There are many different ways to sign documents. However, you can not regard these different possibilities as equivalent. There are some differences in legal security between and other types of signatures. In this guide, you will learn what you need to consider when signing documents and PDFs and how to sign PDFs securely.
The most common way of signing is with a handwritten signature on paper. It is claimed as legally secure but requires additional work, reduces efficiency, and creates media breaks.
Another way of signing documents is to insert an image of the signature into the PDF. Although this possibility is simple and uncomplicated, it has very low legal validity.
A third possibility is signing with a remote-qualified signature. In this case, an accredited trust service provider creates the signature based on a qualified electronic certificate in a cryptographic procedure for the person signing. To use a qualified electronic signature, the person must first identify and register with a trust service provider. During the electronic signing process on a PDF document, the person only uses the smartphone with an activated means of authentication as signature approval, e.g., an authenticator app or a PIN.
Digital signing with a qualified electronic signature involves little effort and is as secure as a handwritten signature. According to the eIDAS EU Regulation or the Swiss signature act ZertES, the qualified signature is legally equivalent to a handwritten signature.
A secure and easy way of signing documents digitally is using signature service providers. Signature service providers offer various applications, software, integrations, platforms, or end-2-end document workflows, whether as cloud or desktop solutions (on-prem). Trust service providers deliver the creation, verification, and validation of electronic signatures and the associated identity solution to the software or applications of the signature service provider. When selecting a signature service provider, you should check that they cooperate with an accredited trust service provider. You can recognize the accreditation in a so-called trust list entry. The European Commission published a list of qualified trust service providers in Europe according to the EU regulation eIDAS. In Switzerland, the Federal Office of Communications (OFCOM) also publishes a list of accredited certification service providers by the Swiss signature act ZertES.
To use the electronic signature, the signing person must identify and register once with the selected trust service provider (in Switzerland: certification service provider) and then uses the software or application of the signature service provider. In a signature plattform it works like this: a person uploads a document which needs to be signed into the application. Then, he or she places the signature on the digital document with one mouse click and clicks on a "sign"- button. Before the signature is created, the persons approves with a 2-factor authentication means as signature apporval, e.g. with a PIN or authenticator app. Then the signature is applied on the PDF-document.
After the document has been signed, the application checks in the background the validity of the electronic certificates and plays the result of this check, if the trust service provider has an exciting registeration of the person. If the certificates are valid, the document is signed. Then the person can download the signed document
When digitally signing PDFs, the qualified electronic signature offers the highest level of security among digital signature types due to the legal and strict requirements it has to meet.
For example, the electronic signature must be assigned to a specific person, show whether data in the document has been changed after the signature has been placed on the document and it must be possible to trace who set the signature. In addition, the signing person must have his or her identity validated before the signature is placed. All these criteria determine the high security of digitally signing a PDF with a qualified signature.
In contrast, signing a PDF using a touch screen or inserting the signature into a PDF is not very secure. In this case, no security procedures or legal requirements are used as with the qualified electronic signature.
The advantages of digital signatures are obvious. By digitally signing PDF documents, you can save costs and work more efficiently without any media disrutopns. In most cases, the qualified electronic signature has the same legal value as a handwritten signature on paper, so there are no disadvantages for the user in this respect. Thus, the use of the qualified electronic signature not only simplifies processes, but can also be used securely.