Electronic Signature Explained: Difference Between Digital Signature and Electronic Signature
Electronic Signature Explained: Difference Between Digital Signature and Electronic Signature
Marie-Claire D., legal director of a Parisian startup, thought she was saving money by signing her contracts with a simple image of her scanned signature. Until the day a supplier contested a €50,000 agreement, arguing that this "signature" had no legal value. Six months of legal battle later, she understood the crucial difference between placing an image and electronically signing a document.
This confusion between electronic signature and simple digitized image costs French companies millions of euros each year. Yet since the European eIDAS regulation of 2016, the legal framework is clear: not all electronic signatures are equal. Between simple, advanced, and qualified signatures, between digital certificate and simple scan, the technical and legal differences determine the validity of your digital commitments.
Table of Contents
- Electronic signature vs digital signature: essential basics
- The three signature levels according to eIDAS
- Digital certificate: your cryptographic identity
- Legal value: what the law really says
- How to recognize a true secure signature
- Conclusion: choose the right signature for your needs
- FAQ - Electronic and digital signatures
Electronic signature vs digital signature: essential basics
Let's start by dispelling the main confusion: electronic signature and digital signature are not synonyms, even though these terms are often used interchangeably.
The electronic signature is the generic term designating any form of signature performed electronically. This encompasses everything from simple "I accept" clicks to the most sophisticated cryptographic signature. It's the digital equivalent of your handwritten signature, with the objective of expressing your consent or commitment.
The digital signature, it specifically designates a cryptographic technique using mathematical algorithms and digital certificates. It guarantees not only the signatory's identity but also document integrity: any modification after signature will be detected. It's the most secure form of electronic signature.
"Confusing electronic signature and digital signature is like confusing vehicle and car. Every digital signature is electronic, but every electronic signature is not digital," explains Thomas Renault, cryptography expert at CertEurope.
This distinction is not just academic. According to a study by the Federation of Trust Service Providers (2024), 43% of digital contractual disputes stem from ignorance of the signature type used and its real legal value.
The three signature levels according to eIDAS
The European eIDAS regulation (Electronic Identification, Authentication and trust Services), which entered into force in July 2016, harmonizes recognition of electronic signatures throughout the European Union. It defines three signature levels, each offering a different degree of security and legal recognition.
Simple electronic signature
This is the basic level, most used daily. It can take various forms:
- A checked box "I accept the terms"
- A name typed in a form field
- A scanned signature image
- A drawing made with finger on touchscreen
- A PIN code or SMS validation
Legal value: Recognized but easily contestable. The signatory can deny being the signature's author, and it's up to the recipient to prove otherwise.
Advanced electronic signature
More robust, it must meet four strict criteria:
- Be uniquely linked to the signatory (unique identification)
- Allow formal identification of the signatory
- Be created by means under the signatory's exclusive control
- Guarantee document integrity (any modification is detectable)
It generally uses a digital certificate issued by a recognized Certification Authority, with a pair of cryptographic keys (public/private).
Legal value: Presumption of reliability. In case of dispute, the burden of proof is reversed: it's up to the challenger to prove the signature is not valid.
Qualified electronic signature
The ultimate security level. It combines:
- A qualified certificate issued by a Qualified Trust Service Provider (QTSP)
- A qualified signature creation device (QSCD) like a cryptographic USB key or smart card
- Face-to-face identity verification or equivalent
Legal value: Total equivalence with handwritten signature in all EU countries. Incontestable except proven fraud.
"A qualified signature costs between €50 and €200 per year, but for notarized acts or high-stakes contracts, it's a minimal investment compared to the risks," specifies Maître Sophie Dubois, lawyer specializing in digital law.
Digital certificate: your cryptographic identity
At the heart of digital signature lies the digital certificate, a true electronic identity card. But what exactly is a certificate, and why is it so important?
Anatomy of a digital certificate
A certificate contains:
- Your identity: name, first name, organization, email address
- Your public key: used to verify your signatures
- The issuing authority: who guarantees your identity
- The validity period: generally 1 to 3 years
- A unique serial number
- The digital fingerprint: signature of the certification authority
The principle of asymmetric cryptography
The magic operates thanks to two mathematically linked keys:
- The private key: kept secret, it serves to sign
- The public key: freely distributed, it allows verifying the signature
When you sign a document, your private key generates a unique fingerprint. Anyone possessing your public key (contained in the certificate) can verify that this fingerprint really comes from you and that the document has not been modified.
Recognized Certification Authorities
In France and Europe, several organizations issue recognized certificates:
- CertEurope (France)
- Universign (France)
- DocuSign (International)
- Adobe Trust Services (International)
- Certigna (La Poste)
For qualified certificates, consult the official list on ANSSI's website (National Agency for Information Systems Security).
"A self-signed certificate created with OpenSSL has no legal value. It's like printing your own identity card: technically possible, legally invalid," reminds Jean-Marc Levy, PKI manager at Orange Business Services.
Legal value: what the law really says
Legal recognition of electronic signatures varies by jurisdiction, but converges toward increasing acceptance.
In Europe: the eIDAS regulation
Since 2016, eIDAS harmonizes recognition:
- Article 25: "An electronic signature shall not be denied legal effect solely on the grounds that it is in an electronic form"
- Cross-border recognition: a French qualified signature is valid throughout the EU
- Regulated sectors: some acts still require a qualified signature (authentic acts, real estate transfers)
In France: Civil Code adaptation
Article 1367 of the Civil Code stipulates: "An electronic signature has the same probative force as a handwritten signature provided that the person from whom it emanates can be duly identified and that it is established and retained under conditions that guarantee its integrity."
Notable exceptions where handwritten signature remains mandatory:
- Private deeds relating to family law
- Acts relating to personal or real security of civil nature
- Certain real estate transfer acts
Recent French case law
Court of Cassation ruling (2023): validation of dismissal notified by electronic registered letter with advanced signature.
Paris Commercial Court (2024): rejection of commercial contract signed with simple scanned image, for lack of guarantee on signatory's identity.
Worldwide
- United States: ESIGN Act and UETA broadly recognize electronic signatures
- China: Electronic Signature Law since 2005, recently strengthened
- United Kingdom: Electronic Communications Act, aligned with eIDAS despite Brexit
How to recognize a true secure signature
Faced with an electronically signed document, how to distinguish a true secure signature from a simple image? Here are the infallible clues.
Visual indicators
In Adobe Acrobat Reader:
- ✅ Blue or green banner: valid and certified signature
- ⚠️ Yellow banner: valid signature but unverified certificate
- ❌ Red banner: invalid signature or modified document
The signatures panel displays:
- The signatory's identity
- The certification authority
- The date and time of signature (timestamp)
- The validation status
Metadata to verify
- Right-click on signature → Signature properties
- Check:
- The certificate and its chain of trust
- The hash algorithm (SHA-256 minimum)
- The timestamp (certified timestamping)
- Document permissions (modifications prohibited)
Pitfalls to avoid
The image that looks like a stamp: a simple PNG image of a stamp has no value, even if it looks official.
The "flattened" PDF: some PDF editors allow flattening layers, making an image inseparable from the document. This does not create a valid signature.
Self-certification: a document can be "certified" by its creator without external signature. This certification only has value if the issuer is recognized.
"90% of the 'signatures' we see in judicial expertise are simple images. People think if it looks like a signature, it is one," deplores Alexandre Martin, judicial computer expert.
Verification tools
- DSS (Digital Signature Service): free tool from the European Commission
- ValidSign: online verification of eIDAS signatures
- Adobe Acrobat Reader: automatic validation of standard signatures
- SignatureValidator: browser extension for web documents
Conclusion: choose the right signature for your needs
Electronic signature is no longer the future: it's the present. But as Marie-Claire learned in our introduction, not all signatures are equal. Between simple scanned image with no legal value and qualified signature equivalent to notarized act, the spectrum is wide.
For your daily low-stakes documents, a simple electronic signature suffices. For your commercial contracts and important documents, opt for an advanced signature with certificate. For acts with high legal or regulatory value, invest in a qualified signature.
The cost of a secure signature (€50 to €200/year for a qualified certificate) is minimal compared to legal risks of a contested signature. In our digital economy, where dematerialized exchanges are the norm, mastering electronic signature subtleties is no longer optional: it's a fundamental professional skill.
Remember: a signature is not just an image, it's a commitment. Ensure it lives up to your responsibilities.
FAQ - Electronic and digital signatures
Is a simple electronic signature legally valid? Yes, it has legal value since the law of March 13, 2000. However, in case of challenge, it's up to you to prove the signatory's identity and document integrity. For important stakes, prefer an advanced or qualified signature.
Can I create my own digital certificate? Technically yes, but it will have no legal value. A certificate must be issued by a recognized Certification Authority to have legal value. Self-signed certificates only serve technical tests.
What is the difference between DocuSign, Adobe Sign, and other platforms? These platforms are Trust Service Providers that facilitate the signature process. They can offer all three signature levels (simple, advanced, qualified) depending on your subscription. The difference lies in ergonomics, price, and ancillary features (workflow, archiving).
Can an electronically signed document be modified after signature? With a digital signature (advanced or qualified), no. Any modification automatically invalidates the signature. This is actually one of the major advantages: document integrity is mathematically guaranteed.
Is electronic signature recognized internationally? Qualified eIDAS signature is recognized in all 27 EU countries. For other countries, check bilateral agreements and local legislation. The United States broadly recognizes electronic signatures via the ESIGN Act.
Secondary SEO Keywords
- qualified electronic certificate
- eIDAS signature France
- PDF signature validation
- asymmetric cryptography
- qualified trust provider
- certified timestamping
- PKI public key infrastructure
- digitized handwritten signature