In these times of remote working and an ever-increasing dependence on mobile phones and devices, electronic signature (“e-signature”) solutions benefit almost every business and sector. They can be used in contracts, financial services, non-disclosure agreements, intellectual property licensing, government services and more.
The legal bit.
Despite Brexit, Regulation (EU) No 910/2014 (the “eIDAS Regulation”) continues to apply alongside the Electronic Communications Act 2000 (the “ECA 2000”) and common law. The eIDAS Regulation was slightly amended and together with the amended Electronic Identification and Trust Services for Electronic Transactions Regulation 2016 (2016 No. 696) the regulations are referred to as the UK eIDAS Regulations.
So, what are e-signatures?
Essentially, an e-signature is data in electronic form which is attached to or associated with other data in electronic form (such as a contract in a .pdf format) and which is used by the signatory to ‘sign’ the electronic form.
The eIDAS Regulation distinguishes between three levels of e-signature:
- Simple Electronic Signature (SES): does not require ID verification. No special hardware required.
- Advanced Electronic Signature (AES): links signatory’s ID to the document and provides cryptographic evidence of changes to documents. AES requires Secure Signature Creation Device hardware.
- Qualified Electronic Signature (QES): is equivalent to a handwritten signature. QES has the highest level of trust through face-to-face ID verification and provides cryptographic evidence of changes to documents. Requires Qualified Signature Creation Device hardware.
What counts as an e-signature?
It has so far been established via caselaw that a valid signature (sometimes called a wet signature) can take a number of different forms. Whether you sign with an “X”[1], initials[2] or a mark[3] the courts will recognise it as valid. Printing of a name[4] and a stamp of a handwritten signature[5] are also allowed. Even a descriptive signature like “Your loving mother” can be sufficient.[6] An e-signatures equivalent is likely to be recognised by a court as legally valid. There is no reason to think otherwise as Article 25 of the UK eIDAS states that an e-signature cannot be denied legal effectiveness solely because of its electronic nature.
[1] Jenkins v Gaisford &Thring (1863) 3 Sw & Tr 93.
[2] Philimore v Barry (1818) 1 Camp 513, Chichester v Cobb (1866) 14 LT 433.
[3] Baker v Dening (1838) 8 Ad & E 93.
[4] Brydges (Town Clerk of Cheltenham) v Dix (1891) 7 TLR 215.
[5] Goodman v J Eban LD [1954] 1 QB 550 page 557.
[6] In re Sperling (1863) 3 Sw & Tr 272.
Are AES and QES widely used?
No. Unlike SES which is really easy to set up and use by businesses in their day-to-day transactions, AES and QES face several potential obstacles stopping businesses from adopting the practice. QES requires strict standards of identity assurance and security which might discourage SMEs and individuals from using it. It also lacks a user-friendly guidance to help the businesses navigate the QES standards. A certain level of technical knowledge is required to research and decide on the most suitable option, therefore, the time and financial investment is less attractive to SME’s or sole traders.
The ID verification process involved in QES might be inefficient and invasive to those unfamiliar with recent technology. Having to download an app, go through a video verification and finally sign the document might seem like a time-consuming process in comparison to a wet signature (written or signed with a pen).
The process is not only troublesome from the signatory’s perspective, but there is no standardised process of identification which means businesses need to do their research and choose the most fitting offering. On top of that, if a business operates in more than one jurisdiction it will need an identification provider for each, however, many jurisdictions such as the US do not have a QES equivalent which complicates the implementation. Finally, the identification process requires the processing of data which may lead to data compliance issues.
Why use e-signatures then?
As the digital age and remote working approach progresses, the use of wet signatures will continue to decrease allowing e-signatures to take over and become a mainstream replacement.
The biggest advantage of an e-signature is the data trail it leaves behind. Once the document is e-signed (AES, QES) an audit trail is generated which records who signed the documents, signatory’s IP address, signatory’s email, any additional steps used to authenticate the signatory and a timestamp. According to section 7(1) of the ECA 2000 such trail can be used as admissible evidence in court. It is, therefore, fairly simple to prove the authenticity of an e-signature.
Even though all e-signatures are legally valid in courts, parties requiring it in the form of SES or AES may need to prove the security and technology if disputed in court. QES on the other hand must be proven invalid by the signing party which makes it a safer and more economical option.
QES is by far the most secure form of an e-signature and some consider it safer than a handwritten signature. With QES the possibility of fraud is minimal, and even if such situation occurs the reverse burden of proof, ability of signature validation (cryptographic data) and the identity verification make it a very straightforward case.
Aside from the security advantages, e-signatures benefit consultants working remotely allowing the execution of documents in any place in the world even via a mobile phone. They speed up the signing process, increase flexibility and reduce postage and printing costs. On top of that, the pre-filled forms ensure avoidance of human error and the e-signature software often allows one to easily keep the track of the signing process.
HM Land Registry is currently allowing Mercury Signature, Conveyancer-Certified Electronic Signature and QES. E-signatures are not allowed for signing of wills.
How do I start using e-signatures?
There are multiple e-signing platforms available such as Adobe Sign, DocuSign or HelloSign. There is also a growing selection of tools to verify one’s identity and we will likely see greater adoption of cloud-based QES to authenticate cross-border transactions.
The more valuable the transaction the more security the business should opt for. The business should first determine the optimal form of e-signature for the transaction (SES, AES or QES) based on nature of parties, risk level, value and personal circumstances.
When choosing a platform one should also consider its security, safety, functionality and audit trail. At minimum, such platforms should allow users to download and retain executed documents.
It is worth noting that QES can only be issued by a Qualified Trust Service Provider (QTSP). QTPSs are highly regulated and must comply with every test of the eIDAS Regulation. If a QES is issued by a QTSP in an EU Member State, it will still be recognised in the UK. However, a UK recognised QTSP will not be recognised under EU law which may lead to issues with cross-border transactions. GMO Global Sign was the UK’S first approved QTSP and is also recognised in the whole EU.
Conclusion.
The UK government is constantly evaluating the widening of the use of e-signatures and we can observe more and more businesses implementing the processes. SES is quick, effective and environmentally friendly whilst AES and QES provide a very good audit trail to keep transactions secure. The current nature of transactions and the remote working situation will continue to put pressure on businesses and government organisations to implement e-signatures.
If you need any advice on e-signatures, get in touch with us. We believe the use of e-signatures will increase and we are here to provide you and your business with commercial and legal advice.