Types of electronic signatures: Use cases and business applications

Without a doubt, electronic signatures have become an essential tool for any company, business or professional. Knowing what the different types of electronic signatures are is essential to be able to correctly use the applications and systems with which to make document signature requests through electronic means. 

Thanks to these systems, companies have obtained great competitive advantages and have taken advantage of all the benefits of making the leap from an antiquated model to a paperless, agile and much more secure and guaranteeing one. Below, we will explain how many types of electronic signatures exist, go into detail about each of them and explore the use cases where they should be applied.

How many types of electronic signatures are there?

Electronic signatures and their different standards are defined by national and international regulations that regulate both their technical characteristics and their use. Each type of electronic signature is designed to meet specific requirements for security, legal validity, and levels of trust in different contexts, use cases, and jurisdictions.

The different types of electronic signatures are the ways in which the identification of the signer, computer security, and evidentiary capacity can be implemented in the digital signature of documents. 

The software tools that offer the possibility of using these standards implement methods to confirm that the person who receives and signs the document is who he/she claims to be, including cryptographic techniques to seal evidence of the entire process (device, methods, dates...) and guarantee non-repudiation with computer techniques for sending through digital channels of all kinds.

Electronic signature types provide varying levels of security. Some types, such as the simple electronic signature, provide basic authentication, while others, such as the qualified electronic signature, provide a higher level of security backed by official bodies and digital certificates issued by trusted certification authorities and supported by public institutions.

The legal validity of a digital signature may vary according to jurisdiction and country-specific laws. Some types of electronic signatures, such as qualified electronic signatures, are supported by specific regulations and legal frameworks that give them stronger legal validity for dealings with the public administration. In contrast, simple electronic signatures may have limited legal recognition or may not be supported by specific regulations.

Confidence in the authenticity and integrity of an electronic signature varies according to the type of signature used. Advanced electronic signatures provide a higher level of confidence due to the use of advanced cryptographic algorithms, making it more difficult to forge or modify the signature.

Depending on the type of electronic signatures, different technologies and systems may be required for their implementation. Some types may require biometric devices or public key infrastructures (PKI) to ensure adequate authentication and security. These implementation requirements may influence the choice of the type of electronic signature according to the capabilities and resources available as well as by the type of operation and its level of risk.

Each type of electronic signature is designed to fit the needs of a specific set of transactions and use cases. For example, simple electronic signatures may be sufficient for informal agreements or personal documents, while biometric advanced electronic signatures are used in legal transactions and notarized documents where full legal validity is required.

In summary, the different types of electronic signatures exist to adapt to different levels of security, legal validity, trust, and implementation requirements. These vary according to the market or country where we are and you should consult with our RegTech electronic signature partner if the solution they are providing complies with industry regulations and is correct for the operations and conditions in which it will be used.

By choosing the right type of electronic signature, the authenticity, integrity and validity of the signed documents can be guaranteed, providing confidence both to the parties involved and to the regulatory authorities, as well as having evidentiary capacity before a court in the event of a dispute.

Types of electronic signatures according to eIDAS

The eIDAS regulation (electronic IDentification, Authentication and trust Services) is the European regulation that sets the standards under which the use of electronic signatures is valid within the EU (the 27 member states of the European Union). This regulation marked a before and after not only in the EU but also in the whole world for its pioneering proposal regarding remote user identification and the guarantees of secure electronic transactions.

All member states of the European Union have transposed the regulation to their national jurisdictions with minimum standards on what eIDAS sets. In this way, a common European framework has been created in which to operate under the same rules and be able to offer services and operate in a market of 500 million people.

Despite the European nature of this regulation, this standard is followed by the authorities of the United Kingdom, Switzerland, and Norway, where eIDAS has been taken as a reference for drafting their own laws addressing the types of electronic signatures and their formal characteristics. Moreover, thanks to its pioneering nature and being one of the first regulations in the world in this regard (and the most complete and detailed to date), eIDAS is used as the reference by all countries in the world to guide the regulation of electronic signatures.

On the other side of the pond, in the United States we must look at the UETA (Uniform Electronic Transactions Act) and E-Sign Act (Electronic Signatures in Global and National Commerce Act). In Latin American countries such as Mexico, the types of electronic signature are regulated by the Federal Commerce Code (which indicates standards practically homologous to those of eIDAS: Simple, Advanced, and Biometric), while in Argentina we find specific Digital Signature laws. Peru also adds the eIDAS specification of unequivocally linking the user's signature to the document and defines as a digital signature the previous typology but including symmetric cryptographic techniques.

eIDAS marks three types of electronic signature: Simple, Advanced, and Qualified. These types of digital signatures are defined in the regulation and in the laws and regulations that have transposed it under a series of minimum requirements to be considered as such, and each one has a different legal implication, evidentiary capacity, and formal purpose.

For their part, the best qualified QTSP and RegTech partners have decided to offer a wide variety of digital signature types to not only comply with these standards but to expand their capabilities and be useful in all kinds of circumstances according to the nature and needs of the operations and business activity of all industries. Below, we list and explain in detail all types of electronic signatures:

Simple electronic signature

The simple electronic signature (SES) is a type of digital signature that can be used to sign electronic documents. It is the most basic type of electronic signature recognized by eIDAS and is used to verify the signer's identity and ensure the integrity of the document. SES is based on the authenticity of the signatory, which can be verified by comparing the signature with the signatory's basic identification data.

It is commonly used in low-risk cases, such as signing service contracts, non-disclosure agreements, or accepting terms and conditions of websites. It is considered a form of digital signature that is not as secure as other electronic signature formats, but is suitable for minor documents.

An example of the use of the simple electronic signature type is in the facility services sector. It can be used to request and approve vacation days, accept GDPR conditions or send simple notes or invitations to events. It is important to note that the simple electronic signature is regulated by specific laws in each country that define its use and legal validity although it does not provide legal support for medium or high-risk operations. In some countries, the SES can be used in legal processes, while in others it can only be used in minor cases, the latter being the case in Europe and America.

Single signature with double factor

The simple signature with double factor is a type of digital signature that includes authentication options for the signer through OTP passwords with time stamp. It is based on the previous standard (the simple electronic signature), but applies a series of additional tools to ensure greater confidence in certain transactions.

Its use is indicated in very low-risk operations but where the identification of the signer can be key in case of a dispute. It can be used to sign emails or low-level notarial documents, to log in to apps or web platforms, as an access control pin to sensitive facilities or to validate the inventory of a holiday apartment when a real estate agent is not present.

Simple certified electronic signature

Like the previous type of digital signature, this format adapts the simple electronic signature and includes the insertion of time stamps in various parts of the signing process in addition to a usable digital certificate. The main difference with the two-factor type is that it uses a digital certificate instead of the OTP key to add that extra guarantee of identity verification of the signer.

Like all types of electronic signatures based on digital certificates, it is especially useful for procedures with public administrations or counterpart institutions. Use cases such as submitting a university registration form, making donations to an NGO, or signing a medical informed consent form in the public health system stand out.

SMS OTP signature

This variant of the simple two-factor signature relies on a telephone line registered in the signatory's name. It is simple and traceable by the authorities, including controls based on telephone operator checks. In this type of digital signature, an OTP code is sent in a certified form to the signatory's MSISDN device.

The security of this electronic signature format is considered high, so it enables low-risk banking transactions standardized under PSD2 standards and also allows secure access according to SCA (Strong Customer Authentication) standards. In a banking app, it would be used to change personal data such as address or other simple data, and in SaaS platforms, it is used to register new users securely when a contracting process is not going to be carried out, where in such circumstances more secure formats are recommended, as we will see below.

Advanced Electronic Signature

The Advanced Electronic Signature (AES) is an electronic signature method that complies with the legal requirements established in the eIDAS Regulation in the European Union. It is a reliable and versatile mechanism to guarantee the authenticity and integrity of electronic documents and messages.

The advanced electronic signature is linked to the signer's identity and allows for verifying its authenticity. Although the intervention of a Certification Authority (CA) is not required to issue digital certificates, it is still necessary to have reliable means to ensure the signer's identity.

This type of electronic signature ensures the integrity of the signed document or message, which means that any changes made to the content after the signature will be detected. It also provides a level of non-repudiation that makes it difficult for the signer to deny having received and/or signed the document. It is essential for use cases such as:

• Contracts and commercial agreements: The advanced electronic signature is used in the signing of contracts and commercial agreements, both in business-to-business transactions and in interactions with customers. It streamlines processes, reduces the need for paper documents, and improves efficiency.
• Financial transactions: This type of digital signature is used in the financial field for signing documents related to loans, investment agreements, and banking transactions. It facilitates secure and efficient electronic transactions, saving time and resources.
• Public administration: AES is applied in interactions between citizens and government agencies, enabling the electronic submission of documents, formalities, and declarations. It simplifies administrative procedures and improves the efficiency of the public sector.

Advanced Biometric Signature

The advanced biometric signature is a versatile and secure solution that includes the reliable identification of the signer under very exhaustive technical standards defined by eIDAS regulations. It is a variant of the previous type of electronic signature that implements the uploading of patterns and biometric information of the user locally to encrypt private keys with custody at the official site.

It includes a full fingerprint and end-to-end traceability of the entire process. By using biometric identification techniques to support the identification of the parties, it generates an unequivocal link of the signer's identity to the document, providing truly superior evidentiary guarantees.

It can be used for such purposes as contracting travel insurance, carrying out certain bureaucratic procedures both in public institutions and with private companies, as well as the purchase and sale of real estate. On numerous occasions, it has been used with great success for the approval of projects between companies.

SMS OTP Certificate Signatures

This variant of the certificate signature and authentication method through SMS OTP is a perfect option for signing contracts in commercial processes that have operational implications. It has full legal support by working with digital certificates officially recognized and endorsed in more than 50 countries.

A very useful use case is the contracting of services (telco, utilities, BFSI...) remotely through the telephone channel (call-center sales). It allows you to request payments quickly and to send forms to request vehicle rental (including insurance that accompanies this service). It is very simple and has one of the best backup agility ratios.

Advanced Biometric Certified Signature

As far as electronic signatures are concerned, this is the most complete method that can be offered. With reliable and unequivocal identification of the signer and backed by the most demanding regulations in force, it is the preferred option for banking institutions. Indicated for the highest risk levels, it includes key features such as time stamps at all stages, advanced biometric patterns, encryption and the use of digital certificates.

Certificates can be official electronic or single-use, with the highest probative value and recognized by courts in jurisdictions of all continents as they far exceed the minimum required by the most demanding regulations. 

It is used to contract a home insurance policy remotely or in person, for postulation and arbitration procedures or the signing of SEPA mandates.

Advanced Biometric Certified eSignatures with KYC

This procedure is not really a type of electronic signature, it is the fusion of the electronic signature together with the Know Your Customer standard. A KYC identity verification process is performed under AML6 and eIDAS standards validated by Tecalis as QTSP (Trusted Third Party), with active and passive proof of life and reliable validation of documentation (KYB techniques can be included not only for validation of identity documentation but also official documents of the public administration or other commercial documents with evidentiary validity). 

All this is done in an absolutely agile and simple way, taking no more than 2 minutes for the user, and is integrated and sealed together in the final audit report together with the biometric advanced electronic signature. A single package certified by a Qualified Trust Services Provider that includes the highest capacity of identity and documentation verification together with the most secure electronic signature.

The KYC standard is widely recognized around the world and is recommended by institutions such as the FATF-FATF. This process is suitable for remote bank account openings, high-level international agreements, acquisitions, and B2B operations of any risk level and instant online customer registration with immediate activation of services thanks to the dozens of anti-fraud and AML controls performed. With full legal support and no risk for any of the parties involved.

Qualified Electronic Signature (QES)

The Qualified Electronic Signature (QES) is the highest level of electronic signature recognized and regulated by the EU eIDAS Regulation. The qualified electronic signature is suitable for transactions with the public administration.

It is uniquely linked to the identity of the signatory with a qualified certificate issued by official electronic means and a certification authority and is used to verify its authenticity. The qualified electronic signature is based on a trusted public key infrastructure (PKI). This infrastructure includes the issuance and management of qualified certificates, which are generated and stored securely.

The qualified electronic signature uses advanced cryptographic techniques to guarantee the integrity and confidentiality of the signed documents. The signer's identity is established through a qualified certificate issued by a Certification Authority accredited by the institutions. The privacy of the keys and the authenticity of the signatures are protected through the use of qualified certificates and strong cryptographic algorithms.

The qualified electronic signature is applied in interactions between citizens and government agencies in the submission of electronic applications, formalities and declarations. It facilitates interoperability and efficiency in administrative processes such as applying for competitive public jobs, paying taxes or submitting government reports to various state and regional administrations.

According to a report by the European Commission, the use of qualified electronic signatures in Europe has increased significantly in recent years, with more than 68 million electronic transactions carried out using qualified electronic signatures in 2019.

In healthcare, qualified electronic signatures are used to guarantee the authenticity and integrity of electronic medical data, and it is estimated that they can save up to 1.4 million working hours in the European healthcare sector per year, according to a study by the European Commission.

What types of digital signatures to use

A market study by Allied Market Research forecasts that the global e-signature market will grow at a compound annual growth rate of 24.6% between 2021 and 2028, driven by the adoption of qualified e-signatures in various industries.

In the financial sector, it is estimated that the adoption of qualified electronic signatures can reduce processing costs by 80% and cut turnaround times from days to minutes, according to a PwC report.

The types of electronic signatures to be used will depend on the operation to be carried out, the needs of the industry to which the business belongs, and the market and legal framework of the location or locations where these operations are carried out.

Choosing an e-signature solution with all types of electronic signatures

It should be noted that many of the online signature solutions presented on Internet websites do not comply with any of the previous types of digital signatures that we have described. They are web tools that only insert the signature as an image in a document of various formats, something that neither performs cryptographic controls to prevent the alteration of the information in the document nor in any way links the identity of the signer to it.

When making the decision to choose a suitable electronic signature solution, we must take into account:

1. Security: Make sure that the electronic signature tool guarantees high levels of computer and data security, in addition to those aspects related to the formal exercise of the formats and types of digital signatures. Verify if it uses robust cryptographic algorithms, such as RSA or ECC, to protect the integrity of the signed documents. It also verifies how the users' private keys are handled and protected during the signing process.
2. Regulatory compliance: Verify that the tool complies with the relevant legal regulations and standards in your jurisdiction or those in which you provide services. Confirm that the tool is aligned with the guidelines set by regulatory bodies, such as the eIDAS Regulation in the European Union or local e-signature laws.
3. Integrations and compatibility: Evaluate the tool's ability to integrate with your existing systems. Check if it offers support for a wide range of document formats, such as PDF, Word, or any other format used in your workflow.
4. User experience and functionality: Consider ease of use for both signers and administrators. Check if the tool provides an intuitive and customizable interface, and if it includes clear guides to facilitate the e-signing process. Keep in mind that it should be updated and grow with your business as well as incorporate basic functions such as envelopes, templates, and other essential tools for daily work with e-signature-type tools like these.
5. Verification and auditing: Ensure that the tool provides electronic signature verification mechanisms, identity assurance with document validation, and auditing options to track and audit transactions. This is especially relevant when detailed tracking of e-signature activities is required or in highly regulated industries such as BFSI, telecom, or utilities.
6. Technical support and customer service: Evaluates the quality and availability of technical support and customer service offered by the supplier of the electronic signature tool. Check if they are available to solve technical problems or doubts related to the implementation and use of the tool by asking about the SLA levels offered according to the contracted plan.
7. Price: Consider the pricing model of the tool, including the costs associated with the number of users, volume of transactions, or any additional features required. Be sure to evaluate the price in relation to the value and benefits the tool provides versus other similar tools.

Tags