Three terms get tossed around as if they mean the same thing: electronic signature, digital signature, e-signature. They don't. The difference is sometimes legal, sometimes technical, and always relevant the moment a contract gets challenged or a regulator asks how you authenticate a document.
This guide breaks down what each term actually means, when one is acceptable and another isn't, and how to pick the right kind of signature for what you're signing.
The short version
- Electronic signature (or e-signature) is the broad category: any electronic indication of intent to sign — a typed name, a scanned signature image, a click of "I agree", a drawn signature on a touchscreen. The term is legal, defined by ESIGN (US) and eIDAS (EU). Most everyday signing is electronic signature.
- Digital signature is a specific type of electronic signature built on cryptography. It uses a private key to create a unique fingerprint of the document at the moment of signing; any later change to the document invalidates the signature. The term is technical.
Every digital signature is an electronic signature; not every electronic signature is a digital signature. The distinction matters because legal frameworks treat them differently, and so do recipients with security-conscious workflows.
What an electronic signature actually covers
The legal definition is intentionally broad. Under the US ESIGN Act (Electronic Signatures in Global and National Commerce Act, 2000) and the EU's eIDAS Regulation (2014), an electronic signature is any "electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."
In practice, that includes:
- A name typed at the bottom of an email
- A signature drawn with a mouse or finger on a touchscreen
- A signature image (PNG of a scan) pasted into a document
- A click on an "I agree" checkbox or button
- A name entered into a signature field in a PDF form
- Any of the above plus an audit trail (timestamp, IP address, user identification)
For most everyday agreements — rental agreements, NDAs, contractor proposals, internal approvals — an electronic signature is legally binding. The "intent to sign" is what counts; the mechanism is mostly procedural.
What makes a digital signature different
A digital signature is a specific subtype of electronic signature that uses public-key cryptography to do two things at once:
- Authenticate the signer — prove that the person who signed actually controls the signing private key (typically issued by a trusted Certificate Authority).
- Detect tampering — produce a cryptographic hash of the document at the moment of signing. Any single-byte change to the document afterwards breaks the hash; the signature reports as invalid.
The mechanics: when you apply a digital signature, the signing tool computes a hash of the document content, encrypts that hash with your private key, and embeds the result back into the file along with your certificate. Anyone opening the file later can decrypt the hash with your public key (proving you signed it) and re-compute the hash to confirm the document hasn't been altered (proving the file is intact).
Digital signatures are the strongest authentication form available in the PDF specification. They're what you'd use for:
- Government filings (tax returns, court documents)
- Financial contracts with regulatory oversight
- Pharmaceutical regulatory submissions
- Long-term archival documents that must remain verifiable
The three eIDAS levels
The EU's eIDAS regulation formalizes this distinction into three levels of electronic signature, each with progressively stronger assurance:
Simple Electronic Signature (SES). The baseline — anything that qualifies as an electronic signature. A drawn or typed signature falls here. Acceptable for low-stakes agreements; not generally acceptable for documents requiring high assurance.
Advanced Electronic Signature (AES). Uniquely linked to the signer, capable of identifying them, created under their sole control, and able to detect any subsequent change to the data. Cryptographic mechanisms required. Most digital signatures meet AES.
Qualified Electronic Signature (QES). AES plus a qualified certificate issued by an EU-trusted Certificate Authority and created with a qualified signature creation device (typically a hardware token). QES carries the same legal weight as a handwritten signature under EU law — it's the standard for high-stakes regulatory and government signing.
The US ESIGN Act doesn't formalize these levels but courts apply similar reasoning when assessing signature reliability.
When to use which
A simple decision tree:
Low-stakes agreement, internal use, or document review. Simple electronic signature (drawn, typed, or click-to-sign) is fine. Open Sign PDF, draw or type, done.
Standard business contract. Electronic signature with an audit trail is the right level — a record of who signed, when, from what IP. Most e-signature platforms (DocuSign, Adobe Sign, HelloSign) produce this.
Document that needs to prove it hasn't been tampered with after signing. A digital signature, not a visual e-signature. In our Sign PDF tool, the tamper-evident certificate option produces this kind of signature.
High-stakes regulatory or government filing. A qualified digital signature using a certificate from a recognized Certificate Authority. This is generally outside the scope of free online tools — you'd use a dedicated signing platform with a hardware token or HSM-backed key.
What recipients can actually verify
This matters when you're on the receiving end:
A drawn signature on a PDF is visual evidence the document was signed. It's not technical proof of who signed it; anyone with PDF editing software could move or copy that signature. Treat it as "good enough" only when you trust the source.
A flattened signature is locked into the page so it can't be edited. Stronger than an unflattened one, but it's still just a picture — no cryptographic verification.
A digital signature can be verified by any PDF reader. Adobe Reader shows a green checkmark when the signature is valid and a warning when the document has been modified after signing. That green check is the only real proof a document hasn't been tampered with since signing.
Common questions
Is a typed signature legally binding?
In most jurisdictions, yes, under ESIGN and eIDAS, as long as the signer intended it as a signature. "Legally binding" doesn't mean "impossible to challenge" — opposing parties can still argue the signer didn't actually intend to sign, or that the signature was forged. The more important the document, the more important the audit trail.
Why do some PDFs show "signature invalid" after I edit them?
Because they contain a digital signature, not just a visual one. The signature covers a specific byte range of the document. Any change to that range (adding pages, editing text, even adding annotations) invalidates the signature. To re-sign, the document needs to be signed again from the new state.
Can I add a digital signature using only a free online tool?
Visual signatures, yes. True cryptographic digital signatures typically require a personal certificate that you'd obtain from a Certificate Authority (sometimes free for individuals, sometimes paid). Our Sign PDF tool offers a tamper-evident certificate option that produces a digital signature with that property; the full Qualified level requires a CA-issued certificate.
What about "wet signatures"?
A wet signature is a physical pen-on-paper signature. Most jurisdictions now treat valid electronic signatures as legally equivalent to wet signatures for most purposes. Exceptions exist for certain document types (some wills, some real estate transfers in some jurisdictions) — check local law for high-stakes documents.
Does flattening a signature make it a digital signature?
No. Flattening converts a visual signature into a permanent part of the page (so it can't be moved or removed easily), but it doesn't add cryptographic verification. A flattened drawn signature is still a visual signature, just one that's harder to tamper with. True digital signatures use a separate mechanism that operates on the file's byte stream, not its visible appearance. See our Flatten PDF guide for what flattening actually does.
Which one should I use most of the time?
For the vast majority of everyday signing, a simple electronic signature (drawn, typed, or signature image) is fine. Reach for a cryptographic digital signature only when the document is high-stakes enough that someone might try to tamper with it after signing, or when a regulator specifically requires it.
Wrap-up
The terms aren't synonyms:
- Electronic signature is the legal category — broad, covers any mark of intent to sign.
- Digital signature is a technical method — cryptographic, tamper-evident.
Most everyday signing only needs the former. For documents where proving the file hasn't changed after signing matters, reach for the latter. And remember that "legally binding" and "hard to challenge" aren't the same thing — the strength of your audit trail matters as much as the signature mechanism itself.
For the practical workflow, our Sign PDF guide covers drawing, typing, or uploading a signature, plus the tamper-evident certificate option when that's what you need.