eIDAS defines three levels of electronic signatures. Each has different legal standing, security, and cost. Most businesses over-buy QES when AdES would suffice — or under-buy SES when they need more.
* AdES is court-admissible with strong evidentiary weight under eIDAS non-discrimination principle. Courts cannot reject it solely for being electronic. QES adds automatic presumption of validity — useful, but rarely legally required.
Every AdES is backed by a passport-verified identity — NFC chip data, biometric face match, cryptographic key. Not a DocuSign click. Not a typed name. A provable commitment by a verified person.
QES requires an EU-recognized QTSP — effectively limiting it to EU signers. IdentiGate AdES works for any passport holder worldwide. A Turkish driver, a Moroccan supplier, a Brazilian partner — all can sign.
The user's private key is split between their device and our servers. Neither side can sign alone. "I didn't sign that" becomes cryptographically impossible to claim if both halves were activated.
Every signature includes a qualified timestamp and a sealed evidence record: who signed, what version, when, from which device. Court-ready chain of evidence that travels with the document.
Sign PDFs (PAdES), XML (XAdES), any binary (CAdES), or create standard EU containers (ASiC-E). Long-term validation (LTV) data embedded for verification years later.
Your platform triggers signing via API. The user confirms with PIN2 on their device. You receive the signed document with embedded certificate and timestamp. No redirect, no separate app needed.
The user already has an IdentiGate identity (one-time setup, 90 seconds). Signing is the same credential — different PIN.
Your platform calls the IdentiGate API with the document hash (or full document). The API creates a signing request linked to the user's verified identity.
The user's IdentiGate app shows what they're signing, who's asking, and the document details. The user reviews and confirms with PIN2 — the signing PIN.
Both key halves combine to create the cryptographic signature. A qualified timestamp is applied. OCSP confirms the certificate was valid at the moment of signing. Evidence record is sealed.
Your platform receives the signed document with embedded AdES signature, X.509 certificate, timestamp, and OCSP response. Court-ready. Verifiable. Tamper-evident.
Click-to-sign platforms (DocuSign): fast and easy, but legally weak. No verified identity behind the signature. Essentially SES level — the signer could be anyone with access to the email.
National eID solutions: QES with strong identity — but each works only in its own country. A Belgian can sign with their eID, a Swede with theirs. A Turkish driver? No option.
IdentiGate: passport-backed AdES that works for anyone from 179 countries. Stronger than click-to-sign (real identity, real crypto). More global than any national eID (not limited to one country's citizens).
Same integration, same user credential. Your users verify once, then authenticate with PIN1 and sign with PIN2. No separate signing vendor.
Same REST API as identity and authentication. Add signing to your existing IdentiGate integration with minimal additional code. Sandbox available.
Pay per signature. No setup fees, no license costs. The same pricing model as verification and authentication. Predictable, scalable.
PAdES (PDF), CAdES (binary), XAdES (XML), ASiC-E (container). OCSP + timestamp included. Long-term validation embedded.
20-minute demo: see passport-backed AdES signing — live, from a real device, across borders.