People often use the terms digital signatures and electronic signatures interchangeably, unaware of the differences between the two.
Electronic signatures encompass all paperless signing methods and are classified into three categories:
- simple electronic signatures
- advanced electronic signatures
- qualified electronic signatures
Digital signatures, however, only include the electronic signing methods that meet the requirements for advanced or qualified electronic signatures. Therefore, simple electronic signatures are not digital signatures.
A digital signature differs from a simple electronic signature because it is securely linked to both the signer and the document. The signer’s identity is verified with a substantial degree of confidence, and any changes made to the document after signing are detectable. In digital signature solutions, this is accomplished using hashing algorithms, PKI technology, and digital certificates.
On the other hand, simple electronic signatures rely on far less secure technology. Therefore, they can’t fully identify the signer or make sure that the document has not been altered after signing.
Do you want to know more about the other differences between a digital signature and an electronic signature? Are you wondering which one of the two you should use? Then keep reading.
Digital signatures vs. electronic signatures
The most important differences between digital signatures and electronic signatures concern signer identification, content integrity, non-repudiation, and legal validity.
1. Signer identification
Digital signatures rely on Public Key Infrastructure (PKI)—a system of technologies, processes, and policies for signing and encrypting data. To create a digital signature, the signer needs a personal digital certificate issued by a Trust Service Provider.
When the certificate is issued, the signer’s identity is verified using their electronic ID or an equivalent method. The Trust Service Provider ensures that only the signer has control over their digital certificate, preventing anyone else from using it to create a signature on their behalf.
In case of a digital signature being disputed, it’s possible to reliably validate the certificate used to create it and its origin.
However, this is not the case with simple electronic signatures. These signatures either lack a method to verify the signer’s identity or rely on less secure methods, like email or text messages.
Such methods are fallible because email accounts can easily get hacked. As a result, one can never be one hundred percent sure about who really signed the documents.
2. Document integrity
Digital signatures use hashing algorithms and PKI technology to check if any changes were made to the document after signing. If the document has been altered, the digital signature is invalidated.
On the other hand, most simple electronic signature solutions can’t detect edits to the document after signing.
However, documents signed with simple electronic signatures through Penneo Sign are an exception, as Penneo applies a Qualified Electronic Seal at the end of the signing process. Like a signature, this seal is created using PKI technology with Penneo’s qualified certificate, ensuring the signed document’s integrity.
3. Non-repudiation
Electronic signatures can easily be disputed. In court, substantial additional evidence may be required alongside the signature. Without such evidence, these signatures might not stand up.
Since digital signatures provide stronger proof of the signer’s identity and guarantee the integrity of the signed document, they are much more difficult for the signers to dispute.
4. Legal value
The eIDAS regulation states that digital signatures are legally binding and can be used as evidence in legal proceedings..
While simple electronic signatures are also admissible as evidence in court, the judge will have to decide on a case-by-case basis if the signature is enforceable or not. Additional evidence will likely be required.
Therefore, we recommend always using digital signatures for important business documents such as engagement letters, annual reports, employment contracts, confidentiality agreements, audit reports, etc.
Please note that there are still some situations where a handwritten signature is required, and these exceptions are different for each EU Member State.
Simple Electronic Signatures | Digital Signatures | |
---|---|---|
Signer identification | Can’t identify the signer with certainty. | The signer is identified using an electronic ID or similar method. |
Content integrity | Can’t always detect changes to the contents of the document after signing. | Can always detect if any changes were made to the content after signing. |
Legal validity | Additional evidence will likely be required in the event of a dispute. | Stronger evidence of who signed, what they signed, and when they signed it. |
What types of signatures does Penneo provide?
Penne provides both simple electronic signatures and digital signatures.
To create a simple electronic signature in Penneo, you can either draw/type your signature or insert a picture of it in the document.
To create a digital signature via Penneo, you can use our integration with itsme® Sign or any of the following eIDs:
- MitID,
- .beID,
- Swedish BankID,
- Norwegian BankID,
- Finnish Bank ID and Mobiilivarmenne.
Signatures created with itsme® through Penneo Sign comply with eIDAS requirements for qualified electronic signatures, carrying the same legal weight as handwritten signatures across all EU member states. Signatures made with the other eIDs through Penneo Sign meet the criteria for advanced electronic signatures.
Conclusion
We encourage you to use digital signatures whenever possible. They offer the convenience of paperless signing—allowing signers to sign quickly on their computer or smartphone—while providing solid evidence of what was signed, when, and by whom
Interested in learning more about digital signatures and how they can benefit your business?