Electronic and digital signatures – What are they?
Electronic signatures have become common across many businesses in recent years. Put most simply - the Simple Electronic Signature (SES) is a way of signing any document.
Digital signatures take the concept of electronic signatures further. The digital signature requires technical implementation and aims to securely associate the signer with the document. Any attempt to alter this should be detectable.
Digital signatures are tightly regulated. In Europe, this is governed by the 2014 eIDAS regulations (which came into effect in July 2016). In the UK, the 2016 Electronic Identification and Trust Services for Electronic Transactions Regulations set the standards.
The simple electronic signature
The European eIDAS regulations, and the corresponding regulations in the UK, define three levels of electronic signature. The simple electronic signature (SES) is the lowest of these. It can be thought of as the minimum requirement for an identity guarantee. This can be any electronic form of a signature that a signer can apply to a document to indicate acceptance.
eIDAS provides the following definition of the simple electronic signature (SES):
"Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign."
With the SES, there is no requirement or expectation for complex technical implementation. It should verify the identity of the signer, but there is no need for digital verification or protection from forgery. These requirements are introduced for digital signatures.
How to implement a Simple Electronic Signature
A simple electronic signature does not require any special technical implementation. It should, though, be linked to the signer of the document and provide the ability to verify identity. In legal terms, this ultimately comes down to both parties' agreement to accept the signature.
A SES could be as simple as an image of a handwritten signature. Standard e-mail signatures are also accepted as simple electronic signatures, as is the use of an "I Agree" button on a web form. Such signatures are often used in simple business transactions, contracts, or purchase orders.
What is the difference between electronic signatures and digital signatures?
The simple electronic signature runs into difficulty when verification that the signer actually signed the document is required. Documents that are more important, or have value, are likely to require this verification.
The digital electronic signature introduces the ability to verify the signer. This type of signature should be created using data that only the signer has control of. It also must protect against forgery. Any changes made should be traceable, and the signature is not accepted if modified or forged.
There are two types of digital signature – the advanced electronic signature (AES) and the qualified electronic signature (QES). Both of these should ensure that the signer created the signature and has not been tampered with since. The QES takes this further with additional security measures and places the burden on the signer in the event of a dispute. Under EU law, it carries the same weight as a traditional handwritten signature. An SES does not.
Learn more in our Quick Guide to electronic signatures.