Since the dawn of the digital era, and increasingly today with the rise of environmental concerns, society is pushing for paperless businesses and business practices. In that context, electronic signatures represent an important catalyst for such business approaches.
While signing a document electronically has become a common practice, there are remaining misunderstandings about the differences between electronic signatures and digital signatures.
It is sometimes hard to navigate through the technicalities behind those concepts and technologies. Therefore, it seems opportune to address the question of the difference between both concepts.
Spoiler alert: digital signatures and electronic signatures are definitely not interchangeable terms.
A digital signature is a technical term referring to an encrypted message resulting from a mathematical algorithm. It is composed of messages and processes enabling to convey data about the signatories and the content of the documents between the parties.
In simple words, a digital signature is an encoded message used to safely link signatory/ies with a document in a recorded transaction.
But how does it work?
Digital signatures rely on a standard format of encryption called public key infrastructure (PKI).
A private key is used to encrypt a message and a public key allows the decryption of the message. More precisely, an algorithm creates a pair of linked keys: a private and a public key, both owned by the signatory.
The private key is kept in a protected device which remains under the exclusive control of the signatory. The other key is public and can be shared with anyone to decrypt the message.
The use of a certified PKI ensures the highest level of security and global acceptance of the message.
An electronic signature (e-signature) represents a person’s intent and consent to agree electronically to the content of a document or contract. It is a legal term defining the legal value of digitally signing a document. Many countries have introduced electronic signature legislation to regulate and support this practice. In the European Union, the eIDAS regulation establishes that an electronically signed document cannot be refused in court on the sole fact that it is signed with an e-signature. Thus, all e-signatures have a legal value. It is the degree of legal admissibility, and therefore the extra proof required to support the e-signature that will vary. This depends on the level of the electronic signature as defined by the eIDAS regulation, and consequently on the technologies supporting the said e-signature. We will further discuss this topic in our next episode.
According to its level, an electronic signature can be for instance a scanned image of the handwritten signature, the tick used to accept the Terms and Conditions of a website or a far more technical combination of requirements.
In a nutshell
An e-signature is an electronic way to sign a document, representing a person’s intent and consent to agree electronically to the content of a document or contract, whereas a digital signature is a means to encode a document to ensure its integrity and security.
eIDAS qualified e-signatures are relying on digital signatures but simple and advanced signatures are not necessarily based on digital signatures, depending on how these signatures are set up and managed from a technical point of view. More on these requirements in our next article.