An Advanced Electronic Signature (AES) is a digital signature that meets specific legal and technical requirements, providing a higher level of security and identity assurance than a simple electronic signature (e.g. a typed name or scanned image of a wet signature).
There are three recognised tiers of electronic signature under UK law (derived from the EU eIDAS Regulation, retained as UK law post-Brexit):
| Type | Description | Example |
|---|---|---|
| Simple | Any data in electronic form attached to or logically associated with other electronic data | Typed name, email signature, ticked checkbox |
| Advanced (AES) | Uniquely linked to the signer, capable of identifying them, created using means under their sole control, and linked to the data so any subsequent change is detectable | Certificate-based digital signature with cryptographic verification |
| Qualified (QES) | An advanced signature created by a Qualified Signature Creation Device, based on a Qualified Certificate issued by a Qualified Trust Service Provider | eIDAS-compliant signature with EU-wide legal equivalence |
For a signature to qualify as advanced, it must satisfy four requirements:
Signer authenticates → Key retrieved from HSM → Cryptographic hash of document
↓
Hash signed with private key
↓
Timestamp from RFC 3161 TSA
↓
OCSP/CRL data embedded (LTV)
↓
PAdES-B-LTA compliant signed PDF
Prescriptions are legally significant documents. An AES provides: