A vendor's compliance form asks if you use 'digital signatures' on contracts. You say yes — you e-sign in Flint. The vendor follows up: 'No, *digital* signatures, with a certificate'. There's a real distinction here.
Electronic signature: the umbrella term
An electronic signature is any electronic indication of intent to sign — typed name, drawn signature, clicked accept button, biometric authentication, certificate-based mark. It's the legal category defined by ESIGN, UETA and eIDAS.
Most everyday signing uses electronic signatures at the basic (SES) level. Legally binding for the vast majority of contracts.
Digital signature: the cryptographic technique
A digital signature is a specific cryptographic operation: the signer's private key generates a unique signature over the document's hash. Anyone with the signer's public key can verify the signature mathematically — proving the signer's identity *and* that the document hasn't been altered since signing.
Digital signatures map onto the higher tiers of eIDAS (AES, QES) and to PDF's native digital signature feature. They require a certificate, usually from a Certificate Authority or qualified trust service provider.
When you need a digital signature
Government filings (some FDA submissions, IRS e-file for tax preparers, EU public sector tenders). Regulated industries where evidence of identity is critical (pharmaceutical batch records, certain financial transactions). High-value cross-border contracts where QES is desired.
For day-to-day business signing — NDAs, commercial contracts, employment — basic electronic signatures are sufficient and what every counterparty expects.
Flint's signature type
Flint's signing tool produces electronic signatures (SES level) with audit trail (IP, timestamp, document hash). This is what 90% of business signing needs.
For digital signatures (AES, QES), you need a qualified trust service provider with hardware-backed key storage. Specialist tools (Adobe Sign with QES, GlobalSign, Buypass) provide this.
FAQ
Is an electronic signature less secure than a digital signature?
At the SES level, less cryptographic evidence of identity. Both are legally binding for routine contracts; digital signatures add stronger tamper-evident integrity.
Does a digital signature need a Certificate Authority?
Yes — the public key infrastructure (PKI) chain anchors trust in the signature. The CA's reputation is part of the signature's strength.
Can I add a digital signature to a PDF in a browser?
Most browser-based tools (including Flint) produce electronic signatures. For digital signatures with qualified certificates, you typically need a desktop tool or qualified provider's portal.
Which one do I need for HIPAA / GDPR?
Neither HIPAA nor GDPR mandates a specific signature type. They require authentication and integrity, both of which audited electronic signatures provide. For high-value transactions, digital signatures add evidence.
For everyday signing, electronic is enough. For regulated edge cases, reach for digital with a qualified provider. Use Flint for the common case.