Much has been written on electronic signatures. In this article, we would like to present a simple guide on e signature or e-sign and what makes them legally binding.
In the modern world, everything has digitalized with time. From online shopping to automation of complex business functions, everything is digital today, and it lays the foundation of our future as well.
One of the things that has become popular is electronic signatures or e-signatures.
However, because it appears to be easy to sign a document online, many are often concerned about the legality of e-signatures.
Does the e-signature on a contract give the document any legal status? In this article, we’re going to cover the top topics, which are among the most frequently asked questions about electronic signatures.
Is the electronic signature legal?
Now that you know what e-signatures are, you must be wondering about their legality.
Yes, you could put an electronic signature on a document but does doing so make the document legal?
Electronic signatures are legally binding in thirty European countries, the United States and the vast majority of countries around the world.
An electronic signature can carry the same weight and legal effect as a traditional paper document with a pen and ink signature.
In all the countries where e-signatures are legally binding, its legal status depends on proving the presence of these three elements:
#1 WHO: Who has signed?
This is the part where the identity of the signatory must be verifiable.
There are a number of methods that you to perform identity verification such as using verification via SMS, email, electronic ID, for example, BankID in Sweden.
The stricter the identity control there is in the method, the higher the security the method offers.
On top of this, a lot of information about every interaction in the contract is saved and logged. Remember that none of these identification methods are 100% secure, even though digital is almost always better than the analog alternative!
#2 WHAT AND INTENT: What was signed?
The next part that affects the legal status of a signed document is the content of the document and the intent of the parties. What was signed? Did the parties invited to the contract intend to sign and legally commit to the document?
This is where the contract content and what the parties stated in the signed version of the document matter.
If a contract changes before all the parties signed, the new wording will become the new contract offer. If there is more than one party invited to sign the document, then the contract is only signed when all have signed — agreeing on the common content.
#3 INTEGRITY: Has the document been changed or tampered with after signing?
The final part that determines the legal status of an electronically signed document is the document integrity after signing. This means that after the parties have signed the document, it will be intact and not modified or tampered with.
By using an electronic signature based on PKI, the document gets ‘hashed’ and signed using an asymmetric encryption key pair.
The hash value is like a fingerprint of the document, and it is unique.
The integrity of the document is protected so that even a slight change in the document, e.g. change of a comma, a point or space, would create a completely different hash value — revealing a change has occurred.
Qualifications for an e-signature to be legally binding
As you can tell by now, not every electronic signature will be found to be legally binding.
Obviously, you can’t just take a picture of your signature on a piece of paper, crop it, and paste in your documents to use it for making the documents “legal”. This method won’t provide any decent level of evidence as someone else can easily copy-paste it from your document to another.
The legal value of an electronic signature will depend on the ability to prove who applied it, the identity of that person and that the signed data has not changed after signing.
Regulation of electronic signatures
The types of signatures above are described in more detail in the eIDAS (electronic IDentification, Authentication and trust Services) Regulation of the European Union.
eIDAS is a comprehensive regulation dealing with electronic identification and trust services for electronic transactions in the European Single Market. In the US the ESIGN Act is regulating e-signatures on the federal level.
Oneflow follows the standards and best practices set out in or following from the eIDAS regulation.
- eIDAS: Electronic Identification and Trust Services Regulation
- ESIGN Act: It stands for US Electronic Signatures in Global and National Commerce Act
- UETA: Uniform Electronic Transactions Act
Types of electronic signatures:
There are different types or levels of electronic signatures according to the eIDAS Regulation: SES (Simple Electronic Signature), AdEs (Advanced Electronic Signature), and QES (Qualified Electronic Signature).
SES (Simple Electronic Signature)
The definition of an Electronic Signature under Swedish and EU law means that “means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign” (eIDAS Regulaton article 3).
As there are no specific security requirements laid down by law, it is not possible to determine the legal value of such signature without evaluating the method and security applied in the specific case.
AdES (Advanced Electronic Signature)
As the name suggests, it is an advanced form of signature that offers more security than a simple electronic signature. It can also identify the person who has signed the document.
This type of e-signature allows you to detect if someone has tampered with the signature after the signatory has put it on the document. These signatures are made secure with the help of cryptographic keys.
According to eIDAS Regulation, an advanced electronic signature means “an electronic signature which meets the following requirements:
- it is uniquely linked to the signatory;
- All parties are capable of identifying the signatory;
- it should be created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control. And
- it is linked to the data signed therewith in a way that any subsequent change in the data is detectable.
QES (Qualified Electronic Signature)
The eIDAS Regulation defines qualified electronic signature as an advanced electronic signature that is created by a qualified electronic signature creation device. which is based on a qualified certificate for electronic signatures”.
These signatures are advanced e-signatures but must adhere to certain EU standards. (i.a. based on a so called qualified certificate), which means they offer additional protection controls over the advanced counterparts.
You create this signature with the help of a device that’s specifically designed to create e-signatures. A court must normally admit these certificates the same legal value as a handwritten signature.
Once a contract in Oneflow has been signed in Oneflow’s digital contract process by all signatories, Oneflow adds additional security and validity information to the contract bundle after which the whole bundle is sealed with a Qualified Electronic Seal.
As with electronic signatures, electronic seals also have different types according to the eIDAS Regulation: Simple, Advanced and Qualified.
The principle is similar to that of the electronic signature level – the requirements of each level of the electronic seal build on the requirements of the level below it. A Qualified Electronic Seal meets the most requirements and a Simple Electronic Seal the least.
The seal is there to prevent both intentional and accidental change the document after it was signed, meaning you and your counterparties can remain secure in the knowledge that what you signed today will remain verifiably unchanged now and in the future, even if that is 20 years away.
The seal used by Oneflow is applied by its partner Sovos TrustWeaver.
Is an electronic signature legally binding in my country?
The next frequently asked questions by our users is whether electronic signatures are legally binding in the countries that they operate in. It’s a fair question. However it’s not a question with a set answer.
The GDPR and the eIDAS regulations can vary from country to country. There’s also the fact that GDPR and eIDAS both apply to businesses outside of signatory countries, but who do business in signatory countries.
If all of this sounds confusing, don’t worry. We’ve summarized everything you need to know about this here.
In which countries are the GDPR and eIDAS frameworks applicable?
The GDPR and eIDAS regulations apply to all companies based in the EU, Norway, Iceland, Liechtenstein, and the UK. But they also apply to companies doing business in these countries. For example; a company based in Texas, but doing business in Norway, would still have to protect their customers’ data in-line with GDPR and eIDAS. This is also the case when it comes to electronic signatures.
Keeping with the Texas/Norway example, an electronic signature has to be made and verified in line with European standards. So that company in Texas will have to apply eIDAS standards to that electronic signature made in Norway. Doing this means that an electronic signature is legally binding.
In countries that aren’t bound by GDPR and eIDAS, but use these laws as bases for their own legislation, the picture isn’t quite so black and white. Like the EU, some countries apply their laws to their citizens’ data, even when it’s being handled overseas. Some don’t. Make sure to check local laws before making any big decisions about how to handle your election signatures. After all, you want them to be legally binding.
A quick legal note
Oneflow develops, sells and implements digital contract management and automation systems. We, being the provider of a SaaS contract automation platform, as well as many electronic signature providers in the industry, are not in any credible position to advise anyone or any business in legal matters.
How to verify the authenticity of an e-signature
When putting an e-signature on a document, you want to be sure that your signature is independently verifiable.
What if someone tampers with your document after you have signed it?
What is your e-signature vendor goes out of business? Do you have to rely on your e-signature vendor for verification? Then you may be in big trouble.
Here is how you can verify that you have signed the document with your valid e-signature.
- Use Adobe Reader to open the document you have your e-signature on.
- Look at the top and see if you can find one of these options.
- Option A: Your document does not have a sign on it even though the signatories have been identified by your e-sign service.
- Option B: The document is verified with the signature and the signatories too.
- However, signature verification will be difficult without your e-sign service.
- Option C: This is the best option that verifies your signature as qualified e-signature. That’s the most secure form of e-signature you can have today.
9 most frequently asked questions to ask your electronic signature providers before purchasing an electronic signature software
- Where is your electronic signature provider’s data center located and where would your personal data be processed?
- Does your electronic signature provider support the eIDAS regulation in relation to the signature, electronic transactions process?
- Which are the technical and organizational security measures used to protect the personal data in the application or process?
- Does your electronic signature provider have any policy regarding information security, risk and incident management?
- Can your electronic signature provider provide customer references within similar industries to yours who have implemented their solution?
- Does your electronic signature provider support electronic ID signing, if so, how does that work and does it cost any additional fee on top of the subscription?
- How does your electronic signature provider support the pre-sign and post-sign processes?
- Which integrations does your electronic signature provider support natively?
- How is their support organization structured in regards to their process, response time, and opening hours?
Not all electronic signature providers are created equal
There are many electronic signature providers that you can choose from and like many other prospective buyers, you would go to marketplace and review sites such as G2 Crowd and Gartner Digital Market to do your research and to compare features, user reviews between the different alternatives. The market is a crowded one and while we’re undoubtedly biased, we have compiled the list of major alternatives that our users have evaluated in their research here.
When our CEO and founder, Anders Hamnes, a serial entrepreneur by heart, founded Oneflow, he was experiencing like many other CEOs and founders the pain of managing and storing contracts all in one secure platform. The market is made up by the majority of electronic signature providers who simply provide an “analog” solution to the manual contract workflow. That is transforming paper to PDF – which is essentially an image of a paper but viewed from a computer screen.
Imagine reading the newspapers online as PDF pages on your screen.
That’s how the majority of electronic signature providers are choosing to solve the manual problem with managing contracts before, and still are. We call that digitization. It’s not digitalization, which what Gartner defines as “Digitalization is the use of digital technologies to change a business model and provide new revenue and value-producing opportunities; it is the process of moving to a digital business.”
PDF is a static, dead document. The data inside the PDF is trapped. That’s why many users choose to go with data-first digital contracts like Oneflow contracts so that the data can be edited in real-time, even after it’s sent, and can be synced and transferred seamlessly between business systems. Using PDF to replace the analog process is not Gartner’s digitalization.
We wrote more about taking the next step of digitalization from digitization in this blog right here.
Why choose Oneflow over other electronic signature solutions
Oneflow provides independently verifiable contract electronic signature software. This means that you can easily verify the authenticity of a signed contract without having to rely on Oneflow for verification.
Say, if we disappeared from the planet, your signed document with Oneflow will still be verifiable. Sadly, this is not the case with most vendors providing e-signature solutions in the market today. More information on how to verify your signed Oneflow contracts here.
For us, offering a verifiable and qualified e-signature is the de facto of operating as a trusted e-signature vendor.
A complete platform unlike traditional e-signature providers
What gives Oneflow the upper hand over any other e-signature products on the market today is its comprehensiveness. You might think of Oneflow as just another e-signature tool, but that’s not the case.
Putting e-signatures on your documents is just one part of a much bigger picture. Oneflow automates your entire contract workflow, from start to finish.
Create and manage your contracts in a collaborative environment
Only ever work on one version of the contract with your team and counterparts. Digital contracts make editing contracts in real-time possible, even after they are sent. No need to resend a new version every time there’s a change.
With robust searching tools, finding old contracts is a breeze. A comprehensive dashboard gives an overview of all pending, sent, or active contracts in your organization. And automatic notifications remind you when it’s time to renegotiate or renew.
Make contract data processable and usable to your business
Turn unstructured data into structured data, and make contracts a part of your workflow across the whole organization. You can integrate Oneflow into your existing processes and systems such as Salesforce, Hubspot, Pipedrive, so that deal is quicker and decisions are smarter.
If you want to streamline your sales, hiring, or purchasing workflow with functionality that goes beyond e-signature creation, Oneflow is the right platform for you.
How to sign a contract in Oneflow
The key takeaways
First and foremost, it’s important to note again that we’re not lawyers at Oneflow. We provide great contract software, but we can’t help you get out of that parking ticket.
Electronic signatures are valid right across the EU, Norway, Iceland, Liechtenstein, and the UK, and they’re governed by the GDPR and the eIDAS regulations. These laws mean that companies outside of these countries, but who do business within them, must also abide by these pieces of legislation.
Both the GDPR and the eIDAS regulations have become the standards for lots of other countries when drafting their own data protection laws. But finer details, like who has to abide by them and who doesn’t, vary from country to country.
This is why it’s so important to seek legal advice before making any decisions to do with contract software. Doing this means that you can rest assured that your electronic signature will be legally binding in your country.
Ask us anything about truly digital contracts
Want to know more about digital contracts or the future of contract handling? We’d love to hear from you.