EU Signature Levels (eIDAS) and eIDAS Seal – A Guide for Small Businesses

Electronic signatures are commonplace, but did you know there are three different signature levels in the EU? In this article, we’ll explain in plain language what the eIDAS regulation (EU's Regulation on electronic identification and trust services) means, how the signature levels differ, and what an eIDAS seal is. At the end, we’ll explain how EpicSign helps small business owners in practice.

What is eIDAS and why is it important?

eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation that creates uniform rules for electronic identification and electronic signatures in all EU countries. It entered into force in 2016 and was updated in 2024 (eIDAS 2.0). In practice, eIDAS means that an electronic signature made in Finland is also valid in Germany, Spain, or any other EU country. It builds trust and removes borders from digital transactions. For a small business owner, eIDAS is important because it clarifies what level of signature is needed in different situations and what legal protection it has.

The EU's Three Signature Levels

eIDAS defines three levels for electronic signatures. Each level provides a different strength of evidence of the signer's identity.

SES – Simple Electronic Signature

SES is the simplest level. It can be, for example, a name written in an email, an electronic checkbox, or a signature image. Identification is weak: the signer's identity is not separately verified.

Use cases: internal documents, low-risk agreements, order confirmations
Risk: easy to dispute who actually signed
Example: clicking a "Confirm my order" button in an online store

AES – Advanced Electronic Signature

AES requires that the signer is uniquely identified and the signature is linked to them in such a way that it cannot be altered afterwards. Identification can be done, for example, with bank IDs or a mobile certificate.

Use cases: contracts, proposals, employment contracts, customer agreements
Risk: low – strong connection to the signer
Example: a customer authenticates with bank credentials and signs an agreement in EpicSign

QES – Qualified Electronic Signature

QES is the strongest level. In EU legislation, it is equivalent to a handwritten signature. QES requires a certificate issued by a qualified trust service provider and a qualified signature creation device.

Use cases: real estate transactions, official procedures, high-risk agreements
Risk: very low – legally equivalent to handwritten
Example: a lawyer signs a document to be submitted to court with a QES certificate

Comparison table: when to choose which level?

Need	Recommendation	Why	Example
Internal acknowledgment or order confirmation	SES	Sufficient, fast, and affordable	Employee acknowledges reading instructions
Customer agreement or proposal	AES	Reliably identifies the signer	Customer signs a proposal with bank IDs
Employment contract or non-disclosure agreement	AES	Identification of both parties is important	A new employee signs an employment contract in EpicSign
Real estate transaction or official document	QES	Law requires the strongest level	Lawyer signs a document to be submitted to court
International agreement within the EU	AES or QES	EU-wide validity under the eIDAS regulation	Finnish company and Spanish partner sign a cooperation agreement

What is an eIDAS seal (eSeal)?

An eIDAS seal (electronic Seal, eSeal) is an organization's "digital stamp." It differs from an electronic signature in that a signature expresses a person's intent, whereas a seal confirms that a document originates from a specific organization and has not been altered.\n\nIn practice, an eIDAS seal is like a company's stamp in the digital world.

Use cases: invoices, reports, official notifications, mass documents
Benefit: automatically proves the origin and integrity of the document
Difference from signature: a seal does not require individual action – it can be automated

A small business can benefit from a seal, for example, when sending large quantities of invoices or reports and wanting the recipient to be able to verify that the document truly comes from that company.

Strong authentication in plain language

Strong authentication means that the signer's identity is reliably verified before signing. In practice, this usually means bank credentials, mobile ID, or a similar method.\n\nWhy is strong authentication important?

It significantly reduces the risk of misuse
It is difficult to dispute an agreement when the signer's identity has been verified
It is often a requirement for AES and QES level signatures
It increases trust among all parties involved

Example stories: eIDAS in practice

A three-person consulting firm in Tampere signs 10–15 client contracts monthly. Previously, contracts were printed, signed, and scanned back. With EpicSign, the company transitioned to AES-level electronic signatures: the client authenticates with bank IDs and signs the contract in minutes. Time savings: approximately 2 hours per week. A small online store uses SES-level signatures for order confirmations. The customer ticks a box to accept the terms and confirms their order electronically. This is sufficient for low-risk situations and does not require separate authentication.

EpicSign — in action

EpicSign supports strong authentication. Our service allows you to send agreements for signing, and the recipient authenticates reliably before signing.\n\nComing soon: Strong authentication for the Baltics and Nordic countries, and eIDAS seals. We are currently developing support for multi-country authentication methods and organization-level eIDAS seals.\n\nEpicSign is designed for small businesses: a clear user interface, no complex technical requirements, and pricing that scales with usage

Summary

The EU eIDAS regulation establishes clear rules for electronic signatures. The three levels (SES, AES, QES) meet different needs:

SES is sufficient for simple acknowledgements and internal documents.
AES is the best choice for most agreements and offers – with strong authentication included.
QES is the strongest level and is equivalent to a handwritten signature.
eIDAS seal automatically verifies the origin of an organizational document.

Frequently asked questions

What is the difference between SES, AES, and QES signatures?

SES is the simplest level (e.g., a name typed in an email). AES requires strong authentication, such as bank IDs. QES is the strongest level, equivalent to a handwritten signature, and requires a qualified certificate.

Does a small business need a QES signature?

Most often, no. Small businesses' standard agreements, offers, and employment contracts can be handled with the AES level. QES is mainly needed for official matters or when specifically required by law.

What is an eIDAS seal?

An eIDAS seal (eSeal) is an organization's digital stamp. It proves that a document originates from a specific organization and has not been altered. It differs from a signature in that it does not require an action by an individual person.

Does EpicSign support strong authentication?

Yes. EpicSign supports strong authentication, and we are currently developing support for Baltic and Nordic authentication methods and eIDAS seals.

Is an electronic signature legally valid in Finland?

Yes. According to the eIDAS regulation, an electronic signature cannot be denied legal effect in court solely on the grounds that it is in an electronic form. AES and QES levels offer stronger evidential value.

How do I choose the right signature level?

Assess the risk and value of the agreement. For internal documents, SES is sufficient; for customer agreements, AES; and for official documents or high-risk agreements, QES.