Name: Electronic vs digital signatures: everything you need to know
Uploaded: 2025-03-13T15:00:55.609Z
Duration: 30 min 8 s
Description: Electronic vs digital signatures: everything you need to know

Transcript for "Electronic vs digital signatures: everything you need to know": Hey, Hey, everyone, and welcome to today's webinar where we're gonna review some of the most common questions that we hear around electronic and digital signatures. I'm Greg Ihnz with the product marketing team here at Nutrient, and joining me today is our VP of product, Miloš Jukic. Alright, Miloš. It is always an absolute pleasure to present with you. I feel like we've been, up on stage together quite a bit lately. Yeah. Let's do it again. Absolutely. Alright. So before we jump into our presentation, I do need to cover a few housekeeping items. We know everyone here is very busy, so we're gonna try to keep today's event to around thirty minutes or so. If you have any questions during the webinar, just find that Q and A functionality, up there on the right side of your screen. Also just a quick note. We are, joined today by one of our engineers in the backstage, Daniel Martin. He'll be available to help us answer any questions, you may have, along the way. And finally, yes, the webinar is being recorded and will be available on demand on our site. Alright. Onto the agenda. First, many of you attending today might have missed our recent announcement around our rebrand. So to start things off, I'm gonna give a sixty second overview of the new company and why we made the change. Then we'll jump into why you're here today, and that is to learn about the differences between electronic and digital signatures. And then at the end, we have saved some time for a few questions. Alright. So to kick things off, you're likely aware that we made a major announcement recently with a complete company rebrand. So whether you knew us before as PSPDFKit, Mehemby, Orpolis, Aquaforest, or even Integrify, we are now Nutrient. Same company with all the same technology, just rebranded under a single banner with a single mission. And that is to evolve how humans experience and interact with documents. With the rebrand, we now have an unrivaled suite of document solutions all under one roof, whether it's our industry leading SDKs or our m three sixty five low code solutions or even our workflow automation platform. We take pride in simplifying the complexity you face with speed, savings, and security to become your solution for today's digital document challenges, but also, more importantly, to be your partner for tomorrow's document innovations. We are Nutrient, and we're thrilled to be building the future of document innovation alongside of you. Alright. Well, that brings us to why you're here today, And that's to get a better understanding of electronic and digital signatures. We've tried to prepare content that is helpful for all levels of understanding. No matter if you're new to e signing or if you've been incorporating it for years, we hope you walk away with something new. Alright, Miloš. Let's start at the beginning. What do you say? It's, it's one of those questions that we get probably, most commonly from our our our, our customers. And that is, what exactly is the difference between electronic and digital signatures? I mean, it's the first time I hear the question really. But, yeah, let's, let's start let's start from the beginning. Right? So what is an electronic signatures? Let's start with what can you sign electronically, right? You can sign any data, really any data. Ideally, it's the kind of data that has wide adoption, like, like a PDF document, right? But what do you sign with? You sign with some other data. Yes. So a signature, an electronic signature, is just some data. And what is the point of signing? You do that, you know, to you use that data that you've just used to sign something in order for it to bear the same legal standing as if you've signed a piece of paper, right, with your with your hand and a pen. So in reality, since this is electronic, there's all kinds of security and trust that can surround it. And so in in that way, it's better really than a than a written signature. Not just more convenient, right, which we all know and love about, you know, signing things with our computer or, a smartphone. It opens up so many ways of identifying the signer as well. The complexity around signing, and this is where this question of differences between electronic and digital signatures comes from, is when you realize there's there's a plethora of different types of signatures, there's differences in in regulations, country to country, etcetera, and we'll get to that. But first, let's also explain what a digital signature is. A digital signature is, you guessed it, more data. It's really it's additional data that gets created by the means of using cryptography. There's mathematical algorithms that do this, and this data then becomes a part of an electronic signature. It is added to its data. And what we get is, as we just mentioned, e signatures give us these advantages to handwritten signatures. We get a method of verifying that the thing that we're signing is authentic, or we get a method that verifies that the person signing is a specific person, a real person for starters. It is very important to note that not all esignatures will contain digital signatures. And for ones that do, here's why we use them. We mostly use them for signing documents. Right? So let's use that as an example moving forward. The moment we're talking about things like authenticity, identity, we're talking about trust. And this is why we're we're data documents are being digitally signed. There's there are more participants to this process, not just the person or person signing, but there's also an entity or or two that exposes some kind of a service that helps create that digital signature. Then there's trusted entities that help validate that authenticity by reading the digital signature. And the end result of all this is a digital signature that can, to the power of these trusted entities, guarantee that the document that was signed wasn't changed after signing, or that the person or person signing can be identified. And the great thing about adopted standards such as PDF is that all those document readers in the world know how to speak to these trusted entities to validate that the document was signed with a digital signature and everything that that guarantees. And at the end of the day, of course, let's not, leave this out. The the final purpose of of signing is is a legal signature. It can be used in court. Right? Yeah. So that makes a lot of sense. Now you touched on something earlier, where you said, you know, depending on where you live, your country may have a different definition of, what is legally binding. Do different regions around the world have their own definitions for, signing, or is that pretty uniform? It is not uniform at all. I mean, there's, like, 30 plus or even 50 plus countries in the world that legally define electronic signatures, and then there's there's all garden variety, right, of what a what a what a signature really is. So take take these three, for example. Canada insists that electronic documents can be signed, right? There's a definition somewhere, of course, what that is. In The US, it is the intent to sign that really matters, as it can be proven in a bunch of different ways in a court of law. Also it's about contracts and other records, Right? And in the EU, it's pretty strict in terms of what signatures are, but then it's a little bit wider in terms of what you can sign, you know, because they sign data. So I believe that in Slovakia, I hope I'm not wrong, but that they're they're I think they're an example where they have their own sort of document format that is not PDF. Right? It's very specific to that country, and they exclusively sign that. Right? So so there isn't like a EU wide regulation that says you can only sign PDFs, for example. I do personally appreciate the the clarity, right, and the level of security that exists in the EU, even though it tends to create some complexity when it comes to technical implementation. But, it is the EU that gives this very, very good scheme of speaking and about signatures and understanding signatures. They they have these three categories. Right? They say there's a simple electronic signature, there's an advanced electronic signature, and there's a qualified electronic signature. And they give multiple levels of authenticity, security, and identity verification. Right? The first one, the simple electronic signature, this is essentially the the the the electronic signature that that that that bears the most resemblance to an to a handwritten signature on a piece of paper. Right? It is essentially what in the world of documents, we call this an annotation. It is an ink annotation or an an image annotation or some stylized text. Right? Like a like a cursive, name and and last name that's simply placed in a document and that's your signature. That sort of the purpose of a simple electronic signature is is to prove that there was intent to sign a document. But if we want to take advantage of technology, right, and we wanna go further than that, you know, be better than a hand with a signature on a piece of paper, we really want to involve cryptography. The second we involve cryptography, there is a digital signature that's added, as a part of the electronic signature. Then in the EU, we get to an advanced electronic signature. Essentially, it ensures that the document wasn't tampered with after signing. Right? It can also verify the identity of the signer. There's some more things that it can add to a signature, but this is what this is what really matters. Right? And then we have this third type, they they call qualified electronic signature, which bears the biggest level of security because it also adds a government of a country as a as a player, as a participant of the process where they authenticate their resident, a a person with an ID, with a government issued ID, as the signer of the document. This is basically where you get to something called non repudiation, which means, you know, this can't be really, repudiated in in a court of law. It's a it's a pretty much a guarantee, that this particular person has signed. Yeah. That's a great breakdown. Now, Miloš, you know me pretty well. I'm a visual learner, and I'm sure others in audience are as well. Why don't you walk through the actual workflow involved when using esignatures? Well, right. So, again, this is garden variety workflows can can look they're very different, especially when it comes to, you know, different reasons for signing. But this is sort of how this looks like in in in in most software applications. Right? It starts with someone generating, scanning, right, and uploading a document or something like that. It can be like a contract or whatever. And then we essentially need to, we need to prepare that document for electronic signature. Right? The first thing is we need to determine who needs to sign. This can happen automatically. This can also be a very much a manual process. Right? You're signing a scope of work document, for example, and you're like, who do I need to put as a signer? Okay. This is this is the person signing for the client. This is the person signing for our org, etcetera, etcetera. But then when you know who these people are, you also need to prepare the document itself. Let's say this is a PDF. You need to put all those fields that are going to signify the signature data. Right? A signature can have something we call visual appearance. Right? There there there has to be something that that a person viewing the document can see that signifies that a signature was placed. And usually we're talking about, either like an in connotation or we're talking about initials or it's an image, right? Like, imagine a stamp, of of a company. And then usually, usually we have the date of of signature as well. Then when we placed all these things in the document, these are usually forms, right? Form fields in the document, we ship that document to, to be signed usually via email or something. And then obviously somebody opens up the document in in your software and they actually go ahead and do the signing. Right? This is where this is where we get to all kinds of complexity depending on what kind of a signature we are using. Right? For example, if it's, let's use the EU, regulation style. Right? If it's a simple electronic signature, all we need to do is just place an incognonation in a document, and that's pretty much the end of it. Right? If it's a digital signature is involved, it's a little bit different and it's going to vary depending on what we're trying to do. For example, we might want to have each person signing using their own digital certificate. Right? Or we actually want to get everybody to sign with a simple electronic signature and then use an use a digital certificate to perform the advanced signature, right? If we're going for those qualified signatures, though, every time a person is signing, we have to go through this very elaborate authentication process with the government service that proves their identity and, and a digital certificate is used there as well. But the final final part of a final piece of the the signing workflow is you seal the deal. Right? It's essentially the last thing that happens in in the signing process, and it can it can be it can be two things really. If every signer was using their own certificate, right, then the last signature being made, right, by the last person signing is essentially sealing the deal, you know, finishing the signing. If not, we might have just picked up a couple of simple electronic signatures like ink annotations for multiple signers, and then we put in the digital certificate as the final step. I know that when I mentioned seal that some of you were thinking, hey. There's a thing called the digital seal, and I would like to now sort of clarify the difference between a digital certificate and a digital seal. Yeah. In fact, not only digital seals, but, you know, there's also the digital certificate. Right? And it's easy to confuse the two. Once you give a rundown of each one of those and how they're used. Yep. So in a nutshell, this is all cryptography. Right? So the the the whole idea is we use a mathematical process, some sort of a public private key algorithm that actually generates some data and that data ends up in a signature. Right? So both things work the same in a very similar manner in that sen technical sense, but they're used for different purposes. Right? The purpose of a digital certificate is to authenticate, right, a person or or organization. Right? So it's it's all about confirming the identity of the holder of the certificate. Right. So if I sign with a digital certificate, I'm basically saying that a specific entity, which can be a person, has signed the document. Your your your classic example is I'm I'm applying, you know, I'm submitting my tax application, my yearly tax application, very, very bad. I don't like that process, but I like the convenience of digitally signing. I basically use my ID to authenticate with my government and there's a digital certificate that bears my identity that gets applied to the document. And that's how I can, you know, guarantee with non repudiation that it was me who signed that tax report, whatever. And then the digital seal, is used a little bit differently. This is essentially this is essentially something that that DocuSign does, for example. You know how when when I showed that that signing workflow, this is what DocuSign does. DocuSign DocuSign takes over that part called authentication. Right? DocuSign says, I authenticate the user whom I know and can guarantee that it's them. Right? Because I have their email. You know, they log in via some sort of credentials. And I authenticate them, and then I collect all their signatures. But when when it's all done, I seal the deal by using a a digital seal. Right? Which focuses on the authenticity of the document itself. So it ensures the integrity of it, like it wasn't tampered after after after the document was signed. And there's a specific organization that sort of guarantees that. So a digital seal is typically issued to an organization, whereas a digital certificate can be issued to an organization and it can be issued to a to an individual. Now the cool thing about this being the same technology in the back, right, is when you sign with a digital certificate, you also get the proof of non tempering, right? So it's the same thing. By the way, typical example of of a digital seal used is is is you you're signing an NDA. Right? And you, your organization, you send an NDA to an individual, somebody signs from your organization, the individual signs on their end, and you you put a digital seal that says my organization basically guarantees that this document wasn't tampered with after, after signing, which is very much very much, good in a court of law, especially especially in The US. This is this is sort of the difference. Right? So I'm gonna show these two things. Right? In the in the EU, you would you would expect some more scrutiny, you know, remember those simple, advanced, and then finally qualified signatures, right, depending on what is being signed. For example, when I'm signing that tax application, I really need to use a qualified signature because it has to really has to come from me. So every time somebody's signing, there's authentication happening, there's a certificate used, and, you know, after signing, you can also, if you want to, digitally seal the document, but sometimes you really don't need those certificates in the EU, and you can only digitally seal. Whereas in The US, and this is why DocuSign is such a big business, you really just pick up some simple electronic signatures from from from people and then just seal seal the document. And that basically means, you know, it wasn't touched after signing. That's, no. That's that makes a lot of sense. That's super helpful. And I'm sure the audience is already thinking about which one makes the most sense for their application. Right? So to help them out, what are the questions and criteria that they need to be thinking about, after they leave here today? We we start we start with the very basics. Like, why are we signing? Are we just trying to prove intent that someone signed? Are we are we also trying to prove that the document wasn't tampered with? And how how complex does the identity verification need to be? Right? Is is there a government service involved? End of day, I think this is something that that's also very crucial. If you are thinking about signing documents that never leave the the the the the confounds of your software or your product line, right, your servers, you might not even need a digital signature. You might not need cryptography because your software database can be the the the guarantee. But also, you really and especially for for businesses that service multiple countries. Right? You really have to, understand the differences between between different geographical locations, different continents, right, and how these things differ from country to country. And either find, you know, something that fits all or, you know, sort of differentiate depending on on the country. But also, you you also need to understand who who are you going to be authenticating. Right? Is it org an organization that is doing the signing? Is it an individual that is doing the signing? An organization and an individual? Right? Because that will differentiate between are you gonna be using personal, digital certificates? Are you gonna be using a digital seal? And then then there's there's the desired level of integrity. This is this is very important, right? Because when you go into into the world of digital signatures, there's so many different things that a digital signature can do outside of, you know, just confirming authenticity. There's there's questions like for how long, for example, is a digital signature going to validate the authenticity of the document or the identity of the signer? Because as as I said in the beginning, there's there's more more entities in play, more players in the game. Right? There's trusted services that guarantee these things when a digital certificate is involved. So what happens when that trusted authority no longer exists? Right? That like the the company, the organization that issued the certificate. What happens when they go out of business? What happens a hundred years after that moment? If you want your document to be valid a hundred years, after its signing, you probably want to implement some advanced techniques, like something called long term validation, which requires time stamping the document and then sort of ensuring that the document will, the signature will be valid even after the certificate authority is gone. And then there's many different things that can force specific requirements on you. This is where the complexity of the technical implementation comes to play, right? For examples, you know, you some libraries that you're using, a vendor that you're using, can't really deal with specific signature containers, right? There's a thing called signature container. There there's there's multiple standards there, multiple, multiple cryptography standards as well. There's some, some libraries simply don't support some of the modern ones. And this can be driven by by some sort of security compliance or or your investors. Right? Then there's the question of where certificate's stored because the digital certificate is is data, right? Is it stored on a hardware device like, like a USB stick or is it stored somewhere in the cloud? It's, you know, who and how how is it being kept safe. Right? Also the signing service that you're using might dictate some different standards. Right? So you really need to you really need to go a little bit deeper, when when you're thinking about implementation. And and, honestly, this is why it's best for you to work with a vendor that sort of has you covered despite the complexity of your particular situation, tech stack you're using and whatnot. Amazing. Yeah. I think I think you did a great job of framing everything there and, take boiling down what is a really complex, topic and and making it easy to understand. But, before we, sign off, no pun intended there, I'd love to get your thoughts around what the audience might see, you know, around this topic in the near or even distant future. Oh, that is a very good question, Greg. Well, I personally see this, and I also sort of hope that what we are signing might change. You know, when I'm thinking about my children, for example, I I have no idea if they're gonna be thinking in terms of PDF and all those standards. Right? Standardized data. So I'm wondering what's the data that they will be signing, when they, you know, get to their first employment. And I think even though this this all involves legislation, right, especially in the EU that where things are very strict, I I sort of see the world changing fast, when when we get some new some new data standards, and data that we can sign. And honestly, I'm seeing I'm seeing digital signatures permeate much more than document space. Right? For example, I know we're an engineering company. In an engineering company, you have something called code versioning and there's there's there's a service that we use. There's a there's a technology that we use, called Git, right? There's a virtual versioning system. And, you know, there's now there's there's also these big projects like open source projects where a lot of different people, contribute to these projects. And it's, I see a trend of digital signatures being used, for example, to, guarantee the authenticity and the integrity of the commits to those versioning systems so that you know that it came from the right from the right person, right, or the right organization. There's also potentially upcoming, how do you call it? Stand technical standards for, the origins of a document. And I'm I'm sort of seeing digital signatures potentially being applied to, to document versioning for lack of a better expression. So that there's there's a guarantee that when someone change changes a document, we cannot authenticate who made the change. I think this this is something that could be very important for, these legal documents, for starters, especially, you know, government level legislations and things like that. Alright. Well, that brings us to the end of today's presentation. So if you have any questions about what we just covered, go ahead and drop them in the q and a now. Or if you'd like to talk to us about your specific needs, with one of our team members after the webinar, We'd love to hear from you, whether that's reaching out to our customer success team, if you're a customer, or sales team. We also invite you to visit Nutrient.io to learn more about how we can help meet your electronic and digital signing needs or any type of, document functionality that you may be looking for. You'll you'll find on our site a ton of helpful resources like our blog, our product pages, guides, demos. You can even sign up for a free trial or, or, you know, or or test our solutions to test things out yourself. So go ahead and visit it, Nutrient.io, and check it out. Alright, Milosz. You kept me honest. We are right at thirty minutes. Let's see if we if we have yeah. So it's almost like we practice this. Alright, Miloš. Let's see how many questions we can get to. I do see a couple, let's see a couple of the let's see. Let's hop on. I think, yeah, a couple of them are are similar. So I'm a add I'm a boil it down to this. What are the next steps if we wanna implement digital signing? Yeah. So, maybe maybe simplify the question. This is a complex one. Really, it's it's about answering those those questions that, that I've put in the presentation. And and honestly, I think the best thing you could do is just reach out to us because we'll we'll we can guide you through through the process. We really our tech covers end to end digital signatures, electronic signatures, just doesn't matter. We we cover it all end to end. And the best thing you can do is just reach out so that we can drive you drive you through these questions and determine what's the best step. And where we can't cover you, we we work with partners, for example, certificate, certificate vendors. Right? And we we vetted them already. We can just get you through the through the through the process. That's great. Alright. Well, that is all the time we have for today. We are right at time. If we didn't get to your questions, no worries. We'll follow-up directly after the webinar. On behalf of Miloš and the entire Nutrient team, thank you so much for joining us and enjoy the rest of your day.