A guide to e-signatures
A guide on e-signatures and what makes them legally binding
Much has been written on electronic signatures. In this article, we would like to present a simple guide on e-signatures and what makes them legally binding.
In the modern world, everything has digitalized with time. From online shopping to automation of complex business functions, everything is digital today, and it lays the foundation of our future as well. One of the things that has become popular is electronic signatures or e-signatures.
However, because it appears to be easy to sign a document online, many are often concerned about the legality of e-signatures. Does the e-signature on a contract give the document any legal status?
What is an e-signature?
Just like your inked signature, signing documents online is a way for you to sign documents. You could use an e-signing tool that gives you the ability to sign a document with a click or write your signature on a digital document with a mouse. The presence of such a signature on a document may or may not give it a (stronger or weaker) legal status, depending on various factors that you will read later in the guide.
The legality of electronic signatures
Now that you know what e-signatures are, you must be wondering about their legality. Yes, you could put an electronic signature on a document but does doing so make the document legal?
Electronic signatures are legally binding in thirty European countries, the United States and the vast majority of countries around the world. An electronic signature can carry the same weight and legal effect as a traditional paper document with a pen and ink signature.
In all the countries where e-signatures are legally binding, its legal status depends on proving the presence of these three elements:
Who: Who has signed?
This is the part where the identity of the signatory must be verifiable. There are a number of methods that can be used to perform identity verification such as using verification via SMS, email, electronic ID, for example, BankID in Sweden. The stricter the identity control there is in the method, the higher the security the method offers.
On top of this, a lot of information about every interaction in the contract is saved and logged. Remember that none of these identification methods are 100% secure, even though digital is almost always better than the analog alternative!
What & intent: What was signed?
The next part that affects the legal status of a signed document is the content of the document and the intent of the parties. What was signed? Did the parties invited to the contract intend to sign and legally commit to the document?
This is where the contract content and what the parties stated in the signed version of the document matter. If a contract changes before being signed, the new wording will become the new contract offer. If there is more than one party invited to sign the document, then the contract is only signed when all have signed — agreeing on the common content.
Integrity: Has the document been changed or tampered with after signing?
The final part that determines the legal status of an electronically signed document is the document integrity after signing. This means that after the parties have signed the document, it must be kept intact and not be modified or tampered with.
By using an electronic signature based on PKI, the document gets ‘hashed’ and signed using an asymmetric encryption key pair. The hash value is like a fingerprint of the document, and it is unique. The integrity of the document is protected so that even a slight change in the document, e.g. change of a comma, a point or space, would create a completely different hash value — revealing a change has occurred.
Qualifications for an e-signature to be legally binding
As you can tell by now, not every electronic signature will be found to be legally binding. Obviously, you can’t just take a picture of your signature on a piece of paper, crop it, and paste in your documents to use it for making the documents “legal”. This method won’t provide any decent level of evidence as someone else can easily copy-paste it from your document to another.
The legal value of an electronic signature will depend on the ability to prove who applied it, the identity of that person and that the signed data has not changed after signing.
Regulation of electronic signatures
The types of signatures above are described in more detail in the eIDAS (electronic IDentification, Authentication and trust Services) Regulation of the European Union. eIDAS is a comprehensive regulation dealing with electronic identification and trust services for electronic transactions in the European Single Market. In the US the ESIGN Act is regulating e-signatures on the federal level.
Oneflow follows the standards and best practices set out in or following from the eIDAS regulation.
- eIDAS: Electronic Identification and Trust Services Regulation
- ESIGN Act: It stands for US Electronic Signatures in Global and National Commerce Act
- UETA: Uniform Electronic Transactions Act
Types of electronic signatures
There are different types or levels of electronic signatures according to the eIDAS Regulation: SES (Simple Electronic Signature), AdEs (Advanced Electronic Signature), and QES (Qualified Electronic Signature).
SES (Simple Electronic Signature)
The definition of an Electronic Signature under Swedish and EU law means “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign” (eIDAS Regulation article 3). As there are no specific security requirements laid down by law, it’s not possible to determine the legal value of such signature without evaluating the method and security applied in the specific case.
AdES (Advanced Electronic Signature)
As the name suggests, this is an advanced form of signature that offers more security than a simple electronic signature. It also identifies the person who has signed the document. This type of e-signature detects if someone has tampered with the signature after the signatory has put it on the document. These signatures are made secure with the help of cryptographic keys. According to eIDAS Regulation, an advanced electronic signature means “an electronic signature which meets the following requirements:
- It’s uniquely linked to the signatory;
- It’s capable of identifying the signatory;
- It’s created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- It’s linked to the signed data so any subsequent change in the data is detectable.”
QES (Qualified Electronic Signature)
The eIDAS Regulation defines qualified electronic signature as “‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures”.
These signatures are advanced e-signatures but must adhere to certain EU standards (based on a so called qualified certificate), which means they offer additional protection controls over the advanced counterparts. You create this signature with the help of a device that’s specifically designed to create e-signatures. A court must normally give these certificates the same legal value as a handwritten signature.
Using a qualified seal with an electronic signature
Once a contract in Oneflow has been signed by all signatories, Oneflow adds additional security and validity information to the contract ‘bundle’, after which the whole bundle is sealed with a Qualified Electronic Seal.
As with electronic signatures, electronic seals also have different types according to the eIDAS Regulation: Simple, Advanced and Qualified. The principle is similar to that of the electronic signature level — the requirements of each level of the electronic seal build on the requirements of the level below it. A Qualified Electronic Seal meets the highest requirements and a Simple Electronic Seal, the lowest.
The seal is there to prevent both intentional and accidental changes to the content of the document after it was signed. This means you and your counterparties can be completely confident that what you signed today will remain verifiably unchanged, both now and in the future. Even if that’s 20 years away.
The seal used by Oneflow is applied by our partner Sovos TrustWeaver.
How to verify the authenticity of an e-signature
When putting an e-signature on a document, you want to be sure that your signature is independently verifiable.What if someone tampers with your document after you’ve signed it?
What if your e-signature vendor goes out of business? Do you have to rely on your e-signature vendor for verification? Then you may be in big trouble.
Here is how you can verify that you have signed the document with your valid e-signature.
- Use Adobe Reader to open the document you have your e-signature on.
- Look at the top and see if you can find one of these options.
- Option A: Your document does not have a sign on it even though the signatories have been identified by your e-sign service.
- Option B: The document is verified with the signature and the signatories too. However, signature verification will be difficult without your e-sign service.
- Option C: This is the best option that verifies your signature as qualified e-signature. That’s the most secure form of e-signature you can have today.
Digitale Verträge, die sich wie Magie anfühlen
Wir alle glauben es erst, wenn wir es sehen. Lassen Sie sich von uns zeigen, wie Sie mit Verträgen von Oneflow smarter arbeiten können.