Why the difference matters
In everyday communication, the terms electronic signature and digital signature are used interchangeably, but legally and technically they are not the same thing. The difference is not academic: when you sign a contract worth hundreds of thousands of EUR or enter a court case, the chosen signature type directly affects whether the document will be accepted as evidence, whether the other party can challenge it, and whether you will have to redo the work on paper.
Electronic signature as a broad legal concept
The electronic signature is an umbrella term covering every digital form of expressing intent. It includes practically anything that identifies the signatory in an electronic environment:
- A typed name at the end of an email
- A scanned image of a handwritten signature pasted into a PDF
- Clicking the I accept the terms button
- A finger or stylus signature on a tablet screen
- Entering a PIN code or one-time password
- Biometric confirmation (fingerprint, face)
All of these forms are legally electronic signatures, but they differ in security level and evidential weight in court.
Digital signature as a cryptographic subset
The digital signature is a technically specific subset of electronic signatures that uses asymmetric cryptography and digital certificates. Three key features:
- Asymmetric encryption: a key pair (private for signing, public for verification). The private key is known only to the owner, the public key is available to anyone.
- Digital certificate: issued by a certification authority and confirms that a given public key belongs to a given person.
- Hash function: a mathematical fingerprint of the document. Any change after signing alters the hash and invalidates the signature, providing non-repudiation.
In other words: every digital signature is electronic, but not every electronic signature is digital. The relationship is like that of a square and a rectangle.
Three levels under eIDAS
The EU eIDAS regulation (and equivalent UK Electronic Identification and Trust Services regulations) defines three levels of electronic signature:
| Level | Technical requirements | Legal weight | Typical example |
|---|---|---|---|
| Simple (basic) e-signature | Any electronic form of identification | Legally valid but with weak evidential weight; the burden of proof is on the party relying on the signature | Name in an email signature, click on I agree, scanned signature |
| Advanced e-signature (AdES) | Uniquely linked to the signatory, capable of identifying the signatory, created using means under sole control, linked to the document so any later change is detectable | Greater evidential weight; reverse burden of proof, without counter-evidence the signature is accepted as valid | Signature with a qualified certificate without a QSCD device, e.g. a software certificate |
| Qualified e-signature (QES) | Advanced signature created with a qualified signature creation device (smart card, USB token, HSM) on the basis of a qualified certificate issued by a registered qualified trust service provider | Legally equivalent to a handwritten signature in all legal relations; automatically accepted across all EU states without additional verification | National eID smart card, qualified token, HSM module at a bank |
Qualified providers
Qualified certificates are issued by trust service providers listed in the EU Trusted List (or the UK equivalent). Well-known providers include DocuSign, Adobe Sign, GlobalSign, Entrust, and various national providers tied to national eID schemes. The price of a qualified certificate ranges from 50 to 250 EUR a year, depending on the provider and the type of carrier (card, token, cloud).
When each level is legally required
| Document type | Minimum level | Reason |
|---|---|---|
| Internal communication, memos | Simple | No external legal weight |
| Purchase orders, reports | Simple or advanced | Per internal company policy |
| Commercial contracts between businesses | Advanced recommended | Easier to prove if a dispute reaches court |
| Employment contracts | Advanced minimum, qualified recommended | Any dispute before an employment tribunal |
| Invoices for tax purposes | Advanced (e-invoicing) | HMRC Making Tax Digital, EU e-invoicing rules |
| Court filings and claims | Qualified (mandatory) | Procedural rules require QES |
| Real estate transactions | Notarised (deed) | Electronic signature is not enough; notarial form required |
| Banking documents with high values | Qualified | Internal bank requirements and financial regulation |
| Documents to public authorities, e-government | Qualified | e-government and court portals do not accept lower levels |
What practice shows: when courts have rejected a simple e-signature
In court practice there are recorded cases where a party in dispute submitted a contract with a scanned signature as evidence and the court ordered a forensic review. The expert found that a scanned signature offers no guarantee that it was not subsequently copied from another document, and the court accepted such a signature only with additional evidence (witnesses, correspondence, payments). When a qualified electronic signature is present, the court accepts it without further proof, just as with a handwritten signature on paper.
Cross-border validity in the EU
A qualified electronic signature issued under the eIDAS standard is legally valid across all EU states without additional certification. This matters particularly for businesses with EU partners, as it removes the need for travel, couriers and physical stamps on contracts. The advanced signature is accepted in some states, while the simple signature is treated differently from state to state.
How to choose the level for your case
- Legal obligation: if a law or regulator explicitly requires a particular level, use it (e.g. mandatory e-invoicing platforms; court filings qualified).
- Document value or risk: a contract worth more than the average annual salary deserves at least an advanced signature, ideally a qualified one.
- Cross-border use: if the document goes abroad or comes from abroad, a qualified signature is the only safe choice.
- Long-term retention: documents kept for more than 5 years should use a format that allows long-term signature validation (LTV, e.g. PAdES-LTV for PDF).
- Operational comfort: for mass signing (hundreds of contracts per day), investing in a cloud QSCD can pay off, as it removes the need for physical tokens.
