The Legality of Electronic Signatures
Why Electronic Signatures?
Electronic signatures will, in most cases, cut the time to signature by enabling documents to be shared and signed more quickly than with a wet signature. By extension, they are particularly useful when the signing parties are in different locations.
Aside from the convenience, they also provide a secure and lasting record of the transaction, along with the associated metadata and a full audit trail, which can be retained for future reference.
This metadata, which can capture such information as exact time of signature, geographical location and IP address can provide a richer level of detail when compared with a traditional wet signature.
With benefits so clear and demand to use the technology so strong, it was vitally important that legislation was developed that would cover its use.
Regulation of electronic signatures will vary by country and territory.
Two key territories focused on here are the United States and the European Union where regulations are comparatively mature and have been designed to facilitate reliable electronic signatures.
Most other countries now have their own appropriate legislation pertaining to electronic signatures, ranging from the relatively permissive or minimalist (such as Australia and Canada) through to the more restrictive and controlled (eg. Indonesia).
The two relevant pieces of legislation that cover electronic signatures in the US are:
- The United States Electronic Signatures in Global and National Commerce Act, commonly referred to as “E-SIGN”.
- The Uniform Electronic Transactions Act (UETA)
E-SIGN is federal legislation while UETA is applied at a state level. UETA has been applied in 47 out of 50 states and the remaining three (New York, Washington & Illinois) have all implemented comparable legislation.
Both pieces of legislation have a central premise that essentially elevates electronic signatures to the same level as written signatures and which states that a record of signature can’t be denied legal effect or enforceability simply because it’s in electronic form.
E-SIGN defines an electronic signature as “an electronic sound, symbol or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”
In combination, E-SIGN and UETA set out the following requirements in order to recognise an electronic signature as valid:
- Parties signing the agreement consent to do business electronically
- Signatories must demonstrate intent to sign (ie. a positive action has to be taken to complete the signature)
- The electronic signature must be associated with the record (eg. once signed the signature should be saved as part of the document)
- Attribution - the electronic signature must be attributable to the person signing
- Record retention - copies of the signed agreement should be able to be retained (eg. saved or printed) so that they might be produced at a later date
Gatekeeper’s integrated eSign solution meets the technical criteria as set out in ESIGN and UETA legislation
The relevant EU legislation is The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market. It is generally referred to as “eIDAS”.
In this regulation and electronic signature is defined as “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of association.”
This definition is then used to set out three separate types of electronic signature:
1. Electronic Signatures
The broadness of the definition above means that a wide range of digital actions can represent an electronic signature. For example, checking a box to accept online terms and conditions would be sufficient.
This category covers the most basic types of electronic signatures and is often referred to as “Simple Electronic Signatures”.
2. Advanced Electronic Signatures (AES)
AES require certain conditions to be met above and beyond the Simple Electronic Signatures. These are:
- That the signature be uniquely linked to the signatory
- That the signature can be used to identify the signatory
- That the signature is created using electronic signature creation data under the signatory’s sole control
- That subsequent changes to the data are detectable
Advanced Electronic Signatures establish who the signatories are and link them permanently to the signed documents, making them fully enforceable.
Gatekeeper’s integrated eSign solution meets the criteria for Advanced Electronic Signatures.
3. Qualified Electronic Signatures (QES)
In addition to the conditions relating to AES, QES must meet two further security-driven criteria:
- They must be based on a qualified certificate (ie. a certificate supplied by a Trust Service Provider)
- They must be created by means of a secure signature-creation device, such as a USB token
This is the highest level of electronic signature and would typically be used where the documents being signed require an enhanced level of security, such as for military or governmental purposes.
Due to the comparatively onerous security requirements for QES, they are not generally considered necessary for conventional business agreements.
Gatekeeper supports Qualified Electronic Signatures via its integration with DocuSign.
This information does not constitute legal advice. For clarification on the legality of and requirements for electronic signatures in specific locations, please seek advice from a qualified legal professional.