07-14-2021

Types of Electronic Signatures & When to Use Them

Stephen Davidson

Today, as virtually every type of transaction moves online, from government records to corporate documents, electronic signatures are becoming the norm. Digital document signing eliminates the need for handwritten signatures, while increasing security and reducing costs. Plus, it saves time and leaves a smaller environmental footprint!

Traditionally an ink signature was used to show agreement, but electronic signatures can go further, adding security and trust by using cryptography to link the identity of a signer, cryptographically binding an electronic identity for an individual or organization to a document, and preventing anyone from tampering with the contents.

But in this brave new world of electronic signatures, not every type is created equally, and some are better for certain use cases. We’ll review what you need to know about this new type of signature today.

Electronic signature vs digital signature

The requirements for electronic signatures (or e-signatures) come from the law, which lays out what is required for an online signature to have legal validity. In the United States, this is mainly found in the federal E-Sign Act or state implementations of the Uniform Electronic Transactions Act (UETA), and in Europe it’s the eIDAS.

Although the terms electronic signature (or eSignature) and digital signature are often used interchangeably, they are quite different. Under many laws, including the United States, the most basic eSignature can be “an electronic sound, symbol or process that is attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record”. An eSignature could include a photocopy of your handwritten signature, a typed or drawn signature, or even clicking an “I accept” button. You’ve likely used an eSignature when signing basic paperwork over email or on some web platforms.

Typically, a digital signature describes a more secure form of eSignature that uses encryption technology to ensure the following:

  1. The identity of the signer. Is the identity of the signer who we think they are?
  2. The integrity of the document. Has the document been altered or tampered with?
  3. The establishment of non-repudiation. Can the signature be attributed to the signer?

A digital signature ensures that a document cannot be changed without invalidating the signature, thus adding in higher security to an electronic signature and allowing digitally signed documents to be legally binding.

You should use a digital signature when you need more security — for example, for legal, healthcare or HR documents. Here are a few examples of how digital signatures are used in various sectors:

  • Human resources: employee or vendor on-boarding, acknowledgment statements and tax forms
  • Legal services: retention/fee agreements, confidentiality agreements, power of attorney agreements
  • Insurance: policy agreements, claim processing documents and policy renewal contracts
  • General corporate: master service agreements, sales contracts, non-disclosure agreements and vendor contracts
  • Finance: disclosure acceptances, wire transfers, loan applications and account openings
  • Procurement: supplier contracts, price quotes and purchase orders

Standard vs Advanced vs Qualified Electronic Signatures

The most stringent global standards for digital signatures are the European Union eIDAS regulations, which outline three types of electronic signatures: Standard, Advanced and Qualified).

Standard Electronic Signatures (SES) are not necessarily digital signatures and they do not require user ID verification. They include scanned signatures and using an “I accept” button.

Advanced Electronic Signatures (AES) are the baseline for legally valid electronic signatures. They are uniquely linked to the signer, capable of identifying the signer, created under the signer's sole control with a high level of confidence; and reveal any subsequent change in the signed data.

Finally, eIDAS Qualified Electronic Signatures (QES) provide the highest legal backing for digital signatures. A QES is an AES that is created using a Qualified digital certificate issued by a Qualified Trust Service Provider (QTSP) like DigiCert+QuoVadis. QTSPs go through an accreditation and supervision process that is defined in eIDAS covering — among other things — security, user verification processes and protection of signer keys. Qualified signatures are necessary for documents that need high security such as property transfers, legal contracts, incorporations and many other corporate and government interactions.

Type of Signature

Electronic Signature

Advanced Electronic Signature (AES)

eIDAS Qualified Electronic Signature (QES)

Requirements

An electronic signature can’t be denied legal effect or admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form.

Meets requirements defined in signature law for signer ID verification, control, security, and integrity.

Adobe Approved Trust List signatures are AES.

An Advanced signature created using a Qualified digital certificate issued by a Qualified Trust Service Provider (TSP) which is supervised and confirmed as accredited via an EU Trusted List.

Legal Validity

Burden of proof remains with the signer.

Burden of proof remains with the signer, but the task is easier.

Legal nonrepudiation; the same legal value as a handwritten signature.

Burden of proof remains with a party that disputes the signature.

Verification of Signer Identity

No requirements.

Identity of the signer is verified.

Identity of the signer is reliably verified using methods audited for conformance to standards. Face to face or equivalent checks are required.

Authenticity

No requirements.

The signature must be uniquely linked to the signer.

High confidence that the signature is uniquely linked to the signer.

Control and Hardware Requirements

No requirements.

Creation of the signature must be under the sole control of the signer. The use of a Secure Signature Creation Device (SSCD) is required.

High confidence of sole control by the signer. The use of a Qualified Signature Creation Device (QSCD) is required.

Data Integrity

No requirements.

Any subsequent change in the data is detectable after signature.

Any subsequent change in the data is detectable after signature.

The United States does not have an accreditation regime like Europe’s eIDAS; however, providers who can assert compliance with the Qualified standards are better equipped to provide the “burden of proof” to support electronic signatures.

eSignature vs eSeal

eSignatures and eSeals are both electronic signatures; the difference is who is using them. The term eSignature is used when individuals are signing and includes the specific intent of “making an agreement.” Examples include signing a bank form, approving medical treatment or signing an agreement.

On the other hand, eSeal is used when organizations are signing. The difference is that an eSeal is intended to assert origin/legitimacy and integrity rather than agreement. eSeals are often seen in bulk signing cases like issuing diplomas, invoicing customers or other organizational needs.

Why use DigiCert Document Trust Manager for your document signing

As a globally trusted Certificate Authority (CA), DigiCert ensures that you or your organization is who you say you are. We’re a trusted service provider and can provide you with digital signature solutions that meet the highest EU and other legal standards along with dedicated local resources and expertise. Plus, no matter where you are in the world, with our decades of experience working with electronic signatures, DigiCert has a signing solution for your use case.

We’re also modernizing the way you can manage digital signing certificates with Document Trust Manager, an easy all-in-one solution for digital document signing. Document Trust Manager enables digital signatures that are compliant with stringent global standards, including EU eIDAS, Swiss ZertES, and the technical requirements of the Adobe Approved Trust List (AATL).

Plus, as a cloud solution, you have built in security and no need for any additional hardware. We can assist in enabling workflows or with mass signing use cases. Document Trust Manager even works with other signing systems such as Adobe Acrobat Sign, DocuSign and Ascertia SigningHub, creating a secure and auditable document signing process.

Find out more at Document Trust Manager or email docsigning@digicert.com to get started.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

Why Matter needs to toughen up

National Cybersecurity Awareness Month:
October 2024