Every day, hundreds of millions of documents are exchanged in Europe that require some form of signature. Lease agreements, employment contracts, NDAs, purchase orders, customer onboarding — all of them traditionally required a physical signature. Today, there is a digital equivalent that is legally valid, technically secure and far more efficient.
But what exactly is an electronic signature? And how does it differ from simply "drawing your name on screen"?
Definition
According to Article 3(10) of Regulation (EU) No 910/2014 (eIDAS), an electronic signature is:
"data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign."
This is a deliberately broad definition that encompasses everything from a typed name at the bottom of an email to a certificate-based cryptographic signature embedded in a PDF. The regulation then differentiates three levels with progressively greater technical requirements and legal presumptions.
The three types of electronic signature
1. Simple Electronic Signature (SES)
The broadest and least technically constrained type. Examples include:
- Clicking "I accept" in an online form.
- A scanned image of a handwritten signature inserted into a document.
- Typing your name at the end of an email.
- A biometric signature drawn on a tablet.
Legal weight: Admissible as evidence, but the burden of proving authenticity and document integrity rests with the party relying on it. Suitable for low-risk consents, newsletter opt-ins and internal approvals.
2. Advanced Electronic Signature (AES)
The AES meets the requirements of Article 26 eIDAS:
- Uniquely linked to the signatory.
- Capable of identifying the signatory.
- Created using data under the signatory's sole control (i.e. a private key only they control).
- Detects any subsequent changes — if the document is modified after signing, the signature is invalidated.
AES uses asymmetric cryptography (PKI): the signatory's private key encrypts a cryptographic hash of the document. Anyone can verify the signature using the public key without knowing the private key.
Legal weight: High. The technical guarantees make it very hard to contest in court. Suitable for employment contracts, NDAs, commercial agreements, lease agreements.
3. Qualified Electronic Signature (QES)
The QES is an AES created with a qualified electronic signature creation device (QSCD) and based on a qualified certificate from a Trust Service Provider (TSP) listed on the EU Trusted List.
Legal weight: Under Article 25(2) eIDAS, a QES has the legal equivalent of a handwritten signature across the entire EU. It is the only type that carries this statutory equivalence.
How does an advanced electronic signature actually work?
Under the hood, the AES uses asymmetric cryptography — the same technology that secures TLS/HTTPS on the internet.
Step 1: Generate the document fingerprint
Before signing, the software calculates the SHA-256 hash of the document — a 64-character hexadecimal string that uniquely represents the document's content. Change a single character and the hash is completely different.
Step 2: Encrypt the hash with the private key
The hash is encrypted with the signatory's private key. The result is the digital signature — a string of bytes that is attached to the document.
Step 3: Attach the public certificate
The signatory's public certificate (which contains their identity and public key) is also attached to the document. This allows anyone to verify the signature without needing to contact the signatory.
Step 4: Add the RFC 3161 timestamp
A Time Stamping Authority (TSA) certifies the exact date and time at which the document was signed. This timestamp is sealed with the TSA's own certificate and is irrefutable — even if the signing certificate later expires, the signature remains valid for the moment it was applied.
Step 5: Verification
To verify the signature, the verifier:
- Decrypts the attached signature using the public key.
- Independently calculates the hash of the document.
- Compares both hashes. If they match: the signature is valid and the document is intact.
Legal validity in Europe
The eIDAS Regulation applies directly in all 27 EU member states since 1 July 2016. Key principles:
- Technology neutrality: A document cannot be rejected in legal proceedings solely because it is signed electronically (Article 25(1) eIDAS).
- Non-discrimination: Electronic signatures have the same legal effect as handwritten signatures when used appropriately for the document type.
- Cross-border validity: An advanced signature made in any EU member state is recognised in all others.
For most commercial and employment contracts, an AES is sufficient and provides strong legal protection. For acts requiring notarial form (certain real estate transactions, company incorporations in some jurisdictions, wills) you should seek specific legal advice.
What electronic signatures are NOT
To avoid confusion, here is what does not constitute a legally strong electronic signature:
| Method | What it is | Legal strength | |---|---|---| | Scanned handwritten signature inserted as image | Digitised signature | SES — low | | Drawing your signature with a mouse/touch on screen | Biometric SES | SES — low | | Typed name at end of email | SES | SES — low | | PDF "annotated" with Adobe Reader (no certificate) | Not a formal signature | Minimal | | AES with PKI and RFC 3161 audit trail | Advanced Electronic Signature | AES — high | | QES from EU Trust List TSP | Qualified Electronic Signature | QES — equivalent to handwritten |
Conclusion
An electronic signature is not simply "signing on screen". At its most basic it is any digital indicator of consent; at its most robust it is a PKI-based, certificate-backed, timestamp-sealed cryptographic binding of a signer's identity to a specific document state at a specific moment in time.
For businesses, the practical answer is: use an Advanced Electronic Signature (AES) platform for your contracts. This is what SignDeal provides — without requiring signers to have their own certificates, install software or navigate complex technical processes.
Also read: Is electronic signature legal in Europe? · How to sign a PDF electronically