Addo Sign and eIDAS: Secure digital signatures in compliance with EU legislation

Digital transactions and remote collaboration have become a regular part of daily operations for both private and public organizations. To ensure that these interactions are secure and legally compliant, the eIDAS Regulation – Electronic Identification, Authentication and Trust Services – plays a crucial role. It establishes the legal framework for electronic signatures in the EU and ensures that digital signatures carry the same legal weight as handwritten ones.

eIDAS was adopted by the European Parliament and Council as a common standard for electronic identification and trust services across EU member states. This means that an electronic signature valid in one EU country must be recognized in all other member states.

In 2024, the regulation was expanded with eIDAS 2.0, which introduces the European Digital Identity – the European Digital Identity Wallet (EUDI Wallet). This digital wallet aims to make it easy for citizens and businesses to identify themselves and securely share documentation across borders. Addo Sign closely monitors developments and continuously ensures that the solution complies with both current and upcoming requirements under the eIDAS regulation.

Three types of electronic signatures under eIDAS

The eIDAS Regulation defines three different types of electronic signatures, each with a different level of security and legal validity. The choice of signature type depends on the nature of the document, requirements for identity verification, and the need for evidence in case of a dispute.

Electronic Signatures (SES)

An Electronic Signature – also known as a Simple Electronic Signature (SES) – refers to any electronic method by which a person indicates their intent to sign a document. For example:

Inserting an image of a signature into a document
Typing a name using a mouse or keyboard
Ticking a checkbox in a digital form

There are no specific requirements for identity verification or advanced security measures. Therefore, this type of signature does not in itself guarantee the signer's identity or the integrity of the document. The document may be altered afterward without necessarily being detected.

When is SES used?
For informal agreements or internal documents where the burden of proof is low. SES is not recommended for sensitive or legally complex agreements.

Advanced Electronic Signatures (AES)

An Advanced Electronic Signature offers a higher level of security and meets specific requirements under the eIDAS Regulation. An AES:

Is uniquely linked to the signer
Allows identification of the signer
Is created under the sole control of the signer
Ensures that any subsequent changes to the document can be detected

Advanced signatures use approved ETSI standards recommended by the European Commission:

PAdES – for PDF documents
XAdES – for XML-based data
CAdES – for emails and binary files

In Addo Sign, secure eID solutions such as MitID, MitID Business, BankID Sweden, BankID Norway, Freja eID, and the Finnish Trust Network are used to validate the identity of the signer.

When is AES used?
For legally relevant documents, contracts, consent declarations, and sensitive information where evidentiary value is important – but where a qualified signature is not required.

Qualified Electronic Signatures (QES)

A Qualified Electronic Signature represents the highest level of digital signing under eIDAS and is the only signature type that is automatically equivalent to a handwritten signature across the EU and EEA.

A QES is an advanced signature that:

Is based on a qualified certificate issued by an approved Qualified Trust Service Provider (QTSP)
Is created using a Qualified Signature Creation Device (QSCD)

When is QES used?
For documents subject to specific statutory requirements or very high evidentiary standards, such as certain official declarations, land registrations, or regulated processes.

Addo Sign and eIDAS

Addo Sign supports Simple Electronic Signatures (SES) and Advanced Electronic Signatures (AES) in accordance with the eIDAS Regulation.

The solution is designed to ensure strong evidentiary value, document integrity, and full traceability throughout the signing process. When using Advanced Electronic Signatures, the requirements for identification and protection against subsequent modification are fulfilled.

Addo Sign does not support Qualified Electronic Signatures (QES). For the vast majority of commercial and legally relevant use cases, AES is fully sufficient and legally recognised under eIDAS.

When eIDAS certificates are applied, Addo Sign uses the Italian company InfoCert as certification provider. InfoCert is an EU-approved Qualified Trust Service Provider (QTSP) and is listed on the official EU Trusted List.

Addo Sign itself is not a QTSP and therefore does not appear directly on national trusted lists. Certification services are provided through InfoCert in accordance with EU regulation.

By combining modern technology, strong encryption, and identity verification, Addo Sign delivers a secure, reliable, and legally compliant solution within SES and AES.