The problem: "digital signature" means three different things
When someone says "digital signature" they may be talking about three things with VERY different legal weight. The confusion comes from many services using the term without distinguishing, and users finding out late that the signature they made does not work for what they thought.
The European eIDAS Regulation (EU 910/2014) — directly applicable in Spain and across the EU — defined three levels of electronic signature with tiered legal consequences. It is the reference courts use to decide whether a signature counts or not.
Level 1 — Simple electronic signature
What it is: any electronic data the signer uses to sign (art. 3.10 eIDAS). It ranges from typing your name at the end of an email to a PIN, a checkbox, or a finger drawing on screen.
When it works: for the vast majority of private contracts between individuals. This is what Runican and similar platforms use: you draw the signature on your phone, it is timestamped, the SHA-256 hash of the document is calculated, the pressure and speed of the stroke are stored. It works for leases, NDAs, freelance contracts, loans, car sales, etc.
When it does NOT work: public deeds (mortgages, real estate gifts, inheritances), tax filings, certain administrative procedures. For those you need to jump to level 3 (qualified signature) or go straight to a notary.
Level 2 — Advanced electronic signature
What it is: an electronic signature that (art. 26 eIDAS) meets four requirements: a) uniquely linked to the signer, b) allows identifying them, c) created with data under the signer's sole control, d) any later change to the document is detectable.
Typical case: a PDF signed with a digital certificate (FNMT, Bar Association certificate, etc.) or a contract signed via Adobe Sign / DocuSign when used with reinforced identification. The PDF itself embeds the signature as a verifiable cryptographic object.
When it works: almost everything from level 1 + scenarios that demand more legal security. For example, high-value B2B contracts, contracts with public administration, certain employment contracts.
Level 3 — Qualified electronic signature
What it is: an advanced signature (level 2) + issued by a qualified trust service provider (TSP) accredited and listed in the EU public trust list + created with a qualified signature creation device (QSCD).
The key detail: the qualified signature hasthe same legal effect as a handwritten signature on paper (art. 25.2 eIDAS). It is the only electronic signature that equates 1:1 to pen and paper before any authority or court.
Typical case: activated electronic ID + reader, FNMT class 2 certificate + USB token, Cl@ve PIN or Cl@ve permanente signature, services like Validated ID, Logalty or Camerfirma when issuing qualified signature.
When it is mandatory: filing tax returns (Modelo 100, 600, 720…), registering a document in public registries, signing contracts with administration, Social Security procedures, certain court procedures.
Quick comparison table
| Type | Cost | Works for |
|---|---|---|
| Simple (finger on phone) | Free | Private contracts, NDAs, freelance, leases, loans |
| Advanced (certificate) | Free FNMT / paid TSP | The above + high-value B2B, public administration |
| Qualified (eIDAS QSCD) | Free eID / paid qualified TSP | The above + tax authority, registries, courts, equivalent to handwritten |
Handwritten digitised signature vs qualified signature
The handwritten digitised signature (drawn with a finger or stylus) is at level 1 (simple). It does not require reinforced identification — it just needs the person to access the link and sign. Its probative force depends on the metadata the platform captures (pressure, speed, IP, timestamp, document hash).
The qualified signature is at level 3. It requires the signer to prove their identity with a physical means (eID + reader, certificate in token) and use a certified device. Practical difference: the qualified is presumed valid (burden of proof on whoever denies it), the simple needs corroborating circumstances to have the same weight.
For most people, the digital handwritten signature is enough because private contracts rarely end up in court. When there is a dispute, the combination signature + hash + verification QR + IP + timestamp + forensic handwriting analysis is usually sufficient for a judge to accept it.
When you definitely need a notary
There are acts that always require a notarial public deed, where no electronic signature (not even qualified) can replace it:
- Real estate sales for registration in the Property Registry (art. 1280 of the Spanish Civil Code).
- Real estate gifts (art. 633 CC).
- Marriage capitulations (art. 1327 CC).
- Mortgage constitution (art. 1875 CC).
- Express acceptance or refusal of inheritance (when real estate is involved).
- Incorporation of commercial companies (Spanish Companies Act).
For the rest — private contracts between individuals — the simple electronic signature with hash + QR is fully valid and much more practical.
Common mistakes
Mistake 1: believing "digital signature" always means qualified signature. Most platforms offer simple signature — perfectly valid but not equivalent to handwritten.
Mistake 2: signing important contracts with services that do NOT store the cryptographic hash of the document. Without a hash, you cannot prove the PDF was not altered after signing.
Mistake 3: using simple signature for deeds or tax filings thinking "it counts the same". It does not — the operation gets rejected.
Mistake 4: not saving a local copy of the signed PDF. If the platform shuts down or loses your data, you have no evidence.
Frequently asked questions
Does signing with my finger on the phone have legal validity?
Yes, as a simple electronic signature under the eIDAS Regulation (art. 3.10). It is valid for the vast majority of private contracts between individuals: leases, NDAs, freelance, loans, sales of movable goods. It is NOT enough for notarial deeds, mortgages or telematic filings with tax authorities, which require qualified signature.
What is the difference between simple, advanced and qualified electronic signature?
Simple is any electronic data used to sign (an email, a PIN, a finger drawing). Advanced uniquely links the signature to the signer and detects any change in the document (typically a PDF signed with a certificate). Qualified is advanced + issued by an accredited qualified trust service provider (TSP) — legally equivalent to a handwritten signature on paper.
Do I need an FNMT certificate or electronic ID for every contract?
No. Only for those the law requires qualified signature: public deeds, mortgages, real estate gifts, tax filings, certain administrative procedures. For 95% of private contracts between individuals, a simple electronic signature (finger + hash + timestamp) is enough.
Can I use the digital handwritten signature for a rental contract?
Yes. The Spanish Tenancy Act (LAU) does not require a specific form for residential leases (art. 37 LAU lets the parties agree the form). Digital handwritten signature with timestamp and hash is fully valid and usually accepted by real estate agencies and landlords.
What if the other party later denies having signed?
A well-implemented simple electronic signature includes: stroke with pressure and time (forensic handwriting analysis possible), cryptographic hash of the document (impossible to modify without trace), timestamp (when it was signed), IP and user agent of the signer. In court, all of that counts as electronic documentary evidence (art. 326 of the Spanish Civil Procedure Act).
Try the simplest valid signature
Generate a contract, sign with your finger and share. PDF includes cryptographic hash and QR for verification.
Browse free templates