So you’ve decided it's time to bring your organization into 2023 and start using electronic signatures.
But then you spotted something that’s more than a little confusing:
There’s more than one kind of electronic signature.
Which do you need to use, when, and for which applications? And, most importantly, which of them are legally binding?
In this guide, we’re going to demystify electronic signatures. We’ll dive into the three most common types of electronic signatures, how they work, what defines them, and in which situations they’re considered legal.
What is an electronic signature?
Electronic signatures are quick, easy ways to sign digital documentation.
They are, in most cases, legally binding, and signal agreement with documents—such as an employment contract.
Also read: A Quick Introduction to eSignatures
In the majority of cases, an electronic signature looks just like your regular, handwritten signature (also called a wet signature in the nomenclature). However, it doesn’t have to.
In the United States, the Electronic Signatures in Global and National Commerce Act defines a legally-binding electronic signature as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”
As such, the following are also regularly accepted versions of eSignatures.
- The typed-out name of the signer
- A unique PIN or password
- Biometrics (such as Face ID)
- A symbol, sound, or voiceprint
- Clicking “I Agree” (or similar wording)
Electronic signatures vs. digital signatures
Sometimes electronic signatures are also called digital signatures.
In most cases, the two are used as simple synonyms, but there is a technical distinction between the two, and in fact, a digital signature is a type of electronic signature.
Digital signatures are encrypted and embedded with important information about the person who signed the document and the device they used to do so.
This extra layer of security provides protection in the event of a contract dispute and helps contract managers prove that the other party had “intent to sign” (something we’ll cover in more detail later) in a court of law.
“At fast-growing companies, most work gets done in the eleventh hour. The management tends to be extremely pushy, and therefore, the legal team is expected to come up with ad-hoc solutions. Enterprises, however, are more structured as they want the legal team to envisage disputes and develop solutions that would work in the long run.”
~ Sandeep Chowdhury, Group GC, HCC Ltd.
Transforming the Legal Function at a Large Enterprise
What are the three types of eSignatures?
In practice, there are three distinct kinds of eSignatures, as set out by the European Union's Electronic Identification, Authentication, and Trust Services (eIDAS) regulation.
- Simple Electronic Signatures (SES)
- Advanced Electronic Signatures (AES)
- Qualified Electronic Signatures (QES)
Let’s look at each in a bit more detail.
Simple Electronic Signatures (SES)
A simple electronic signature or SES is, as you’ve probably guessed, the most basic of the three.
According to eIDAS, an SES is defined as follows:
“Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.”
That’s a pretty broad catch-all—and that’s the point.
Anything that is logically associated with a contract and is used by the signatory to sign counts as an electronic signature and in this case, is an SES.
An SES is legally binding if such conditions are met, though it is the least secure method, and many organizations don’t accept Simple Electronic Signatures for this reason.
When you sign a document using Adobe Acrobat or Preview, you’re using an SES.
Advanced Electronic Signatures (AES)
The next step up is the Advanced Electronic Signature or AES.
They take Simple Electronic Signatures and add a layer of identity verification.
This identity verification is based on digital certificates that can uniquely identify who signed the document (such as the IP address of the signer).
Advanced Electronic Signatures have to be sent using dedicated eSignature tools in order to capture this data.
To qualify as an AES, the signature must meet a few requirements:
- Be uniquely linked to the person with authority to sign
- Correctly identify the person signing
- Be created with eSignature creation data that only the person signing has the authority to use
- Be linked to data in a document that the signatories can check for future changes
Within the legal community, the AES is widely considered to have the same validity as a wet signature.
In many cases, when you’re signing digital documents via an eSignature platform, you’re using an AES.
Qualified Electronic Signatures (QES)
Then comes the final and most robust type of electronic signature: the Qualified Electronic Signature (QES).
The QES builds on the AES with stronger security and validation standards.
QES must have a certificate based on public keys that are issued with specific technology, and they must also have prior signatory identification from an audited entity.
This means that an approved third party needs to vet the signer before they can issue a valid QES, either face-to-face or via video call.
While the QES meets higher standards, that doesn’t necessarily make it better.
To achieve QES standards, you have to jump through a lot more hoops, which can obviously slow down the contract approval process.
As both AES and QES signatures offer a significant level of security and are both considered legally binding, many organizations settle on Advanced Electronic Signatures as their primary method of signing.
Simple, advanced, and qualified electronic signatures compared
Here’s a quick rundown of the core differences between the three types of eSignatures.
Are all three types of eSignature legal?
So what about the legality of these three different types of electronic signatures?
Is a signed document legally binding regardless of the kind of signature used?
In short, yes, but there are some criteria you need to meet in order for that signature to be considered valid (just as there are when it comes to traditional wet signatures).
We can break these legal requirements down into four categories.
Intent essentially means that the person who signed the document intended to do so. That is, the use of electronic signatures isn’t valid if someone is tricked into signing an agreement.
To use electronic signatures for the document signing processes, the signatories must provide consent to do so.
This can happen at the document level or more generally (such as when an employee gives consent to sign all documents electronically at the beginning of the working relationship).
The method for affixing the signature must be demonstrable, accurate, and fully explain the method that was used to create and affix the eSignature.
Lastly, the record of electronic signature must be able to be accurately reproduced and available to all parties.
Basic electronic signatures meet this requirement, but it's important to note that more advanced electronic signatures also include amendment data by way of an audit trail, which has no impact on user experience but does provide more security for all parties.
What are some of the laws or standards around eSignatures?
As we’ve already seen, the eIDAS regulation governs electronic signatures in the European Union, and the same terminology is used to distinguish between three kinds of electronic signatures in many other regions.
However, eIDAS is far from the only regulatory advice related to eSignatures.
In the United States, two important acts exist:
- Uniform Electronic Transactions Act (UETA)
- Electronic Signatures in Global and National Commerce Act (ESIGN Act)
Both speak to the required standards to make an eSignature legally binding (discussed in the section above). The difference is that the ESIGN Act is federal and sets a nationwide standard, and the UETA is state-level legislation that individual states have the option to adopt.
New York is the only state that hasn't adopted UETA, but its Electronic Signatures and Records Act (ESRA) fulfills a similar need.
Across the world, several other laws govern electronic signatures, providing similar standards and guidelines:
- Canada: Personal Information Protection and Electronic Documents Act
- United Kingdom: Electronic Communications Act 2000 and Electronic Signatures Regulations 2002
- Australia: Electronic Transactions Act 1999
- New Zealand: Electronic Transactions Act 2002
- China: Electronic Signature Law of the People’s Republic of China
- Japan: Law Concerning Electronic Signatures and Certification Services
- India: Information Technology Act 2000
Secure and manage all types of electronic signatures
Now that you’ve got a good handle on the types of electronic signatures that exist, there’s one question left to answer:
What kind of eSignature solution are you going to choose to distribute and manage digitally-signed documents?
Look for a platform that supports the following:
- Multiple eSignature and document formats
- Various use cases (such as procurement, legal, and sales)
- The creation of automated workflows