Two terms, two completely different things
"Electronic signature" and "digital signature" get used as if they were synonyms — in marketing copy, in casual conversation, even in the menus of some software. They are not the same thing, and the difference is easy to miss because it crosses two domains. One term comes from the law; the other comes from cryptography.
Put simply: an electronic signature is a legal concept — any electronic mark you make with the intent to sign something. A digital signature is a specific technology — a cryptographic method that uses keys and certificates to lock a document and prove it hasn't changed. One describes what you are doing and why; the other describes how a system secures it. Grasping that split clears up most of the confusion in a single step.
Electronic signature: the legal umbrella
In the United States, the definition comes from two laws that work in tandem: the federal ESIGN Act of 2000 and the Uniform Electronic Transactions Act (UETA), adopted by nearly every state. Both define an electronic signature in broad, technology-neutral language — roughly, an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign that record.
Notice what that definition does not require. It doesn't specify cryptography, certificates, or any particular file format. That means a name typed into a field, a signature drawn with a finger or mouse, a checked "I agree" box, or even a recorded click can all qualify, provided the surrounding conditions are met. The decisive ingredient is intent: the signer meant to sign, and the mark is tied to the specific record.
Because the test turns on intent and association rather than technology, "electronic signature" is best understood as an umbrella term. Almost everything people do to sign online falls under it. This is general information rather than legal advice, and the exact rules — including carve-outs for things like wills or certain official notices — depend on your jurisdiction and the type of document.
Digital signature: the cryptography underneath
A digital signature is not a category — it's a specific, well-defined cryptographic technique built on public-key infrastructure (PKI). It uses a matched pair of keys: a private key that only the signer controls, and a public key anyone can use to verify. The system also relies on a digital certificate, usually issued by a Certificate Authority, that binds a key to an identity.
Mechanically, signing works like this. The software computes a hash — a unique fingerprint — of the document, then encrypts that hash with the signer's private key. Anyone holding the public key can run the check in reverse: recompute the hash, compare it, and confirm two things at once. First, the document hasn't been altered since signing (integrity). Second, it was signed by the holder of that private key (authenticity). Change a single character and the hashes no longer match, so tampering is immediately detectable.
It's worth noting that "digital signature" is a general cryptographic term, not something invented for documents. The same mechanism secures software downloads, encrypted email, and the TLS connection behind every https site. Applied to a signed PDF, it provides strong, verifiable evidence of integrity — but on its own, the math says nothing about whether the person intended to enter a contract. That part remains a legal question.
How the two fit together
Here's the relationship that resolves the confusion: a digital signature is one of the technologies that can implement or secure an electronic signature. They aren't competitors on the same axis. The electronic signature is the legal act; the digital signature is the plumbing that can make that act more trustworthy and harder to repudiate.
In practice, many e-signature platforms capture a person's electronic signature — the legal act, backed by intent and consent — and then apply cryptographic sealing to the finished document so any later change is detectable. The legal weight, though, comes mostly from the evidence around the signing — who signed, when, from where, and after seeing what — captured in an audit trail, not from the cryptography alone.
tuyaform works this way. You build a document from a template or from scratch, place signature, initials, date, text, and checkbox fields, and send it by email or a share link. When everyone has signed, each completed document gets a tamper-evident seal alongside an audit trail and a Certificate of Completion — so you end up with both the integrity check and the human record of intent in one package.
Where eIDAS, AES, and QES come in
The European Union formalizes these ideas more than US law does. Under the eIDAS regulation, electronic signatures come in three tiers of assurance — and this is where "digital signature" technology becomes legally significant by name.
The base tier is the Simple (or Standard) Electronic Signature (SES) — broad and intent-based, much like the ESIGN/UETA umbrella. Above it sits the Advanced Electronic Signature (AES), which must be uniquely linked to the signer, capable of identifying them, created using data the signer keeps under sole control, and able to detect any later change. Those requirements essentially describe PKI, so an AES is typically implemented with digital-signature technology. At the top is the Qualified Electronic Signature (QES): an AES created with a qualified certificate from an accredited Qualified Trust Service Provider and a qualified signature-creation device. A QES carries the same legal effect as a handwritten signature across the EU.
US law generally takes a flatter approach. ESIGN and UETA don't define these tiers; most electronic signatures are treated as valid and enforceable without sorting them into assurance levels, as long as the core conditions are met. Because rules vary by country and by sector, a transaction that needs only a simple e-signature in one place may demand a higher tier somewhere else.
Which one do you actually need?
For the overwhelming majority of everyday business documents — service agreements, NDAs, consent forms, offer letters, waivers, intake paperwork — a standard electronic signature backed by a solid audit trail is legally binding and entirely sufficient. You don't need qualified certificates or QES-grade infrastructure to make a contract stick.
A smaller set of situations calls for the higher tiers: certain EU public-sector filings, some notarial or regulated transactions, and specific cross-border use cases may require AES or QES with qualified certificates. The right move is to match the assurance level to the risk and the jurisdiction, then keep your evidence — completed document, audit trail, and certificate — somewhere durable.
That's the practical takeaway. Don't choose based on which term sounds more secure; a digital signature isn't automatically "more binding" than an electronic signature. Choose based on what the document and the law require, and make sure whatever tool you use preserves a clear record of who signed and when. With tuyaform, signers can complete a request with no account, and every finished document keeps its seal, audit trail, and Certificate of Completion — at no cost and with no watermark.