Electronic, advanced and digital signatures: differences and legal validity

The term electronic signature commonly refers to different types of computer identification, ranging from entering a username and password to a digital signature associated with a physical device such as a token or smart card.

Electronic signature and digital signature are not synonymous: a simple electronic signature, for instance, has no legal validity and can only be used to uniquely authenticate oneself in certain cases. The actual digital signature, on the other hand, coincides with a particular type of electronic signature, namely qualified signature certificates, or FEQs. Let us therefore clarify the different types of electronic signatures, starting with the different definitions given in the Code for Digital Administration, or CAD.

What is the Electronic Signature

In common parlance, the term electronic signature refer to any type of unique authentication that allows documents and private deeds to be signed electronically.

According to the definition in the CAD, the Digital Administration Code, an electronic signature is 'a set of data in electronic form, attached to or connected by logical association with other electronic data, used as a method of computer identification'. The entry of personal access credentials, in itself, is already an example of an electronic signature, as is the signing of a document by scanning a paper signature.

A digital signature, on the other hand, means only one type of electronic signature, namely the Qualified Electronic Signature (FEQ), which has full legal validity and is the strongest form of authentication in this sense.

What are the types of electronic signatures?

The difference between digital and electronic signatures can be better understood by looking at the different types of electronic signatures provided for within the Digital Administration Code. There are three types of electronic signature:

• Simple Electronic Signature (FES): this has no legal validity, but allows the identification of the person signing a document or an action such as accessing a website or web service;
• Advanced Electronic Signature (FEA): this is a stronger signature than the EDF, which can take on the same legal validity as a handwritten signature for certain types of contracts and private agreements;
• Qualified Electronic Signature (FEQ): otherwise known as a digital signature, it allows citizens and businesses to sign contracts and writings with full legal validity.

Within the three types of electronic signature fall many forms of computer authentication: the PIN code you enter to pay with your cards is already an electronic signature, as is the scanning of a handwritten signature on paper. Entering a username and password when accessing a site and authentication via a one-time password, or OTP (one time password), are also technically included among electronic signatures.

Advanced Electronic Signature: what it is and when to use it

Among those indicated in the CAD, the Simple Electronic Signature is undoubtedly a residual element: referring to any data connection useful for computer authentication, it does not in fact indicate a real signature.

The first electronic signature that allows documents with legal validity to be signed, among those in the list above, is the FEA, Firma Elettronica Avanzata. It is defined as "an electronic signature obtained by means of a computer procedure that guarantees the unambiguous connection to the signatory, created by means over which the signatory can retain exclusive control", allowing control over subsequent changes to the data. Examples of FEA are authentication with OTPs and tablet signatures using biometric devices.

To be such, an FEA must therefore guarantee

• the identification of the signatory of the document;
• the unique connection between signature, signatory and document;
• the signatory's exclusive control over the signature generation system, whatever it may be;
• the signatory's ability to control any subsequent changes to the document;
• the identification of the company issuing the certificate, or certifying body.

The FEA can be used to sign with full legal validity the contracts referred to in paragraph 13 of Article 1350 of the Civil Code, e.g. preliminary contracts and deeds of incorporation of associations and foundations. On the other hand, it cannot be used to sign lease and purchase contracts for real estate, which require greater protection.

Only and exclusively in dealings with the Public Administration, signatures affixed with CIE, CNS, Health Card, Electronic Passport and SPID are also considered FEA. However, this does not mean that these instruments can be equated with an Advanced Electronic Signature: as they are only considered as such within national borders, they do not comply with the directives of the European eIDAS Regulation (electronic IDentification Authentication and Signature).

Qualified Electronic Signature: the only true digital signature

At national level, the only digital signature permitted is the Qualified Electronic Signature, or FEQ. This is a type of signature that, unlike the others, is affixed using a secure device, such as a token or smart card, or through the use of certified apps.

It is defined in the CAD as a particular type of signature 'based on a system of cryptographic keys, one public and one private, which are interrelated, enabling the holder by means of the private key and the recipient by means of the public key, respectively, to make manifest and verify the provenance and integrity of an IT document or set of IT documents'.

Digital signatures include the remote electronic signature via OTP, when the disposable password is generated by a physical key or an app issued by a certification body recognised by AgID. Among the more than 27 million qualified signature certificates active in Italy today, about 60 per cent of the total are remote digital signatures.

The digital signature is the tool that allows citizens and businesses to sign documents with full legal validity, and is the result of a process that guarantees, according to the AgID Guidelines, authenticity, integrity and non-repudiation of the signed documents. It is the only telematic signature that meets the requirements of Article 2702 of the Civil Code, net of the exceptions indicated above, and therefore - at least according to Italian law - the only one fully equivalent to a handwritten signature.

 

Would you like to discover the Digital Signature Service?

Access the Documentation now

GO TO DOCUMENTATION