What’s the difference between a digital signature and an eSignature

eSign

In today’s work-from-anywhere society, everything needs to be digital, from collaboration through cloud-based platforms to sharing documents through email. At the same time, certain fundamental business processes require signed documents, often as part of the contracts process.

Every day, your company manages various documents that require signatures. From non-disclosure agreements (NDAs) with contractors to employee onboarding documents, your organization needs people to agree to certain terms and conditions with a signature.

As you continue on your digital transformation journey, you need to understand the difference between a digital signature and an electronic signature (eSignature), so that you adopt appropriate technologies.

What is an electronic signature?

Electronic signatures, abbreviated as eSignatures, are any electronic form to verify a document and validate a person's intent, replacing handwritten “wet ink” signatures. When everyone involved in the signing process agrees to use eSignatures, they can be considered legally binding. Often, companies adopt eSignatures when executing a contract or other record that has a legal effect in digital form.

The term ‘electronic signature’, or ‘e-signature’, is category description for all types of electronic signatures. Some examples of eSignature technology that a business might use include:
● Signature image
● Symbol
● Fingerprint
● Click box
● Verbal sound
● Electronic sound

What is a digital signature?

The term ‘digital signature’ refers to a specific signature technology implementation of electronic signature.

A digital signature, a type of electronic signature, acts as an electronic fingerprint, using cryptographic algorithms to sign the document and verify its authenticity. Using a public key infrastructure (PKI), the encryption’s certificate authority stores, signs, and issues a public key and private key that validates identities.

Digital signatures are legally binding and offer the following advantages:
● Traceability
● Signer identity validation
● Data integrity
● Data security

Understanding the Key Differences: Digital Signatures vs eSignatures

Although you can use either a digital signature or an eSignature for many documents, it’s important to understand the key differences between them.

Purpose

An eSignature verifies a document, including its source, authors, and signers.

A digital signature verifies the document and prevents unauthorized people from tampering with it.

Types of signatures

eSignatures can come in various formats, including:
● Scanned image of signature
● Checkbox on electronic document
● Typed name on document

Digital signatures rely on a signing platform that incorporates security and automation.

Security

eSignatures often lack built-in security features to prevent unauthorized document tampering.

Digital signatures include security features like:
● Encryption
● User authentication and authorization
● Audit logs

Third-Party Validation

eSignatures rely on the signing parties to validate that they are who they are and that the signature is theirs.

Digital signatures use trusted, authorized, and regulated third-party certification authorities (CAs) to validate the process.

Verification

Without the third-party validation, it’s harder to verify the signature’s real owner, which can lead to authenticity and integrity issues.

Since digital signatures uses CAs, you have traceability for verification of the original owner and lack of tampering.

Intention

eSignatures show the signers’ commitment to a document’s contents and record intent so you can use them for contracts.

Since you can trace a digital signature to a person and maintain the document’s authenticity, it also proves commitment and intent so you can use them for contracts.

When should I use a digital signature versus an electronic signature?

Since eSignatures and digital signatures have some differences, you need to know the best use cases for each so you can make appropriate technology decisions. For example, you might need to consider things like geographic region or industry.

When to use an electronic signature

Since eSignatures document people’s intent and commitment, they’re an easy way to sign contracts.

Some use case examples include:
● Employee contracts from human resources
● NDAs
● Third-party contracts
● Sales agreements
● Loan applications
● Cookie notifications on a consumer-facing website

When to use a digital signature

Since digital signatures authenticate signers’ identities, they offer more robust security for sensitive data. If your business operates in a highly regulated industry, then digital signatures may be a better option, even for contracts.

Some examples of use cases include:
● Healthcare documents regulated under the Health Insurance Portability and Accountability Act (HIPAA)
● New account documents at a financial services institution
● Tax forms sent to a governmental entity

Are digital signatures and electronic signatures legally binding?

The answer to whether digital signatures and eSignatures is really, “it depends.” While this might not be what you wanted to read, you need to understand when and where each type of signature is legally binding.

Legality and regulations of signatures

Your geographic location is the starting point for determining the legality and regulatory requirements around using digital signatures and eSignatures.

Some current laws that govern whether eSignatures and digital signatures are legally binding include:
● US Electronic Signatures in Global and National Commerce (ESIGN) Act
● US Uniform Electronic Transactions Act (UETA) (US)
● US Food and Drug Administration (FDA) Code of Federal Regulations Title 21 Part 11
● European Union Electronic Identification, Authentication, and Trust Services (eIDAS)
● United Kingdom Electronic Identification, Authentication, and Trust Services (UK eIDAS)
● UK Electronic Communications Act (ECA 2000)
● UK Electronic Identification and Trust Services for Electronic Transactions Regulations 2016
● Swiss Federal Act on Electronic Signatures (EAS)
● Swiss Code of Obligations (CO)
● United Nations Model Electronic Signature Law

In addition, you may want to look at whether your state or province has laws with stricter requirements than the ones your country has.

Signing security considerations

Once you know the regulatory requirements, you want to analyze how secure the documents should be or if they require you to comply with a privacy law.

Some considerations include:
● Type of data the documents contain
● Need to verify signatory identity
● Importance of document integrity

For example, an employee contract might include:
● Name
● Address
● Government issued identification number, like a social security number
● Birth date
● Bank account information for payroll

Meanwhile, a business contract would include name and business address, both of which would be publicly available.

Protect the Digitally Signed Documents at Three Key Points

Signed documents are mission-critical to your business, and you want to complete the process efficiently. Requiring a contractor to visit your business in person to sign a document is cost prohibitive for both of you. No matter which choice you make - digital signature or eSignature - you need to protect the documents appropriately.

At the point of signing

Most signing platforms offer monitoring and controls that give you visibility into document access, including:
● IP address
● Device and/or operating system
● User ID
● Timestamp
● Location
● Signature status

In storage

Depending on the type of document, you probably have legal or regulatory retention requirements. To protect these stored digital documents, you should consider:
● Data-at-rest encryption
● Limiting access according to the principle of least privilege
● Monitoring access
● Watermarks to prove authenticity
● Preventing unathorized file sharing

On mobile devices

It’s the nature of business that people don’t want to just sit at their computers all day long waiting for an emailed document. This means that you want to make sure any documents signed on a mobile phone are protected, too.

To protect documents signed on mobile phone, you should consider:
● Data-in-transit encryption
● Requiring user authentication
● Monitoring access to documents

Tresorit eSign: Digital Document Signing with Integrated Workflows

Getting people to sign documents digitally not only provides a better user experience, but it reduces the time it takes to complete the process. With Tresorit eSign, you can build document signing directly into your current workflows for a single place to send, collect, track, and secure documents.

Using Tresorit’s Secure Cloud, you can complete the document signing process faster while incorporating security with fine-grained access controls and detailed monitoring logs. Tresorit eSign protects documents during the signing process with visibility into who signed a document, when they signed it, and where they signed it from. Integrated into our secure workspace, you have a single storage location that uses end-to-end encryption, including a way to protect documents signed on mobile devices.

To see how Tresorit eSign enables fast, secure, and transparent digital document signing, contact us for a demo.