Electronic signatures are essential in the B2B world for concluding contracts quickly, cost-effectively and securely and for starting new projects. They speed up business processes and improve both security and compliance.

Definition of the electronic signature

An electronic signature, often simply referred to as an eSignature, is a method by which a document is digitally signed. During the signature process, the identity of the signatory is confirmed electronically. The term “electronic signature” is often used for the technical process and refers to the digitally set signature, which is also valid in court, provided the correct signature standard is used.

Electronic signatures use various encryption techniques to ensure the authenticity and integrity of the signed documents. They offer a legally recognised way of signing contracts and other legally binding documents online, which is regulated by the eIDAS Regulation in the EU. This regulation ensures that digital signatures are recognised and legally valid in all member states.

Section of a certificate with the e-mail address marketing_t@certifaction.com, date 17/07/2024, and the reference to a qualified electronic signature (EU) with signing via Certifaction.com

Difference between digital signature and electronic signature

Basically, electronic signatures are the same as a handwritten signature on paper documents – only digital. Distinguishing between the two terms is not easy, as they are often used as synonyms. The electronic signature is the legal term, while the digital signature is often used more as a term for the technical process. Confusingly, an image or a signature created with a digital pen (e.g. when confirming a parcel delivery) is often referred to as a “digital signature”.

Signatories can be identified by the information transmitted with the signature. Exactly what information this is depends on which signature standard has been selected.

Sign your first document in the free trial

What is a certificate for electronic signatures?

A certificate for advanced and qualified electronic signatures is a digital certificate issued by a trust service provider. It verifies the identification of the signatory and provides a public signature key that is used to verify the signature. This certificate is added as a seal to the electronic signature.

Fenster „Certificate Viewer“ auf einem Computerbildschirm, zeigt Details eines digitalen Zertifikats inklusive Aussteller, Gültigkeitszeitraum, Verwendungszweck und Sicherheitshinweisen mit Registerkarten für Zusammenfassung, Details, Sperrung, Vertrauen, Richtlinien und rechtliche Hinweise.

Signature certificate from Swisscom

Are electronic signatures legally binding?

Yes, electronic signatures are recognised within the EU by the eIDAS Regulation and in many other legal areas worldwide and have the same legal force as handwritten signatures as long as they meet the legal requirements. Within Germany, the Trust Services Act (VDG) regulates the legal framework for electronic signatures. The qualified electronic signature meets strict security requirements and is recognised by eIDAS in Europe (and ZertES in Switzerland) as being equivalent to a handwritten signature in court.

Good to know: Electronic signature vs. faxing?

While faxing transmits a physical copy of a document, electronic signatures provide a secure and verifiable method of authenticating electronic documents, supported in part by trust services.

Legal validity of various signatures

According to eIDAS, the legal validity of electronic signatures is divided into three different types: simple electronic signatures (SES), advanced electronic signatures (AES) and qualified electronic signatures (QES), whereby the latter is considered to be the most secure and has the most probative value in court. The QES should always be used if a written form is specified for the document to be signed.

However, simple and advanced signatures are also legally valid in their respective applications, but the simple signature has a higher risk of forgery than the advanced signature.

Overview: eSignature types SES, AES and QES

  • Simple electronic signatures (SES) Signatories are invited and identified by e-mail.
  • Advanced electronic signatures (AES) offer greater security, as the signatories still have to authenticate themselves via SMS code before signing.
  • Qualified electronic signatures (QES) are the most secure form with the highest probative value, signatories identify themselves via e-mail, forgery-proof online ID verification with face scan comparison (EU) and manual agent verification (CH), and are supported by certified trust service providers.

Good to know: Can a scanned signature be sufficient?

A scanned signature may be sufficient in some cases. It is often used and accepted for offers. However, it is merely an image of a signature and therefore does not offer the same security and legal recognition as an electronic signature. In case of doubt, an electronic signature – and in particular a QES – is always preferable as it has greater probative value.

The special features of the qualified electronic signature (QES)

A written form requirement makes the use of QES necessary – this exists, for example, when signing temporary employment contracts or a loan agreement. The qualified electronic signature requires a strict identity check of the signatory as well as the provision of a qualified signature certificate, which must be included in the signature. This certificate can only be issued by an officially recognised trust service provider. There is an official list of qualified trust service providers in Germany. If you need an easy-to-use user interface or workflows such as the initiation of a signature request and an overview of ongoing processes, then the use of an eSignature provider is recommended.

What is a remote signature?

The qualified electronic signature is often used as a remote signature. This form of digital signature facilitates the signing of files and the creation of binding declarations, regardless of the signatory’s location, and plays a decisive role in the digitalisation of business processes.

Remote signature technologies offer a flexible and secure method for signing electronic documents and fulfil the legal requirements for authenticity and probative value. This type of signature is made possible by trust services that operate in accordance with the German Trust Services Act (VDG) and the regulations of the Federal Network Agency. They use special signature cards and signature keys to ensure the identity of the signatory.

The remote signature procedure enables users to sign documents without being physically present. The authenticity of the signature is guaranteed by the certification authority, which is part of the trust services. These authorities use advanced methods of identification and encryption to guarantee the integrity and security of the transaction. The legal effect of remote signatures is ensured by their compliance with the legal forms and requirements laid down in the law and the relevant regulations.

Remote signatures bear the seal of the trust service and correspond to the written form, which increases their legal effect and their acceptance in legal and business transactions.

Fields of application for electronic signatures

Electronic signatures are used in a variety of areas, including contracts, government forms and business transactions, where they increase efficiency and speed up processing. They are also widely used in the HR and recruitment sectors. They can be useful in all industries. Certifaction’s Privacy-First eSignature is used primarily in industries that handle sensitive data, such as healthcare, human resources, finance and education.

Advantages of use and challenges

To summarise briefly, digital signatures have the following advantages:

  • You save the effort and costs of sending contracts by post or travelling in person – up to 50 euros per signature!
  • They enable contracts to be signed within a few minutes and thus significantly reduce waiting times.
  • Electronic documents can be archived much more easily and efficiently than paper.
  • The user experience is better – a major advantage in business with end customers.
  • They can identify signatories beyond doubt and thus make fraud much more difficult.
  • They offer considerably more security than handwritten signatures.
  • They enable the complete digitalisation of your business model.

What do digital signatures look like in use?

Digital signatures are very easy and time-saving to use. The Certifaction user interface, for example, is very intuitive and can be used easily even without prior knowledge.

The process for signing a contract can be summarised quite simply: you add the document and specify who is invited to sign. The invitations to sign are sent out and, in the case of a QES or AES, all signatories are identified electronically before they sign. This whole process usually only takes a few minutes.

Take a look at the linked article for step-by-step instructions on how you can easily sign contracts electronically.

Integration of your own handwritten signature

Incorporating individual signature images, i.e. an image of your own handwriting in documents, can reinforce the impression of authenticity. Many providers offer the option of incorporating your own handwriting into the signature card.

How does the digital signature work technically?

Asymmetric cryptography, also known as public key encryption, is used for qualified electronic signatures (QES). This method uses two keys: a private key, also known as a signature key, and a public key.

The private key is used to sign the hash value (a unique digital fingerprint) of the document. The public key is stored in the certificate and enables authenticity to be verified. The checksum encrypted during signature creation is decrypted and compared with the recalculated hash value of the document.

With remote signatures, the key pairs are generated and managed by the trust service provider (VDA) in a qualified signature creation device (HSM). The VDA ensures that the private key is only accessible to the signatory, which is usually guaranteed by a second security factor. In addition, the VDA is obliged to identify the signatory in a secure procedure in accordance with the ordinance before creating a signature key and to store the identity data.

The choice of provider should be made according to requirements

Not all eSigning providers have the same principles – most of them adequately protect the data of signatories and inviting companies. Some providers offer automated workflows with artificial intelligence, which often also read the content of the documents.

Tip: Make sure your electronic signature is eIDAS-compliant

When choosing a provider, you should make sure that they offer eIDAS-compliant signatures. Also make sure that the signature standard you require can be fulfilled; not all providers have QES in their repertoire, for example.

Digital signatures and data security

Other providers do without the workflows. In contrast, solutions with end-to-end encryption (E2EE) and local data processing promise maximum data security. Your documents are protected by Certifaction’s proven privacy-first approach using zero-knowledge technology. The processing solution is applied locally and the documents never leave your company’s own IT environment. Your data is already encrypted on your end device and transmitted completely end-to-end encrypted. This means that the tool has no insight into your documents and their content and data.

A folder labelled "Confidential", from which documents with text, signatures and an ID card with a male pictogram, lines of text and a barcode are pulled out.

Practical tips

To maximise security, companies should ensure that their systems are up-to-date and that all employees are trained in the secure use of electronic signatures. In addition, you should only choose trustworthy providers that are demonstrably eIDAS-compliant.