed. These records increase the evidential value of the signature as they make the entire process traceable. The data in the audit trail is stored securely and is only accessible to authorized persons, which protects the integrity of the information and prevents unauthorized access.
Despite the high security standards, e-signatures such as the FES involve certain risks. Identity fraud can become a problem if the identity verification is inadequate. In the event of a dispute, the probative value of the FES can then be contested, especially if there are doubts about the identity of the signatory or the integrity of the document.
Technical security gaps and inadequate data protection can also jeopardize the validity of the advanced electronic signature. For example, if a signature service uses insecure encryption methods or inadequate authentication processes, the signature can easily be manipulated or misused. The handling of sensitive data, such as biometric information, also places high demands on data protection. Companies and private individuals should therefore only use certified signature services that meet the strict requirements of the eIDAS Regulation to ensure that the integrity and authenticity of the signature are maintained.
Overall, FES offers a reliable and largely secure solution for many applications, but the selection of identification methods and security measures should always be carefully tailored to the respective risk.
Imagine quickly signing a contract on your tablet with a pen. The signature appears directly on the screen and you might think that this is equivalent to a handwritten signature. But the question arises: is this a simple electronic signature, an advanced electronic signature or something else?
In this case, biometric data are individual characteristics that can be captured when using devices such as tablets and pens. This includes pressure, speed, movement patterns and even the accelerations and decelerations when signing. This data makes the signature unique and difficult to imitate, as it reflects the personal characteristics of the signatory.
Biometric data captured by input devices using a "tablet pen" could theoretically be used to generate an advanced electronic signature. Biometric features such as pressure and movement patterns offer an additional level of authenticity as they capture individual writing habits.
However, for such a signature to be considered FES according to eIDAS, the following requirements must be met:
Since devices such as a pen are not certified as qualified signature creation devices (QSCDs), they are often only a simple electronic signature, unless the captured data is integrated into a certified signature process.
That's why most people fall back on the already mature, advanced electronic signature.
The advanced electronic signature has become an integral part of everyday business life. It offers a flexible, efficient and legally compliant way of concluding contracts digitally without having to go through time-consuming identification processes. For companies and private individuals who regularly manage and sign contracts, it is essential to use reliable tools.
This is where ContractHero comes into play - a powerful Contract Lifecycle Management (CLM) tool that not only facilitates the creation and management of contracts, but also offers seamless integration of FES and QES . With ContractHero, contracts can be signed directly after creation with either the advanced electronic signature or the qualified electronic signature, in full compliance with the strict requirements of the eIDAS regulation. In addition, ContractHero goes one step further than many other providers with its own ISO 27001 certification , which guarantees the highest data security standards.
Another highlight of ContractHero is its contract management. The tool not only offers simple signature processes, but also supports the subsequent auditing and traceability of contracts, making it an indispensable tool for companies that want to ensure legally compliant and efficient processes.
Forfurther information please visit our homepage.
You may also be interested in...
Contract automation: How modern technologies are revolutionizing the process
Recognizing and avoiding contractual risks: What to look out for?
Drawing up a contract: Challenges & solutions