Electronic Signatures Explained: Types and Legal Weight

An electronic signature is a way to confirm who signed a document and when, in digital form. In the US, two laws govern e-signatures: the federal ESIGN Act of 2000 and the Uniform Electronic Transactions Act (UETA), adopted by 49 states. Together they define what counts as an electronic signature, when it is enforceable, and which exceptions apply. This reference article covers what an electronic signature actually is, the practical categories of e-signatures, where each type is appropriate, and what they cost. If you need a step-by-step guide for signing a specific document, see How to sign a document with an electronic signature.

What counts as an electronic signature

Under ESIGN, an electronic signature is "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record." In plain English: any deliberate digital act that signals "I am signing this."

An electronic signature can be: a typed name at the bottom of an email, a click-through "I agree" checkbox, an SMS confirmation code, a scanned pen signature, a mouse-drawn facsimile, or a cryptographic certificate from a Certificate Authority. Their evidentiary weight varies — from "easily contestable without an audit trail" to "equivalent to a notarized wet signature."

Three practical tiers of electronic signatures

US law does not formally classify e-signatures into named tiers the way some other jurisdictions do, but in practice the industry recognizes three levels with different evidentiary strength.

Simple electronic signature

The most common category. A simple e-signature confirms that a specific person signed but does not by itself guarantee the document was unchanged after signing. Examples: typed names, click-through agreements, SMS confirmation codes, facsimile signatures in PDF, scanned pen signatures, mouse-drawn signatures.

A simple e-signature is enforceable under ESIGN/UETA when both parties consent to do business electronically — usually addressed by a one-line clause in the agreement or a checkbox at signing. Without that consent, enforceability becomes harder to defend.

Advanced electronic signature (audit-trailed)

An advanced e-signature adds an audit trail: timestamp, IP address, email confirmation, browser fingerprint, sometimes geolocation. The signature is still drawn or typed, but the surrounding metadata makes it much harder to dispute. Platforms like DocuSign, Adobe Sign, HelloSign, and PandaDoc deliver this level by default.

Used in corporate workflows, vendor agreements, employment contracts, and any document where the company wants a strong evidentiary record without requiring a CA-issued certificate.

Qualified digital signature (certificate-based)

The strongest tier. The signature is cryptographically bound to the document via a certificate issued by a trusted Certificate Authority — IdenTrust, DigiCert, Entrust, or government-issued PIV cards. Tampering with the document after signing breaks the cryptographic seal and makes the alteration evident.

Legally equivalent to a notarized wet-ink signature for nearly any commercial transaction. Required in some regulated scenarios: SEC filings, certain government procurement, USPTO submissions, certain court e-filings.

Comparison at a glance

• Simple e-signature: no cryptography, consent required, fits everyday correspondence and most commercial documents, free
• Advanced (audit-trailed): platform-managed audit trail, fits corporate vendor and HR workflows, $15–$45/user/month
• Qualified digital signature: CA-issued certificate, equivalent to wet ink without extra consent, fits regulated filings, $100–$300/year + hardware token if required

When each type is appropriate

A simple e-signature works wherever convenience and speed matter and the legal stakes are routine.

• Internal memos and policy acknowledgements
• Vendor correspondence without specific legal effect
• Employee PTO and travel requests
• Account confirmations (banks, telecom providers, SaaS apps)
• Privacy policy updates and consent forms

Advanced e-signatures are right when document integrity matters and the audit trail will be referenced later.

• Vendor agreements, MSAs, statements of work
• Employment contracts and offer letters
• Bank account opening documents
• NDAs and non-compete agreements
• Recurring B2B contracts where templated workflows matter

Qualified digital signatures are required in specific regulated scenarios.

• SEC filings and certain FINRA submissions
• Federal procurement (SAM.gov, certain DoD contracts)
• USPTO patent and trademark filings
• Certain court e-filings (federal and select state systems)
• HIPAA-covered authorizations in some healthcare contexts
• Real estate closings in certain jurisdictions

How to obtain an electronic signature

A simple facsimile signature can be created online in about a minute: draw with your mouse, or photograph your pen signature and upload it. The tool removes the background automatically and saves it to your account. Cost: $0. Works immediately.

Advanced platform e-signatures come from established e-signature providers. DocuSign starts at about $15/user/month for basic plans, $45+ for business; Adobe Sign and HelloSign are similarly priced. Setup takes minutes, but expect a learning curve for the workflow features.

Qualified digital signatures come from Certificate Authorities. IdenTrust, DigiCert, and Entrust issue commercial certificates for $100–$300/year. Federal employees and contractors typically use government-issued PIV cards. The application process verifies your identity and can take 1–5 business days.

Storing and securing a signature

Store a simple facsimile signature in a password-protected account. Turn on two-factor authentication, do not share access with staff, and never email or message the raw signature PNG itself — only send the final signed document. If the file ever leaks, create a new signature and replace it everywhere going forward.

Advanced and qualified signatures are tied to your platform account or a hardware token. Treat the credentials like a master key: do not share, do not leave logged in on shared computers, and do not let anyone else "borrow" the token. If a token is lost, revoke the certificate at the issuing CA immediately to prevent unauthorized signing in your name.

What to do if a signature is challenged in court

Simple e-signature: produce the consent record (the agreement’s electronic-execution clause or the click-through acknowledgement) and any technical logs from the signing tool. Courts routinely accept simple e-signatures when there is documented consent and a reasonable audit record.

Advanced or qualified signature: produce the platform’s audit certificate or the CA-issued signature report, including timestamp, IP address, and document hash. Cryptographically bound signatures with timestamps are very difficult to dispute on technical grounds.