Take 5 minutes, grab a coffee and read this blog… by the time you’ve finished you’ll understand the new laws around electronic signatures & seals, as well as the technology that makes them possible.
An electronic signature means data in electronic form that is attached to, or logically associated with, other data in electronic form and that is used to sign a document. An electronic seal is a type of electronic signature for a corporate entity that enables the electronic seal to bind the entity using it.
There are three types of electronic signature and seal:
Electronic signature software, such as DocuSign, Adobe Sign and RightSignature can be deployed across organisations or business units and allow people to sign documents online without using paper. Some services also allow you to track progress of signing. Data from e-mail addresses, IP address, time-stamped audit logs, digital signature and biometric signature data are used to create legally binding documents. Digital signatures and biometric signature data are the principle techniques used in advanced e-signatures. As a general rule of thumb, e-signatures are legally binding under English law and in many other countries around the World. There are a very limited number of categories where they are not often permitted, such as for the transfer of land.
The development of frameworks and standards for electronic signatures and online authentication are important for encouraging online transactions and improving business efficiencies. The previous arrangements for electronic signatures and online authentication were problematic because various EU member states had implemented the earlier eSignature Directive (1999/93/EC) inconsistently, making it difficult for companies to confidently rely on electronic signatures. eIDAS is designed to change this.
The Electronic Identification Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market or “eIDAS” comes into force in the UK on 1 July 2016.
It establishes a new legal framework for electronic identification, signatures and seals that includes mutual recognition across all Member States. It also provides greater legal certainty for transactions executed using digital certificates that have been issued by a Certification Authority that has been accredited and is subject to supervision by a special body in each Member State.
eIDAS is an EU Regulation, which means it has direct effect in the UK and therefore the UK parliament does not need to implement any specific legislation to bring it into force. The UK voted to leave the EU in June 2016 but the process of extraction from the EU is likely to be protracted over many months. It remains to be seen how EU and UK legislation will be unpicked, however if the UK government chooses to retain efficient trading mechanisms with the EU then we would expect much of eIDAS to survive.
The two main underlying techniques used in advanced electronic signatures are digital signatures and biometric measurements. The digital signature entails key generation, signing and verification algorithms. This technique is in the format of Public Key Infrastructure (PKI), which basically generates a pair of keys: a private key that is only in possession of the signer, and a public key, which is openly available and used by those who need to validate the e-signature. In addition, the keys are checked by the Certificate Authority (CA) and other policies. On top of the digital signature, the documents contain a biometric measurement in the form of a cryptographic hash code, i.e. an invertible fixed size bit string that is created using a mathematical algorithm. Together, these methods create encrypted data that is the digital signature. The signature also includes a time stamp and so changing the document after signing makes the digital signature invalid.
The new Electronic Identification Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (referred to as “eIDAS”) is directly applicable in Member States and so has direct effect in the UK. The majority of its provisions come into force on 1 July 2016. Article 25 of eIDAS maintains the fundamental rule that electronic signatures and verification services shall not be denied legal effect and admissibility as evidence in legal proceedings based solely on the fact that they are in electronic form. This rule applies to electronic signatures, seals, time stamps, registered delivery services and certificates for website authentication. eIDAS defines Trust Services as those service companies that provide electronic signatures, seals and time stamps. It differentiates between non-qualified and qualified Trust Services, the latter having supervision mechanisms, the purpose of which is to increase confidence in digital transactions.
The efficiency savings and cost benefits of using electronic signatures can be huge. Getting a document signed is a key milestone within the lifecycle of a contract. In many organisations there are a large number of manual processes that can be eliminated by implementing electronic signatures. It is hoped that the new law will improve legal consistency across the EU, as well as bolstering confidence in and the uptake of electronic signatures. If your organisation has had concerns about operating a single electronic signature solution across different countries and as a result has not rolled out e-sign technology or implemented an electronic signature policy, then eIDAS could help to change this.