What is e-Signature? Legal frameworks & certification levels

Modified on Mon, 8 Jun at 7:00 PM

An electronic signature is a digital action — a click, a typed name, a drawn signature — that captures a person's consent to be bound by the content of a document.

E-signatures are legally recognized in most countries, but the rules vary by region. In the EU, the reference framework is eIDAS, which defines three signature levels with increasing security and legal weight.

The eIDAS framework

eIDAS creates a common standard for e-signatures across all EU member states. It distinguishes three levels — SES, AES and QES — based on how securely the signer's identity is verified. Most providers can offer SES and AES without formal accreditation. QES, however, requires the provider to be certified as a Qualified Trust Service Provider (QTSP) by a national authority (e.g. ANSSI in France).

Market ambiguity: The terms SES, AES and QES are frequently misused by providers — including well-known ones. Only QES is officially certified. AES is a technical standard, not an accreditation. Never promise "full eIDAS compliance" without specifying the level and context of use.

✨ E-signature around the world

Electronic signatures are also legally recognized in other countries, but frameworks vary by region. Here is an overview of the main standards outside the EU.

Region / Country	Legal Framework	Framework Approach	Key Notes
United States	ESIGN Act (2000) + UETA	Functional equivalence — no formal tiering. Any e-signature is valid if intent is proven.	Burden of proof falls on whoever challenges the signature. Some states have stricter rules for specific document types (wills, real estate).
United Kingdom	UK eIDAS	SES / AES / QES — same three-level structure as EU eIDAS.	Post-Brexit equivalent of EU eIDAS. No automatic mutual recognition with EU — an EU QES is not guaranteed to be accepted under UK law, and vice versa.
Switzerland	ZertES	SES / AES / QES — same three-level structure as EU eIDAS.	Closely mirrors eIDAS structurally, but no formal mutual recognition agreement with the EU. An EU QES is not automatically valid under Swiss law — cross-border use requires a provider certified under both frameworks.
Brazil / India	ICP-Brasil / IT Act DSC	Own tiering systems — not interoperable with eIDAS.	Brazil uses ICP-Brasil certificates (A1–A4). India uses Class 3 DSC only (Class 1 & 2 discontinued in 2021). Neither uses the SES/AES/QES nomenclature.
Rest of World	Functional equivalence	No formal tiering — any e-signature is valid if intent and identity can be proven.	Covers Australia, Singapore, Japan, Canada, UAE and most other jurisdictions. Audit trail quality is the primary legal protection. Local law governs what is acceptable.

⚠️ What this means for DiliTrust users: DiliTrust's e-signature framework is built around eIDAS, which covers EU only. For clients operating across multiple jurisdictions, an eIDAS-compliant signature may not automatically satisfy local legal requirements — each country applies its own rules. Always verify the applicable local framework or conduct a compliance review before standardizing on a single signature approach across regions.

Electronic signatures are a legal tool — choosing the right level for each document ensures your agreements are enforceable, wherever you do business. ✨