What is an electronic signature?
An electronic signature or e-signature is a technology that enables anyone to affix their signature electronically to an electronic document. The person thereby indicates intent to agree to the content of the contract to which the signature relates. Much in the same way a normal signature does on paper, an electronic signature provides identification, authenticity, finalization and intent. Legally speaking, there is no difference between a document signed by hand and a document signed electronically – they are legally equivalent. However, there are different types of electronic signatures in Europe, each with its own benefits and distinctive features.
Is a digital signature the same?
The terms electronic signature and digital signature are often used interchangeably, however, there is a key difference that sets them apart, yet paradoxically connects them. A digital signature is a highly secure way to implement an electronic signature. The digital variant encrypts the document and increases its security by preventing the possibility of tampering. Any attempt to make changes to the document will invalidate the signature.
An electronic signature on the other hand can best be pictured as the digitalization of the manual real-word signature. Simply put, digital signatures are a subset of electronic signatures with additional features most commonly used in contracts, legal documents, compliance forms and similar.
What types of signatures are there?
Electronic signature is not a fixed-term designating a specific type of signature. Rather, various signature types fall under the collective term. In general, the term e-signature describes the addition of electronic data to an electronic document. The European Union has sought to harmonize jurisdictions and establish a legal framework for the provision and effect of e-signatures with the eIDAS Regulation, which defines three levels of electronic signatures.
Following the United Kingdom’s withdrawal from the European Union the eIDAS Regulation was adopted into national law and as such any statements for the European Union are also true for the United Kingdom.
The simple electronic signature (SES) can be seen as the minimum requirement to guarantee identity. Its use is therefore concentrated on the authentication of the author of a message. As this form of e-signature is destined as a method of authentication, it cannot confirm the integrity of the message or any other property.
Due to its simple nature, it can, for example, also be a handwritten signature inserted as an image. The common e-mail signature, which is supposed to identify a signatory as an employee of a company or organization, is also considered as such.
Though the simple electronic signature is widely used for basic agreements, contracts and forms, verifying that the signatory was the one who signed it becomes troublesome. As long as both contracting parties agree to this form of signature, it is still legally valid. According to the eIDAS Regulation, the simple electronic signature must be accepted as evidence, or rather the free judicial assessment of evidence applies to it - it is therefore at the discretion of the judge whether to recognize it as sufficient.
The advanced electronic signature (AES) has four requirements that need to be met. Similar to the simple electronic signature the AES must be uniquely linked to the signatory and at the same time bring the capability of identifying the signatory.
In contrast to the simple electronic signature, the affixation of the signature to the document has to be created using electronic signature creation data, which the signer must use under his sole control. The fourth and last requirement touches on the subject of forgery.
The electronic signature on the document must be made in such a way that any subsequent changes can be traced. The eIDAS regulation speaks in legal terms and makes the AES sound like it was meant only for the very tech-savvy. The truth is, many free programs such as Adobe Acrobat already support this type of signature.
Much like the advanced electronic signature, the qualified electronic signature (QES) is also linked to the signer and requires them to be identified and have sole control of the signing tool.
The difference arises with two requirements that are exclusive to the QES:
- Firstly, the identification process is further secured by the requirement of a qualified certificate as proof of identity and
- secondly, the requirement of a qualified signature creation device for the aforementioned sole control component.
The qualified certificate and the qualified signature creation device make the QES the highest level of signature that can be requested. Only the QES can be regarded as the true equivalent of the manual signature, due to the fact that in the European Union, it may not be denied admissibility as evidence or legal effect solely due to its electronic nature. However, some jurisdictions have exceptions for the validity of e-signatures. Most notably for the creation and execution of wills, areas of family law and similar.
When is a digital signature valid?
In general, a digital signature is legally valid when all parties involved agree on the use of a signature type and are in agreement with it. This means, for example, that a digitally inserted handwritten signature can also be valid. In some cases, however, the written form is mandatory for contracts, for example when buying a property or setting up a company. Here, only the qualified electronic signature is considered a full digital substitute and thus legally valid.
Where can I get a qualified electronic signature?
Although the technology underlying e-signing solutions are complicated, digital signing has grown so widespread in the corporate sector that it's very simple to receive your signature in a digitized version. In practice, users are offered a wide range of providers for qualified electronic signatures, with which they can create their own QES. As a rule, after confirming their identity, users receive a token, usually in the form of a card including a card reader, which they can use to create a QES signature themselves. However, some providers also use signature procedures that do not require the use of a token, such as IDnow eSign, where identification takes place via the VideoIdent procedure and the user can sign the contract immediately afterwards.