Digital Signature vs. Electronic Signature: When to Use Each
Believe it or not, there are meaningful technical and legal differences between digital signatures and electronic signatures. In fact, understanding the distinctions could be crucial to ensuring the legality of your business documents.
Both electronic signatures and digital signatures have unique requirements for certification and their uses in legally binding documents. Here’s what you need to know.
This blog post is offered for general information purposes only. It does not constitute, and is not a substitute for, legal advice.
Digital signature vs. electronic signature
In the simplest terms, think of digital signatures as a specific type of signature within the category of electronic signatures. You could also think of electronic signatures as the least formal and quickest e-signatures to generate, while digital signatures are types of signatures that are more secure but require more steps to create.
Here are the differences in more detail.
Electronic signatures
The European Union defines electronic signatures very broadly as “data in electronic form, which are attached or logically associated with other data in electronic form and which the signatory uses to sign.”
In the U.S., the ESIGN Act defines an electronic signature as an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
In many documents signed electronically today, there is a section much like a paper equivalent where a document reviewer can sign their name (or indicate the equivalent), signifying that they agree to the contents of the document and any legal duties placed on them within it.
The main appeal of e-signatures is that they’re fast and easy to use. However, they don’t require the same technical specifications or verification steps that digital signatures do.
Electronic signatures are very commonly used in both informal and highly formal documents, from service contracts to offers of employment to online purchases and invoices and beyond. The DocuSign eSignature is an example of an electronic signature.
Digital signatures
Digital signatures are a specific type of electronic signature based on a technology called Public Key Infrastructure, or PKI. PKI is a format that provides high security by requiring the use of digital certificates and cryptographic keys when creating digital signatures.
To comply with PKI, every digital signature requires a pair of digital keys, one public and one private, that are created, conducted, and saved securely. Only the document’s signer has access to the private key, while anyone who needs to verify the signer’s signature uses the public key to do so.
There are two main types of digital signatures, as defined by the European Union’s regulation 2014/910, or eIDAs: Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES).
AES
AESs add an identity verification requirement on top of a traditional electronic signature. Signatures must be uniquely linked to, and capable of identifying, the signer. In the event of a dispute involving an AES, the burden of proving the validity of the signature lies with the signer.
QES
QESs require face-to-face identity verification in person, or via an audio/video connection, coordinated by an approved authority. Of the three types of eSignature, QUEs are the most secure. While QES has a special legal status in the EU, all three electronic signature levels ensure that the legal effect and the admissibility of the electronic signature can’t be refused just because the signature is in electronic form.
Digital signatures like these are most commonly used in situations requiring a high level of security and regulatory compliance to manage sensitive information, such as collecting evidence for court cases, conducting clinical research, or documents requiring specialized reviews and seals of approval.
DocuSign offers various digital signature solutions for all levels of eIDAs certification, from traditional electronic signatures to QESs.
When to use each type of signature
Electronic signatures
Electronic signatures are appropriate for most use cases, including internal documents, most business-to-consumer transactions, and agreements with existing partners or signers.
AES
The major difference between AESs and e-signatures is that an AES requires the signer to provide proof of identity when they sign the document. This could be an electronic ID, photo of their passport, identity card, or driver’s license.
AESs are best used for documents of intermediate security needs. They’re commonly used for employment contracts, bank documents, and one-time passwords sent via text or email for log-in verification. AESs provide more security and verification than standard e-signatures, but without taking too much more time to assemble.
QES
Unlike the other forms of e-signatures, only official Trust Service Providers (TSPs) and Certification Authorities that are pre-approved and certified by eIDAS can legally create QES certificates.
You will also need to schedule a face-to-face or video verification appointment with the signer before you will be granted QES signatory capability. Once the TSP or CA verifies the identity of the signer, they provide the signer with a unique PIN code to create two-factor authentication.
QES is the gold standard of digital documentation and signature security. It is most commonly used for major business deals such as commercial contracts, sales agreements, and mortgage documents, especially in industries that have heavy regulation and security standards.
No matter which kind of electronic or digital signature you require, DocuSign is ready to help.