- SES is legally valid under eIDAS — but has no encryption, no identity check, no tamper protection.
- The price gap between SES and AES is tiny. The security gap is enormous.
- SES is fine for internal approvals. It is not fine for contracts that might ever be disputed.
- swipesign does not sell SES on purpose — it creates downstream problems for customers.
Simple Electronic Signature (SES) is the security theater of the digital age. It looks official because it's electronic and it's signed. It feels legitimate because you're using a digital signature tool. But technically, it's just proof that someone probably clicked something, maybe. That's it. That's the entire guarantee.
What Simple Electronic Signature actually is
SES is the bare minimum. Under the eIDAS Regulation, it's technically legally valid. But legal validity and actual security are not the same thing.
Here's what you get: a name, probably. A timestamp, maybe. Some kind of proof that the document exists in a certain state at a certain moment. That's the entire package.
- • No identity verification — the signer could be anyone.
- • No encryption — the document travels in plain text.
- • No tamper protection — the contract can change, the signature stays.
- • No meaningful auth — usually just a typed name or an “I agree” click.
Compare this to Advanced Electronic Signature (AES), which requires qualified certificates, encryption, identity verification, and tamper protection — or Qualified Electronic Signature (QES), which requires government ID verification and operates under regulatory oversight.
“SES isn't a lighter version of security. It's the absence of security dressed up in the language of digital signing.”
The encryption problem
Let's get specific about why SES is basically email.
When you send a contract via email, it travels through internet infrastructure that could be inspected, copied, or altered at multiple points. The recipient has no way to confirm it wasn't modified in transit. They just have to trust that it arrived unchanged.
SES offers the same guarantee. Which is to say, no guarantee. The document isn't encrypted. It's not cryptographically bound to the signer. It's just sitting there, and anyone in a position to intercept it can read or change it.
The identity verification problem
Email has the same identity problem. You get a message from someone@company.com. But did you really get it from someone at that company? Or did someone spoof the address?
SES operates the same way. Someone types a name or email. Is it actually them? Nobody verified it. No system checked anything.
When SES is almost acceptable
There are situations where SES is fine — because you're not really relying on the signature for security. You're using it for workflow or documentation purposes.
- 1Internal approvals within your own organization
Everyone is your employee or contractor. The signature is documentation that someone clicked “I approve.” You can cross-check browser logs, IP, or just call them.
- 2Trivial administrative sign-offs
Acknowledging a policy. Confirming receipt of a document. Internal process changes. If the stakes are zero, SES is fine.
- 3Parties with an established history of trust
A long-term vendor signing a routine renewal. If fraud is unlikely anyway, SES adds documentation without adding much risk.
That's it. Everything else either needs AES — or should use physical signatures with witnesses.
The cost trap
Most SES providers charge per signature. Not nothing, but not much. A few cents, maybe a few euros at the high end. Vendors pitch it as the budget option.
But here's the math that gets ignored: you're paying the same or nearly the same price as AES. AES might be five to ten times more secure, but it costs maybe ten to twenty percent more per signature. The cost difference is measured in loose change.
“You're paying for security theater instead of actual security — for almost the same money. That's not budget optimization. That's buying the wrong product.”
Why swipesign skips SES on purpose
We deliberately skip SES entirely. We don't sell it. We don't offer it as an option. We don't position it as “the budget tier.”
Because SES creates problems downstream. Someone signs something with SES thinking they've got a legally binding signature. They haven't. They've got documentation that someone probably clicked something. If they ever need to enforce it, they're in trouble.
The honest assessment
If you're paying for digital signatures and someone's offering you SES, you're being sold something designed to look secure while providing almost no actual security. It's like paying for an alarm system that only turns on a light when you press the button. Technically a signal, functionally useless.
Most business contracts need AES minimum. Some need QES. Nobody actually needs SES except in situations where physical signatures or email would work just fine anyway.
Don't be the company that gets sued over a contract signed with SES and discovers that the signature you thought was legally binding is basically proof you got an email. Get at least AES. Get actual security. The cost difference is negligible. The difference in outcome when things go wrong is enormous.
Skip the theater. Use AES or QES from day one.
swipesign gives you real identity verification, encrypted signatures, and tamper-proof audit trails — at a price that makes SES look silly.