Today, as virtually every type of transaction moves online, from government records to corporate documents, electronic signatures are becoming the norm. Digital document signing eliminates the need for handwritten signatures, while increasing security and reducing costs. Plus, it saves time and leaves a smaller environmental footprint!
Traditionally an ink signature was used to show agreement, but electronic signatures can go further, adding security and trust by using cryptography to link the identity of a signer, cryptographically binding an electronic identity for an individual or organization to a document, and preventing anyone from tampering with the contents.
But in this brave new world of electronic signatures, not every type is created equally, and some are better for certain use cases. We’ll review what you need to know about this new type of signature today.
The requirements for electronic signatures (or e-signatures) come from the law, which lays out what is required for an online signature to have legal validity. In the United States, this is mainly found in the federal E-Sign Act or state implementations of the Uniform Electronic Transactions Act (UETA), and in Europe it’s the eIDAS.
Although the terms electronic signature (or eSignature) and digital signature are often used interchangeably, they are quite different. Under many laws, including the United States, the most basic eSignature can be “an electronic sound, symbol or process that is attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record”. An eSignature could include a photocopy of your handwritten signature, a typed or drawn signature, or even clicking an “I accept” button. You’ve likely used an eSignature when signing basic paperwork over email or on some web platforms.
Typically, a digital signature describes a more secure form of eSignature that uses encryption technology to ensure the following:
A digital signature ensures that a document cannot be changed without invalidating the signature, thus adding in higher security to an electronic signature and allowing digitally signed documents to be legally binding.
You should use a digital signature when you need more security — for example, for legal, healthcare or HR documents. Here are a few examples of how digital signatures are used in various sectors:
The most stringent global standards for digital signatures are the European Union eIDAS regulations, which outline three types of electronic signatures: Standard, Advanced and Qualified).
Standard Electronic Signatures (SES) are not necessarily digital signatures and they do not require user ID verification. They include scanned signatures and using an “I accept” button.
Advanced Electronic Signatures (AES) are the baseline for legally valid electronic signatures. They are uniquely linked to the signer, capable of identifying the signer, created under the signer's sole control with a high level of confidence; and reveal any subsequent change in the signed data.
Finally, eIDAS Qualified Electronic Signatures (QES) provide the highest legal backing for digital signatures. A QES is an AES that is created using a Qualified digital certificate issued by a Qualified Trust Service Provider (QTSP) like DigiCert+QuoVadis. QTSPs go through an accreditation and supervision process that is defined in eIDAS covering — among other things — security, user verification processes and protection of signer keys. Qualified signatures are necessary for documents that need high security such as property transfers, legal contracts, incorporations and many other corporate and government interactions.
Type of Signature
Advanced Electronic Signature (AES)
eIDAS Qualified Electronic Signature (QES)
An electronic signature can’t be denied legal effect or admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form.
Meets requirements defined in signature law for signer ID verification, control, security, and integrity.
Adobe Approved Trust List signatures are AES.
An Advanced signature created using a Qualified digital certificate issued by a Qualified Trust Service Provider (TSP) which is supervised and confirmed as accredited via an EU Trusted List.
Burden of proof remains with the signer.
Burden of proof remains with the signer, but the task is easier.
Legal nonrepudiation; the same legal value as a handwritten signature.
Burden of proof remains with a party that disputes the signature.
Verification of Signer Identity
Identity of the signer is verified.
Identity of the signer is reliably verified using methods audited for conformance to standards. Face to face or equivalent checks are required.
The signature must be uniquely linked to the signer.
High confidence that the signature is uniquely linked to the signer.
Control and Hardware Requirements
Creation of the signature must be under the sole control of the signer. The use of a Secure Signature Creation Device (SSCD) is required.
High confidence of sole control by the signer. The use of a Qualified Signature Creation Device (QSCD) is required.
Any subsequent change in the data is detectable after signature.
Any subsequent change in the data is detectable after signature.
The United States does not have an accreditation regime like Europe’s eIDAS; however, providers who can assert compliance with the Qualified standards are better equipped to provide the “burden of proof” to support electronic signatures.
eSignatures and eSeals are both electronic signatures; the difference is who is using them. The term eSignature is used when individuals are signing and includes the specific intent of “making an agreement.” Examples include signing a bank form, approving medical treatment or signing an agreement.
On the other hand, eSeal is used when organizations are signing. The difference is that an eSeal is intended to assert origin/legitimacy and integrity rather than agreement. eSeals are often seen in bulk signing cases like issuing diplomas, invoicing customers or other organizational needs.
As a globally trusted Certificate Authority (CA), DigiCert ensures that you or your organization is who you say you are. We’re a trusted service provider and can provide you with digital signature solutions that meet the highest EU and other legal standards along with dedicated local resources and expertise. Plus, no matter where you are in the world, with our decades of experience working with electronic signatures, DigiCert has a signing solution for your use case.
We’re also modernizing the way you can manage digital signing certificates with Document Trust Manager, an easy all-in-one solution for digital document signing. Document Trust Manager enables digital signatures that are compliant with stringent global standards, including EU eIDAS, Swiss ZertES, and the technical requirements of the Adobe Approved Trust List (AATL).
Plus, as a cloud solution, you have built in security and no need for any additional hardware. We can assist in enabling workflows or with mass signing use cases. Document Trust Manager even works with other signing systems such as Adobe Acrobat Sign, DocuSign and Ascertia SigningHub, creating a secure and auditable document signing process.