Implementing an Effective E-Signature Program
Electronic commerce has exploded over the past decade, bringing with it a host of new laws related to business transactions using modern technology and communication. Of note are those related to the use of electronic signatures. E-Signature policies are increasingly being adopted by businesses to save significant time and money by eliminating the manual back-and-forth of routing paper documents and reducing the time needed for signature and approvals.
Implementing an effective e-signature policy starts with an understanding of the current regulations surrounding them. E-signature laws vary from country to country, and implementing a successful global e-signature policy must be considerate of every jurisdictional region within which your organization operates.
E-Signature Policies in the US
In the US, the Electronic Signatures in Global and National Commerce (E-SIGN) Act of 2000 represents the first national effort to give e-signatures the same legal weight as “wet ink” signatures, creating greater uniformity, legal validity, and trust with regard to same throughout the nation. It legalized e-signatures in every state and U.S. territory where federal law applies. Where federal law is silent or unclear, 47 states (with the exception of Illinois, New York, and Washington) have adopted the Uniform Electronic Transactions Act (UETA), which unifies state laws concerning e-signatures and provides more comprehensive language related to regulation.
Under the E-SIGN Act, e-signature is defined as “an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” The forms of electronic signatures can be very broad ranging from the click of the mouse on an online form to the use of a digitized image of a signature, or even the mere typing of a name at the end of an email. Some restrictions apply for transactions involving real property transfers, wills, and some legally required notices to consumers.
E-Signatures policies must include provisions to address the following requirements:
- Intent
- Consent, by all parties, to do business electronically
- Opt-out clause that details the process to follow should a signer wish to sign by hand
- Signed copies received by all signers to the document once fully executed
- Record Retention
The enactment of the Government Paperwork Enactment Act (GPEA) in 2003 helped to further the legal validity and adoption of e-signatures by requiring Federal agencies to allow the option of submitting / transacting with agencies electronically, when practicable. It specifically states that electronic records and their related signatures are not to be denied legal effect, validity, or enforceability solely on the basis of their electronic format.
The EU Digital Identity Ecosystem
The EU is assuredly moving towards recognition of e-signatures. The 2016 European Union’s Electronic Identification and Electronic Trust Services (eIDAS) regulation builds a common foundation for confidence, mutual recognition, and trust in electronic signatures. It also provides for the use of digital seals for business entities. This regulation makes it much easier for companies and their customers to conduct business in their own countries and across the EU. It applies to government bodies and businesses that provide online services to EU citizens and that recognize or use identities, authentication, or signatures (i.e., services associated with taxes, insurance, banking, etc.).
The passing of the eIDAS should be viewed as a fundamental milestone in creating a trustworthy digital identity ecosystem in the EU. While no specific type of electronic signature is legally required for the majority of corporate, commercial, consumer, HR, and financial transactions there are specific types of transactions that do require advanced or qualified signatures.
The eIDAS recognizes three e-signature types:
- Electronic Signatures
- Advanced Electronic Signatures (i.e., digital signatures)
- Qualified Electronic Signatures
While advanced electronic signatures (digital signatures) are a form of electronic signature, there are important differences. Digital signatures employ the use of sophisticated encryption and decryption technology to verify the identity of the parties, addressing a host of fraud-prevention concerns. They provide an envelope around the entire document not just the signatures itself. A Certification Authority (CA) issues a certificate to verify and authenticate the validity of each party involved in an online transaction and fix the identity of a person to a document. When the signature is applied, a cryptograph operation binds the certificate with the data into one unique fingerprint that is permanently embedded into the document, and will show if any tampering was attempted after being signed.
A qualified electronic signature is an advanced electronic signature which is additionally created by a qualified signature creation device (QSCD) and is based on a qualified certificate for electronic signatures. Devices come in many forms such as smartcards, SIM cards, USB token, etc. As compared to advanced electronic signatures, here a certificate is required and can only be purchased from an accredited and supervised certificate issuer.
Across the globe, China and a majority of other Asian countries follow a framework that borrows heavily from eIDAS, using a two-tier model that gives digital signatures the same status as handwritten signatures but also recognizes simple electronic signatures as legal and enforceable.
Global Signature Frameworks
Worldwide, three types of legal frameworks are recognized and should be considered when establishing an e-signature policy:
- Minimalist/Permissive laws provide the widest protection by allowing use of e-signatures with few legal restrictions (US, Australia, New Zealand, Canada).
- Two-Tier laws permit the use of e-signatures but provide greater weight to digital signatures (EU, China, South Korea).
- Prescriptive laws dictate specific technical methods for signing (relatively rare and used mainly in Brazil, India, Israel).
In a world where the pace of business often defines success or failure, electronic signatures present transformative opportunities for more efficient and effective business transactions. Ultimately, though, they also serve to codify agreements between parties, and as such present a host of new challenges and complexities, with material jurisdictional variances, that can serve to undermine the legality and enforcement of agreements if not carefully and proactively managed and understood.