Why this is worth knowing
Electronic signing is not binary. It is not a choice between “legal” and “illegal”. EU Regulation 910/2014 (eIDAS), which is incorporated into Norwegian law via the act on electronic trust services, defines three levels of electronic signatures. Each level has a different degree of identity assurance, and each level has its place in law.
Which level is “right” for a document depends on what the law requires for that document type and on how much evidentiary weight the parties need if the signature is later challenged. The law rarely gives a single clear answer.
Simple Electronic Signature (SES)
The definition is in eIDAS article 3(10): data in electronic form which is attached to or logically associated with other data and which is used by the signatory to sign. That is a broad definition. A drawn signature in the browser, a typed name, a checked “I agree” box, or an email saying “OK” can all be SES.
The legal weight comes from article 25(1): an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures. In other words: a SES is not automatically invalid. It must be evaluated on the same footing as other evidence.
What article 25(1) does not say is just as important. It does not guarantee that a SES is binding in every situation. Sectoral law may require more (writing, witnesses, qualified eID), and a court still evaluates evidentiary weight on the facts of the case.
Advanced Electronic Signature (AES)
AES is defined in eIDAS article 26 and requires four cumulative criteria:
- (a) it is uniquely linked to the signatory,
- (b) it is capable of identifying the signatory,
- (c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control,
- (d) it is linked to the data signed in such a way that any subsequent change in the data is detectable.
Criterion (c), “sole control”, is why a stored eID certificate copy used without fresh user authentication does not produce an AES. Each AES signing must be done with fresh authentication of the signatory at that moment.
Different EU/EEA countries have different practical eID providers that can be used as part of an AES-capable service. In Norway this is commonly BankID; in Sweden it is BankID and Mobilt BankID; in Denmark it is MitID. There is no statutory requirement that AES must use a specific national eID. Any eID-backed signing service designed to satisfy the four eIDAS article 26 criteria can serve.
Qualified Electronic Signature (QES)
QES is an AES that is additionally based on a qualified certificate issued by a Trust Service Provider on the EU Trusted List, and which is created using a qualified signature creation device (eIDAS article 3(12), article 28 and Annexes I-II).
The legal effect is that a QES issued in one Member State has the equivalent legal effect of a handwritten signature and is recognized as a QES in all other Member States (article 25(2) and (3)). QES is the strongest level eIDAS defines.
QES is less common in everyday consumer use today. With the EU Digital Identity Wallet (eIDAS 2.0, Regulation 2024/1183), QES from a phone is expected to become more accessible to ordinary users in the coming years.
Side by side
| Property | SES | AES | QES |
|---|---|---|---|
| Identity assurance | Low | High (criteria a to d) | Highest (AES + qualified certificate) |
| Legal basis | eIDAS art. 25(1) | eIDAS art. 26 | eIDAS art. 25(2)-(3), 28, Annexes I-II |
| Typical providers | Drawn, typed or checkbox | eID-backed signing service | EU Trusted List provider |
| Signoo today | Yes, free in the browser | Not available in this release. No launch date is set. | Not available in this release. No launch date is set. |
What Signoo supports in your market today
Signoo currently supports drawn simple electronic signatures (SES) in the browser, available internationally. Advanced (AES) signing via eID-backed signing services is not available in this release. No launch date is set. The Norwegian market (signoo.no) is our primary product surface today. International markets receive drawn SES only.
What this means for you
The short answer is that the document type, the parties and the evidentiary need together determine which level is appropriate. A rental agreement between two private persons who agree on the content does not have the same requirements as a consumer credit agreement or a property deed.
If the document is important (if the value is high, if the consequences of a dispute are serious, or if sectoral law requires it), talk to a lawyer or a relevant industry body before choosing a level. The eIDAS levels are part of the picture, not the whole answer.