01 August 2021
Once you make the decision to accept non-traditional handwritten signatures for your business documents, there is still some research to undertake. For a start, do you understand the finer points of the digital vs electronic signatures debate? This is a common problem for those who are just beginning to work with online signing and it is difficult to find a clear answer.
This article is here to let you know the difference between the two and how you can use these signatures to save time and money. You will also learn how to create an easy-to0retrieve audit trail that ensures you remain compliant with the eIDAS Regulation and European Union law at all times. Keep reading to find out everything you need to know about digital and electronic signatures.
Neither the EU’s eIDAS Regulation nor the ESIGN Act in the US, two major pieces of legislation regarding electronic signing, make any use of the term ‘digital signature’ at all. This is due to the fact that a digital signature is not a legal term, but rather a technical one. A digital signature is the mathematical algorithm that provides the digital thumbprint to identify the signer, whereas the actual signature itself is an electronic signature.
That being said, many people use ‘digital signature’ and ‘electronic signature’ interchangeably, which is where some of the confusion lies.
The Uniform Electronic Transactions Act (UETA) in the United States refers to a digital signature as one that uses “using public key encryption technology” to be able to identify the signer. That is the equivalent of an Advanced Electronic Signature (AES) or Qualified Electronic Signature (QES) as defined in eIDAS in the EU. The real difference is geography in this case.
The European Union Agency For Network And Information Security (ENISA) explains its definitions of the two terms when it says
“QES are implemented by means of asymmetric cryptography. With this technology, each signatory owns a key pair made of a private and a public key (the technology is called the public key cryptography) and the so produced electronic signatures are called digital signatures.”
Essentially, when we talk about companies in European Union member states using online tools to verify documents, we should use the phrase ‘electronic signature’ as that provides the more accurate description of what we are trying to achieve.
You can use electronic signatures for different types of document, dependent on the level of security you require. Here is a guide to potential uses of Simple Electronic Signatures (SES), AES and QES.
Type of Signature | Possible Uses |
SES – Any form of electronic mark with no need to verify the identity of the signer |
|
AES – Higher level of signer identification and ensuring the document can’t be changed after signing |
|
QES – Highest form of signer identification, backed by a certificate issued by a qualified trust service provider |
|
The key features of an electronic signature depend on the type of signature in question.
Type of Signature | Key Features |
SES (Sometimes known as a Basic Electronic Signature or BES) | Any kind of digital mark to indicate acceptance. This could be a scan of a wet signature, a recreation of a handwritten signature created on a computer program, an X typed in a box, your name typed out or anything else that serves to identify you. |
AES | To be seen as Advanced, the signature must have the following features:
|
QES | To be seen as Qualified, the signature must have all features of an Advanced signature and:
|
A QES works in this manner:
TSPs are also known as certificate authorities (CA) and must be recognised and qualified by their country’s government if they want to be included on that nation’s, and the EU’s, trusted list.
To ensure a compliant electronic signature for your documents, you should use an online digital signing solution such as Signhost by Evidos. This is how it works:
A QES has the same legal status as a handwritten signature on documents within the EU. The level of security is such that, if the signatory disputes the fact that it is their signature on the document, the burden of proof is on them to show that they did not, rather than on the party that instigated the document.
In addition, the eIDAS Regulation states that “an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.”
If both parties agree that an SES or AES will suffice for the purposes of an agreement between them, it can form an acceptable agreement. However, the issuer must consider that in a dispute they would need to prove the identity of the party who signed the document.
With a certificate-based digital signature like a QES, the certificate acts as a digital fingerprint to identify the signer as being the only person to have marked the document. They must verify themselves and then revalidate as they sign the document using the Public Key Infrastructure (PKI). This is why the EU bestows the same level of authority to a QES as a handwritten signature.
In terms of digital vs electronic signature, it is possible to see that a digital signature is essentially the technical term for the virtual fingerprint the signer leaves when they sign the document. If you are a business looking to use online technology to improve and streamline your processes, an electronic signature describes what you require. Signhost allows you to accept electronic signatures with ease and adheres to the identification methods favoured in all major EU markets. Try out Signhost for free here.
Want to know more?
Please contact us for more information. We’re always happy to answer your questions.