The confusion between "electronic signature" and "digital signature" is so widespread that even some legal templates use them interchangeably. They are not the same thing. One is a legal category broad enough to cover almost any digital indication of consent; the other is a specific cryptographic technique with mathematical guarantees about who signed and whether the document was tampered with afterwards.
For most everyday signing, the difference doesn't matter — both will hold up. For some specific situations (qualified EU signatures, certain corporate filings, code signing), the difference matters a great deal. This article explains both clearly enough that you'll know which one you're using and which one you actually need.
The definitions, properly
An electronic signature is any electronic data attached to or logically associated with other electronic data, used by the signer to indicate consent or assent. This is intentionally broad. It includes:
- A name typed at the end of an email.
- A drawn signature on a PDF.
- Clicking "I agree" on a website.
- An image of a signature inserted into a document.
- A cryptographically backed signature using PKI (yes — a digital signature is also an electronic signature).
A digital signature is a specific technical implementation: a cryptographic operation that uses asymmetric encryption (typically RSA, ECDSA, or similar) to create a signature that is mathematically tied to both the signer's private key and the contents of the signed document. Verifying a digital signature requires the corresponding public key, often packaged into a certificate issued by a trusted certificate authority.
The relationship: every digital signature is an electronic signature, but most electronic signatures are not digital signatures. It's the same relationship as "every Labrador is a dog, but not every dog is a Labrador."
What electronic signatures actually are
The legal frameworks that recognise electronic signatures — the US ESIGN Act, the UK Electronic Communications Act, EU eIDAS, India's IT Act, and others — generally define them around intent, not technology. The key requirement is that the signer intended to sign, and that intent can be reasonably attributed to them.
That's why a name typed at the bottom of an email can legally be a signature: the typist intended to indicate consent, and the email address gives some attribution. It's not a strong attribution — anyone with access to the account could have typed it — but it's enough for many ordinary contracts.
The same logic applies to a drawn signature on a PDF: the act of drawing, in the context of an agreement, indicates consent. The drawing itself can be reproduced or faked, but the surrounding context (when, where, in response to what) typically makes the attribution credible enough for most purposes.
Electronic signatures are widely accepted because they reflect how business actually happens. People email contracts and sign them; they don't typically have a certificate authority involved. Insisting on cryptographic proof for every contract would grind commerce to a halt.
What digital signatures actually are
A digital signature has different goals. It tries to provide:
- Authentication. Proof that the signature was made by someone who controls the private key associated with the certificate.
- Integrity. Cryptographic guarantee that the signed content hasn't been altered since signing — any tampering would invalidate the signature mathematically.
- Non-repudiation. Difficulty for the signer to later claim they didn't sign, since signing required possession of their private key.
The mechanics: the signing software computes a cryptographic hash of the document, then encrypts that hash with the signer's private key. The result is the digital signature. Anyone with the public key can decrypt the signature, recompute the hash, and verify the two match — proving that whoever signed had the private key, and that the document is unchanged.
The private key needs to come from somewhere. For ordinary email-style scenarios, S/MIME certificates from public CAs work. For higher-trust use cases (qualified electronic signatures in the EU, regulated industries, government work), the certificate comes from a "qualified trust service provider" with strict identity-verification requirements — sometimes requiring an in-person identity check or a notarised document.
The three eIDAS tiers
The European Union's eIDAS regulation provides the clearest framework for thinking about signature tiers. Most other jurisdictions broadly map to similar levels.
| Tier | What it is | Typical use |
|---|---|---|
| Simple electronic signature (SES) | Any electronic data attached to indicate consent. No specific technology required. | Routine contracts, agreements, terms of service. |
| Advanced electronic signature (AES) | An electronic signature that is uniquely linked to the signer, identifies them, is created using means under their sole control, and is linked to the data such that any change is detectable. Usually means PKI with some identity binding. | Higher-stakes contracts, employment documents, corporate agreements. |
| Qualified electronic signature (QES) | An AES created with a "qualified signature creation device" and based on a "qualified certificate" from a qualified trust service provider. The strongest legal standard — equivalent to a handwritten signature throughout the EU. | Court filings, real-estate transfers, certain government documents. |
A drawn signature on a PDF is a simple electronic signature. A PDF signed with a personal certificate stored in your local keystore is typically an advanced electronic signature. A PDF signed using a hardware token issued by an EU qualified trust service provider is a qualified electronic signature.
Side-by-side comparison
| Electronic signature | Digital signature | |
|---|---|---|
| Scope | Legal category | Specific cryptographic technique |
| Technology required | Any — none specified | Public-key cryptography (PKI) |
| Identity binding | Contextual (often weak) | Cryptographic, via certificates |
| Tamper detection | None inherent — depends on storage | Built in — any change breaks the signature |
| Repudiation | Possible — signer can claim it wasn't them | Difficult — required possession of private key |
| Cost to produce | Free | From free (self-signed) to several hundred euros (qualified) |
| Recognised in most jurisdictions | Yes, for most contracts | Yes, often with elevated legal weight |
Which one do you need?
For most situations, an electronic signature is enough. A drawn or typed signature on a PDF, in the context of an agreement both parties intend to honour, has been valid in court in every jurisdiction that has tested the question.
You probably need a digital signature (or at least a qualified electronic signature) when:
- The law specifically requires it. Some EU and EEA government processes only accept QES.
- A counterparty specifically requires it. Some large corporates, certain regulators, and some banks require PKI-backed signatures for specific documents.
- The document needs to be defensible against future repudiation. High-value contracts, certain types of authorisation, IP transfers — where the cost of an "I never signed that" challenge is high.
- Tamper detection matters. If the document might be challenged based on whether something was added or changed after signing, the cryptographic integrity check matters.
- You're signing software or code. Code signing (used to verify executable authenticity) is a specific application of digital signatures, separate from document signing.
For everything else — sales contracts, NDAs, employment offers, leases, loan applications, vendor agreements, tax forms — a regular electronic signature is what's used in practice, and what's legally sufficient.
Which one esignmypdf produces
The signing tool on this site produces simple electronic signatures. When you draw or type your name and place it on a PDF, what gets embedded is a graphical representation of your signature — the strokes you drew, or the text you typed, rendered as a PDF annotation.
What we don't do (and don't claim to do):
- We don't issue certificates. There's no identity verification, no trust authority.
- We don't cryptographically sign the PDF using your private key.
- We don't tamper-proof the document — someone could alter it after you sign, and the alteration would not be cryptographically detectable.
This is appropriate for most everyday signing — the same level of evidence you'd have with a printed-then-scanned signed contract, with the added convenience of digital workflow. It's not appropriate for high-stakes documents that require a qualified or advanced signature. For those, you'll want a tool that integrates with a certificate authority, or a service that issues certified signatures backed by identity verification.
Sign a PDF the simple way.
Free, in your browser. Right for most everyday signing.
Common questions
Are DocuSign and Adobe Sign electronic or digital signatures?
They produce both, depending on the tier of service. Their basic plans produce electronic signatures with associated audit trails (timestamps, IP addresses, identity verification through email). Their higher tiers can produce advanced or qualified electronic signatures using PKI certificates.
Can I add a cryptographic signature to a PDF myself?
Yes, with a few extra steps. You'd need a personal certificate (free self-signed or from a paid CA), software that can sign PDFs with that certificate (Adobe Acrobat Reader can do this), and the recipient needs to be willing to trust your certificate. For everyday use the friction is high; for organisations with a PKI in place it's routine.
Is a wet signature still worth more than an electronic one in court?
Generally no, in most modern jurisdictions. Courts have ruled repeatedly that electronic signatures (when properly contextualised) have the same legal effect as wet ones. There are exceptions for specific document types (wills in some jurisdictions, real-estate transfers in some, court documents in some). Outside those exceptions, an e-signature is fully enforceable.
What's a "biometric signature"?
A signature drawn on a touchscreen where the device captures additional data — pressure, stroke speed, acceleration. The captured data can be used to authenticate the signer later. Specialised hardware (like at retail signing pads) sometimes does this. Browser-based tools generally don't capture biometrics, just the visible drawing.
What about blockchain signatures or NFT signatures?
These exist but are not yet broadly recognised in mainstream legal frameworks. A blockchain-anchored signature has interesting properties (public verifiability, immutability of the signing record), but is not what regulators have built their frameworks around. For now, treat them as a curious experiment rather than a working solution for typical document signing.
For when an electronic signature is acceptable (which is most of the time), open the signer and finish your document in under a minute.