FAQEU eIDAS

QES vs AdES under the EU eIDAS Regulation

A qualified electronic signature is not a separate technology from an advanced electronic signature: under eIDAS, a QES is an AdES plus a qualified certificate for electronic signatures and a qualified electronic signature creation device.

Use this page to separate the legal effect, certificate and QTSP checks, QSCD evidence, and validation records that make the difference defensible for relying parties and audit reviewers.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Questions
3

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Under eIDAS, every QES must first satisfy the AdES requirements: it must be uniquely linked to the signatory, identify the signatory, use signature creation data under the signatory's sole control with a high level of confidence, and make later changes to the signed data detectable. QES adds two qualification layers: the signature must be based on a qualified certificate for electronic signatures issued by a qualified trust service provider, and it must be created by a qualified electronic signature creation device.

Side-by-side comparison

QES vs AdES under eIDAS: practical differences

Use this comparison to decide whether the record needs only AdES evidence or the additional qualified certificate, QTSP, QSCD, and validation evidence needed for QES.

Review all sources
First framework
Qualified electronic signature (QES)

An advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures.

Second framework
Advanced electronic signature (AdES)

An electronic signature that meets Article 26's requirements for signer linkage, signer identification, signer-control of creation data, and detectable changes to signed data.

Comparison row 1

Scope boundary

Qualified electronic signature (QES)

Has the equivalent legal effect of a handwritten signature under eIDAS Article 25.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

Cannot be denied legal effect or admissibility only because it is electronic or not qualified, but it does not receive automatic handwritten-signature equivalence under Article 25.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

Use QES where handwritten-signature equivalence is required; use AdES where the legal need is strong electronic evidence assessed in context.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 2

Covered actors

Qualified electronic signature (QES)

Requires a qualified certificate for electronic signatures issued by a qualified trust service provider, and the trusted-list record should support that status.

Regulation (EU) No 910/2014 (eIDAS)Sources 1Commission Implementing Decision (EU) 2015/1505 on trusted listsSources 2
Advanced electronic signature (AdES)

May use certificates and trust services, but AdES status alone is not proof that the certificate is qualified or that the provider has qualified status for that service.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

For QES, validate QTSP and qualified-certificate status from trusted-list evidence; for AdES, keep certificate and identity evidence without overstating qualified status.

Commission Implementing Decision (EU) 2015/1505 on trusted listsSources 1
Comparison row 3

Trigger

Qualified electronic signature (QES)

Requires creation by a qualified electronic signature creation device. Remote QSCD management must be performed as a qualified service by a qualified trust service provider.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

Requires creation data that the signatory can use under sole control with a high level of confidence, but Article 26 does not require a QSCD.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

QES evidence must include QSCD or remote QSCD support; AdES evidence should focus on signer control and integrity without claiming device qualification.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 4

Core obligations

Qualified electronic signature (QES)

The validation process must confirm certificate qualification, QTSP issuance, certificate validity at signing, matching validation data, signatory data, pseudonym indication if used, QSCD creation, signed-data integrity, and Article 26 compliance.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

The evidence should prove Article 26 requirements and, if the signature is based on a qualified certificate, the separate Article 32a validation conditions for that middle category.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

A QES validation report should be retained with trusted-list, certificate, revocation, QSCD, and signed-data-integrity evidence; AdES records should not omit signer identity, signer control, and tamper-detection evidence.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 5

Evidence record

Qualified electronic signature (QES)

Classify as QES only when the evidence proves AdES requirements, qualified certificate status, QTSP issuance, QSCD creation, and a valid QES validation result.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

Classify as AdES when the evidence proves Article 26 requirements but the record does not prove every qualified certificate, QTSP, QSCD, and QES validation condition.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

Use the lowest accurate label. Calling an AdES a QES creates a certificate, provider-status, device, and validation-evidence gap.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 6

Validation timing

Qualified electronic signature (QES)

QES validation is time-sensitive: the record has to prove qualified status at the time of signing, not just at review time.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

AdES review focuses on whether the Article 26 conditions were met at signing; there is no QES-only timing layer to prove.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

Keep timestamps, revocation evidence, and validation output for QES. For AdES, keep enough evidence to show the Article 26 conditions at the signing moment.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 7

Legal effect and admissibility

Qualified electronic signature (QES)

Receives the equivalent legal effect of a handwritten signature.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

Stays admissible as evidence, but it does not get handwritten-signature equivalence by itself.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

Treat QES as the higher legal-effect label. Treat AdES as the evidence-based option unless a rule specifically asks for qualified status.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 8

Overlap and reuse

Qualified electronic signature (QES)

A valid QES record normally already contains the proof needed to satisfy the AdES baseline.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

An AdES record does not automatically prove the extra qualified certificate and QSCD layers required for QES.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

Reuse QES evidence when you only need AdES proof, but do not upgrade an AdES label to QES without the extra qualified-status evidence.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Comparison row 9

Practical decision rule

Qualified electronic signature (QES)

Choose QES when the request or rule calls for handwritten-signature equivalence or when the file must prove qualified status end to end.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Advanced electronic signature (AdES)

Choose AdES when the business or legal need is strong electronic evidence, but qualified-status proof is not required.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Operational implication

Start from the legal requirement, then label the signature at the lowest level that the evidence supports.

Regulation (EU) No 910/2014 (eIDAS)Sources 1
Practical decision rule

How should teams decide between QES and AdES labels?

  • Start with the legal or contract requirement: does it require handwritten-signature equivalence, qualified status, or only reliable electronic evidence?
  • If QES is required, collect the validation report plus evidence of qualified certificate status, QTSP issuance, certificate validity at signing, revocation status, QSCD support, and signed-data integrity.
  • If AdES is sufficient, retain signer identity, authentication, signer-control, intent, audit-log, and tamper-detection evidence, and avoid qualified-status claims unless they are independently proven.
  • Escalate any vendor statement that says QES without showing the qualified certificate, trusted-list status, QSCD evidence, and Article 32 validation result.
Regulation (EU) No 910/2014 (eIDAS)Sources 1
Search this module

Find a question or answer quickly

3 of 3 questions
Question 1

What is the practical difference between a QES and an AdES under eIDAS?

An AdES is the eIDAS signature level defined by the four Article 26 requirements: signer linkage, signer identification, signer-control of creation data, and data-integrity linkage. It can be strong evidence, but eIDAS does not give it automatic equivalence to a handwritten signature.

A QES is an AdES that also uses a qualified certificate for electronic signatures and a qualified electronic signature creation device. eIDAS Article 25 gives a QES the equivalent legal effect of a handwritten signature, while any electronic signature remains admissible and cannot be rejected only because it is electronic or not qualified.

  • Use AdES language when the evidence question is whether the signer can be identified, the signature is linked to the signed data, and later changes are detectable.
  • Use QES language only when the record proves the qualified certificate, the qualified trust service provider, the qualified creation device, and the Article 26 AdES requirements.
  • Do not call a signature QES merely because it uses a digital certificate, a strong login, an audit trail, or a vendor label.
Citations
Question 2

What must be checked before relying on QES status?

For QES, the signature validation record should prove more than successful cryptographic verification. It should show that the supporting certificate was a qualified certificate at the time of signing, that it was issued by a qualified trust service provider and valid at that time, that the validation data matched what was provided to the relying party, and that the signed data's integrity was not compromised.

Trusted lists matter because eIDAS requires Member States to establish, maintain, and publish trusted lists with information about qualified trust service providers and their qualified trust services. The trusted-list interpretation rules also explain how qualified certificate and QSCD-related status can be represented through service entries, certificate statements, and qualifications.

  • Keep the signed object or detached signed data with the exact signature package that was validated.
  • Keep the validation report showing the result, validation time or best-signature-time, certificate chain, revocation status, and security-relevant warnings.
  • Keep evidence that the certificate was qualified for electronic signature, issued by a QTSP, and valid at the time of signing.
  • Keep evidence that the signature was created by a QSCD or remote QSCD service where QES status is claimed.
  • Keep the trusted-list or LOTL evidence used to establish the QTSP, qualified service, certificate, and QSCD status.
Citations
Question 3

When is AdES enough, and when should a team require QES?

AdES may be enough where the applicable contract, service design, risk analysis, or law only requires strong evidence of signer identity, signer control, and document integrity. eIDAS preserves the admissibility of non-qualified electronic signatures, but their probative value is assessed from the evidence around the transaction.

Require QES when a law, public-service requirement, customer mandate, procurement clause, or organization risk decision specifically requires qualified status or handwritten-signature equivalence. In that case, a normal AdES audit trail is incomplete unless it also proves the qualified certificate, QTSP, QSCD, and validation conditions.

  • For AdES, document the identity proofing and authentication method, signer intent, signer-control evidence, signed-data hash or signature linkage, and tamper-detection result.
  • For QES, add qualified certificate details, QTSP/trusted-list status, QSCD or remote QSCD evidence, certificate validity or revocation status at signing, and the qualified validation result.
  • For advanced signatures based on qualified certificates, do not assume QES: eIDAS Article 32a has validation requirements for that middle case, but it lacks the QSCD requirement that distinguishes QES.
Citations
Regulation (EU) No 910/2014 (eIDAS)

Article 25 preserves admissibility for electronic signatures generally, Article 32 validates QES, and Article 32a covers AdES based on qualified certificates.

Recommended next step

Build a QES or AdES evidence record that reviewers can rerun

Sorena can help convert the eIDAS distinction into a cited signature policy, validation checklist, supplier evidence request, and record-retention format for your signing workflow.

Research workflow
Open Research Copilot for eIDAS

Ask cited questions about QES, AdES, QTSPs, trusted lists, QSCD evidence, and validation records using the sources on this page.

Explore next step
Talk to Sorena
Talk through implementation

Review your signature levels, vendor evidence, validation reports, and retention approach with Sorena.

Explore next step
Primary sources

References and citations

European Commission eSignature building block
ec.europa.eu
Referenced sections
  • Identifies Commission eSignature resources, including the eIDAS Dashboard, Trusted List Browser, and validation tooling for signature verification work.
"creation and verification of electronic signatures"
Related guides

Explore more topics

eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services
Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence.
eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes
Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks
Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties
Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties
Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
eIDAS electronic signatures: SES, AES, QES legal effect and evidence
A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records.
eIDAS penalties and fines for trust service providers
Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
eIDAS QES validation checks for relying parties
How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
eIDAS Qualified Trust Services: QTSP Selection
How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
eIDAS remote signature and cloud HSM controls for QTSPs
Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
eIDAS signature legal effect selector: SES, AES, AES-QC, or QES
Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer
Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
eIDAS trusted list validation: LOTL, QTSP status, and evidence
How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws
Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements
Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations
Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations
Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation
Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates
A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks
What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.
EU eIDAS checklist for signatures, trust services, and wallets
Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation
FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
EU eIDAS QTSP authorization and supervision guide
How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence
Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence
Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence
How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties.
EUDI Wallet readiness for service providers under eIDAS
Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
EUDI Wallet Relying Parties under eIDAS
What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
EUDI Wallet Relying Party Onboarding Workflow under eIDAS
A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
EUDI Wallet Relying Party Registration Under eIDAS
What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
EUDI Wallet Technical Architecture Guide under eIDAS
Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
QWACs under eIDAS: website authentication certificates
A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs
A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations.
What is a qualified trust service provider under eIDAS?
How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.
What is a QWAC under the EU eIDAS Regulation?
Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.