How to choose what kind of electronic signatures to use

Electronic signatures are necessary for digitalization, and they can save you time and money, as well as increase your competitiveness. “But before you get going with e-signing, it’s very important to investigate what kind of e-signatures you need to ensure compliance with current and future regulations,” says Stefan Runneberger, expert on public information infrastructure at identity and security company Nexus Group.

An electronic signature is data in electronic form, which is logically associated with other data in electronic form, and which is used by the signatory to sign.

Download checklist: 6 crucial considerations when choosing an e-signature solution

Different regulations around the world

“The electronic signature has the same legal standing as a handwritten signature if it adheres to the requirements of the specific regulation under which it was created,” says Runneberger.

Different parts of the world have their own regulations in this area. For example, the EU has the eIDAS (Electronic Identification, Authentication and Trust Services) regulation, the USA has NIST-DSS (National Institute of Standards and Technology’s Digital Signature Standard), and Switzerland has ZertES.

Advanced e-signatures often sufficient

According to eIDAS, an advanced electronic signature (AdES):

  • is uniquely linked to and capable of identifying the signatory,
  • is created in a way that allows the signatory to retain control,
  • is linked to the document in a way that any subsequent change of the data is detectable.

“Most jurisdictions have similar requirements on e-signatures if they are to be considered advanced. This kind of signature is considered sufficient for many scenarios in most jurisdictions,” says Runneberger.

A range of different signing methods

There are a lot of different e-signature solutions available on the market, based on a range of different signing methods: from simply pasting an image of a handwritten signature on the electronic document, to using a so-called public key infrastructure (PKI) and a cryptographic mechanism called digital signature. The latter is the most common method for creating advanced electronic signatures.

The following standards are defined by the European Telecommunications Standards Institute (ETSI) for signing PDF and XML formatted documents:

  • PAdES (PDF Advanced Electronic Signatures).
  • XAdES (XML Advanced Electronic Signatures).

Five other crucial considerations

“It is important that you make sure that the e-signature solution you choose can create the type of electronic signatures you need for your specific use cases to ensure compliance with current and future regulations in the regions where you operate,” says Runneberger.