What is the legal value of a digital signature?
To answer that question, we first need to make sure we're talking about the same thing. After all, the terms 'electronic signature' and 'digital signature' are often used interchangeably. But there's a difference.
An electronic signature simply captures a person's intent to agree to the content of an electronic document or a set of data. It can be a signature manually drawn on a desktop screen, but also merely the image of your signature pasted in a Word document, or your mail signature. A digital signature, on the other hand, relies on a cryptography-based technology, which provides an extra level of security and integrity of the document.
So a digital signature is always an electronic signature while an electronic signature is not always a digital signature.
Under eIDAS - the European legislation that oversees electronic identification and trust services for electronic transactions - there are three categories of electronic signatures. All three categories can be legally effective. The difference between them is the evidence needed to reassure a court that the signature is genuine and intentionally applied to a particular document. When using an eIDAS compliant solution like eSignatures, the signatures are legally valid across European borders.
Below you'll find an overview of the three categories of electronic signatures, and their differences.
Categories of electronic signatures
- Basic electronic signature (BES)
- Advanced electronic signature or digital signature (AES)
- Qualified advanced electronic signature or Qualified digital signature (QES)
As you can see, only categories 2 and 3 qualify as digital signatures.
The difference between these categories are mainly based on 4 key elements:
- Authenticity: Is the signature uniquely linked to the signer?
- Identity: Are you capable to identify the signer?
- Integrity: Is the signature linked to the data signed in such a way that any subsequent change in the data is detectable?
- Authentication: How confident are you that the signature is created under the sole control of the signer?
Signature type | Basic (BES) | Advanced (AES) | Qualified (QES) |
---|---|---|---|
Definition | All electronic types of signatures that prove acceptance or approval by the signer by using some sort of certificate. This can be a signature manually drawn on a desktop screen (& digitally saved), a click on an “I accept” button, etc. This type is not a digital signature. | Advanced electronic signatures must meet specific requirements providing a higher level of signer ID verification, security, and tampersealing (meaning the document cannot be changed once it is signed). | Qualified electronic signatures or non-repudiation Digital Signatures are the only electronic signature type to have special legal status in EU. Unlike the other signatures, the burden of proof lies with the party that disputes the signature(s), not with the initiator. This makes it legally equivalent to a written signature. It is backed by a certificate issued by a Qualified Trust Service Provider (QTSP) that is on the EU Trust List (EUTL) and thus certified by an EU member state. |
Authenticity | Not mandatory that the signature is linked to the signer. | Certain that the signature is uniquely linked to the signer. | Certain that the signature is uniquely linked to the signer. |
Identity | Checking the identity of the signer is not mandatory. | Certain that the signature is uniquely linked to the signer. | 100% Capable of identifying the signer. Initial face-to-face verification or another equivalent process is required. |
Integrity Certain that content cannot be changed after signature? |
Yes | Yes | Yes |
Legal validity | The burden of proof lies with the party that initiated the signature. | The burden of proof lies with the party that initiated the signature. | This type is non-repudiative. The burden of proof lies with the party that disputes the signature. |
Conclusion
In conclusion, all three categories are legally valid, but only qualified digital signatures are the legal equivalent to a written signature and lay the burden of proof with the party that disputes the signature. Qualified digital signatures are the most advanced and secure type of electronic signatures. They comply with the most demanding regulatory requirements as they provide the highest levels of assurance about each signer’s identity and the authenticity/integrity of the documents they sign.