What is an electronic signature? Anybody new to this area may be easily confused as to what an electronic signature is and how it is different, in terms of probative and legal value, to the other legally recognised types of signature.
In this post we aim to clear up any questions related to this digital tool which improves processes and enables deals to be closed for a huge number of business that have subscribed to digital transformation and the evolution of business practices.
This post is also available in Spanish.
Table of contents
We all recognise and know that the classic signature is a handwritten representation of a person's name and surname or title. Its legal nature is to verify a person's identity, and it constitutes proof of consent, contractual status, and endorsement of the information contained in a document.
An electronic signature does exactly the same. It is an electronic indication of a person's intent to accept the content of a document or a collection of data linked to the signature.
Just like its handwritten counterpart, an electronic signature is a legally recognised means of stating the signer's intent to adhere to the terms of the document they have signed.
The nature of the "mark" or how it was made isn't important. What matters is proving who made the mark and that the document hasn't been modified subsequently.
Under the above-mentioned European Union Regulation 910/2014, which defines and regulates electronic signatures in the European Union, an electronic signature is the data "in electronic form which is attached to or logically associated with other data in electronic form and used by the signatory to sign".
In Spain, in this particular case, we were pioneers in recognising the value of this technology. The Royal Decree-Law 14/1999, of 17th September, was the world's fourth legal regulation to recognise the legal value of this solution which is able to identify the signer and detect even the smallest changes in documents which have been signed.
Today, the European Union Regulation No 910/2014 on electronic identification and trust services for transactions in the internal market is in force, having replaced the Directive 1999/93/EC.
This regulation, which has been applicable since 1 July 2016, not only concerns electronic signatures but also regulates, across the whole EU, trust lists, electronic seals, time-stamping, electronic delivery services, and website authentication certificates amongst other issues.
eIDAS Regulation defines three types of electronic signature: "simple" electronic signature, advanced electronic signature and qualified electronic signature.
The requirements for each type are based on the requirements for the preceding type. As such, a qualified electronic signature meets more requirements whilst a "simple" electronic signature meets less.
An electronic signature is defined, as we mention above, as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign" (eIDAS Article 3).
Therefore, something as simple as signing a document and sending a scanned copy using an email account, username and password, or accepting the terms and conditions of a website can constitute a simple signature.
There is a logical association between the sending account (the email address) and the signature. However, it doesn't actually prove who the signer really is.
That's why this electronic signature, often referred to as 'simple', offers the lowest level of security.
An advanced electronic signature is an electronic signature which meets the following requirements:
- uniquely links to the signer;
- enables identification of the signer;
- is created in such a way as to allow the signer to retain control;
- is linked to the signed data in such a way that any subsequent change to this data is detectable.
An advanced electronic signature has a higher level of security than simple signatures.
A qualified electronic signature is an advanced electronic signature which additionally:
- is created by a qualified signature creation device;
- and is based on a qualified certificate for electronic signatures
The electronic signature generated using electronic National Identity Documents and electronic signature certificates stored on encrypted cards are examples of this type of electronic signature.
Qualified certificates for electronic signatures are provided by providers (public and private) which have been granted qualified status by a national competent authority as stated in the national "trusted lists" of the EU member state.
Many providers of qualified certificates will deliver the corresponding private key on a qualified signature creation device.
A digital signature applies cryptographic mechanisms to the content of a document so that the recipient can verify that the sender of the message is real, the sender cannot deny having sent the message, and the message has not been altered since it was sent.
Digital signatures are therefore an essential element of advanced electronic signatures and qualified electronic signatures but aren't found in simple signatures.
Digital signatures are also legally recognised but do not have legal status in that they are NOT meant to certify the signer's intentions, but rather encrypt the data in a document to enhance security.
Digitized signatures are the conversion of a handwritten signature into a digital image. In other words, it's a signature on paper which is then scanned. Or it can be also be generated using some type of hardware that allows the image of the signature to be saved onto a computer - as a .jpg or .png file - for future use.
A digitized signature is considered a simple electronic signature and is therefore legally recognised. But it doesn't offer any guarantees on the signer's identity and can be very easily forged.
Although the different levels of electronic signatures are all appropriate in different circumstances, an analysis must be undertaken to ascertain which type of electronic signature is most appropriate in each instance: simple, advanced or qualified.
Signaturit's value undoubtedly lies in its ease of use and high security. What use is really secure technology if hardly anyone can use it? Although we are fully focused on the security of electronic signatures, we also ensure they are easy to use.
That's why, to avoid substitutes that are completely unsecure and not legally recognised, such as signatures from graphics tablets or scanned handwritten signatures, we offer a 14 day free trial of our advanced electronic signature solution so that you can judge for yourself just how easy it is to use.
If you need more information, please download the following whitepaper in which we explain in greater detail the features of our advanced electronic signature solution. You can also contact us by using the following form, or by calling us at +34 93 551 14 80.This post is also available in Spanish.