An electronic signature is the broad legal concept — any digital indication of intent to sign. A digital signature is a specific technical implementation using cryptographic public-key infrastructure (PKI) certificates. All digital signatures are electronic signatures, but not all electronic signatures are digital signatures.

What is an electronic signature?

An electronic signatureis any electronic process that indicates a person's intent to agree to the contents of a document. The term is intentionally broad because lawmakers around the world — through legislation such as the US ESIGN Act, the EU eIDAS Regulation, and equivalent laws in dozens of other jurisdictions — wanted to ensure that businesses could choose the signing method best suited to their situation without being locked into a single technology.

In practice, an electronic signature might be:

  • A typed name at the end of an email
  • A drawn or stylised signature captured via a touchscreen or mouse
  • A checkbox confirming agreement to terms and conditions
  • A one-time passcode (OTP) sent to a mobile number that the signer enters to confirm their identity
  • A biometric confirmation such as a fingerprint on a smartphone

What makes an electronic signature legally effective is not the technology itself but the evidence of intent. Most modern e-signature platforms strengthen that evidence with an audit trail: a tamper-evident log recording the signer's name, email address, IP address, device type, and a timestamp for every action taken on the document. A SHA-256 hash of the final document is typically stored alongside the audit trail, so any post-signing modification is immediately detectable.

For the vast majority of commercial agreements — employment contracts, NDAs, sales agreements, lease renewals, service orders, and more — an electronic signature with a solid audit trail is fully legally binding and widely accepted by courts and regulators worldwide.

What is a digital signature?

A digital signature is a specific cryptographic mechanism that falls within the broader category of electronic signatures. It uses public-key infrastructure (PKI)to provide a mathematically verifiable link between the signer's identity and the signed document.

Here is how it works at a technical level:

  1. A Certificate Authority (CA)— an independent, accredited organisation — issues the signer a digital certificate. This certificate contains a public key and is cryptographically tied to the signer's verified identity.
  2. The signer holds a corresponding private key, stored securely on a hardware token or in a managed key vault. This private key never leaves the signer's control.
  3. When the signer signs a document, their software uses the private key to generate a unique cryptographic hash of the document's contents. This hash, encrypted with the private key, becomes the digital signature.
  4. Any recipient can use the signer's public key (available from the CA) to decrypt the hash and compare it against a fresh hash of the document. If the two hashes match, the signature is valid and the document has not been altered since it was signed.

Under the EU eIDAS Regulation, digital signatures map to two specific trust levels: Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures(QES). A QES carries the highest legal weight — equivalent to a handwritten signature by law across all EU member states — but requires a qualified certificate issued by an EU Trust List provider and typically involves in-person or video identity verification.

Digital signatures are sometimes called “PKI-based signatures” or “certificate-based signatures.” Adobe Acrobat's blue “signature valid” badge and the green padlock you see in some PDF viewers are visual indicators of an embedded PKI certificate.

Electronic vs digital signature: comparison table

FeatureElectronic SignatureDigital Signature
Legal basisESIGN Act, eIDAS (Simple), country-level e-signature lawseIDAS Advanced / Qualified; sector-specific regulations
Identity verificationName, email, IP address, timestamp audit trailCryptographic PKI certificate issued by accredited CA
Tamper detectionDocument hash stored in audit trailCertificate embedded inside the document itself
Issued byAny e-signature platformAccredited Certificate Authority (CA)
CostFree to low (subscription per document or user)Typically $50–$500+ per certificate annually
Required for90%+ of everyday business documentsRegulated or high-risk documents (QES, FDA CFR Part 11, etc.)
Signer experienceClick, draw, or type — no software install requiredRequires certificate on device or managed signing service
Setup complexityMinutesDays to weeks (CA vetting, certificate provisioning)

When do you need a digital signature instead of an e-signature?

For the vast majority of commercial agreements, a standard electronic signature provides more than sufficient legal standing. However, certain regulated industries and high-stakes document categories genuinely require the stronger guarantees that PKI-based digital signatures provide.

Regulated financial services. Some jurisdictions require qualified electronic signatures for specific financial instruments, brokerage account agreements, or cross-border fund transfers where the eIDAS QES standard is mandated by law.

Government contracts and public procurement. Many government agencies specify QES or AdES under their procurement rules, particularly within the European Union where eIDAS compliance is enforceable.

Pharmaceutical and life sciences compliance.The US FDA's 21 CFR Part 11 regulation governs electronic records and electronic signatures in FDA-regulated industries. While 21 CFR Part 11 does not mandate PKI signatures in all cases, companies typically implement certificate-based signing for GxP-critical records to satisfy audit requirements.

Long-term document archival.Digital signatures with long-term validation (LTV) features — which embed all required certificate chain information inside the PDF — are preferred when documents must remain verifiable for 10, 20, or 30 years, regardless of whether the original CA is still operating.

Tip: If your document type is not listed in a regulation that specifically requires a digital signature or qualified electronic signature, a standard electronic signature is almost certainly sufficient — and considerably faster and cheaper to deploy.

Which one does SignZA use?

SignZA implements electronic signatures with a robust audit trail— the appropriate choice for the overwhelming majority of commercial agreements businesses need to close every day.

Every document signed through SignZA captures:

  • The signer's full name and email address
  • IP address and approximate geolocation at the time of signing
  • Device and browser information
  • A precise UTC timestamp for every signing event
  • A SHA-256 hash of the final signed document, stored independently of the document itself

This audit trail is appended to every completed document as a certificate page and is independently verifiable. If a document were altered after signing, the stored hash would no longer match the document, immediately flagging the tampering.

This approach is appropriate for employment contracts, NDAs, service agreements, lease documents, sales orders, consent forms, and the vast majority of other commercial documents. It balances strong legal enforceability with the frictionless experience that ensures signers actually complete the process.

If your workflow requires qualified electronic signatures or PKI certificate-based signing for a specific regulated use case, please contact us to discuss your requirements.

The one-paragraph distinction, saved for reference:An electronic signature is any digital method of indicating consent — a typed name, a drawn signature, a checkbox, or an OTP confirmation. It is backed by an audit trail recording who signed, when, and from where. A digital signature is a subset of electronic signatures that uses cryptographic PKI certificates: a Certificate Authority verifies the signer's identity, issues a certificate containing a public key, and the signer's private key generates a mathematical proof embedded in the document. The public key lets anyone verify that proof without contacting the signing platform. Digital signatures provide stronger cryptographic guarantees but require more infrastructure and cost. Electronic signatures with good audit trails are legally binding and court- admissible for 90%+ of business documents worldwide. Choose a digital signature only when a specific law or regulation explicitly requires it.

Frequently asked questions

Is a digital signature more legally secure than an electronic signature?

Not necessarily for everyday commercial contracts. Both are legally enforceable under the ESIGN Act, eIDAS, and equivalent laws worldwide. A digital signature provides stronger cryptographicproof of identity — because a CA has independently verified the signer — but courts evaluate intent and context, not just the signing technology. An electronic signature backed by a complete audit trail (IP address, timestamp, email confirmation, document hash) is routinely upheld in commercial litigation. The legal advantage of a digital signature primarily matters in regulated contexts where a specific law mandates it.

Does DocuSign use electronic or digital signatures?

DocuSign primarily uses electronic signatures for its standard products. It does offer PKI-based digital signature options (branded as DocuSign Signature Appliance and its eIDAS-compliant Advanced and Qualified tiers in Europe) at a premium price point. The default DocuSign experience most businesses use is an electronic signature with an audit trail — not a cryptographic PKI digital signature.

Do I need a digital signature for a contract?

For most contracts, no. Standard commercial agreements — employment contracts, service agreements, NDAs, purchase orders, lease renewals — are fully enforceable with electronic signatures in virtually every jurisdiction that has enacted e-signature legislation. Digital signatures become necessary when a specific regulation requires them, such as eIDAS Qualified signatures for certain EU public sector interactions or FDA 21 CFR Part 11 compliance in pharmaceutical settings. When in doubt, consult a legal advisor familiar with your industry and jurisdiction.

Can I verify if a digital signature is authentic?

Yes. Because the Certificate Authority's public key and the signer's public key are mathematically linked and published, anyone can verify a digital signature independently. In Adobe Acrobat, open the Signatures panel and click “Validate All” — Acrobat will confirm whether the certificate chain is trusted and whether the document has been modified since signing. Third-party PDF validators and CA portals also offer independent verification. This is one of the core advantages of PKI: verification does not depend on the signing platform still being in business.