Electronic Signatures - what are electronic signatures?
Electronic signatures allow businesses to accept signatures in a digital environment. They aim to replace the need for pen-to-paper signing of documents and traditional paper processes, and allow both businesses and customers to do so in a secure space.
Electronic signature are based on three components, a timestamp, a signature and a seal. They are legally binding in most countries around the world.
In the European Union, a regulation called eIDAS (electronic Identity, Authentication, and Trust Services) provides standardised measures to allow for easier, more secure cross-border transactions.
Why use electronic signatures?
For businesses, electronic signatures allow businesses to pursue a crucial part of their digital transformation. Offering electronic signatures opens up opportunities to not only take formerly analog processes online, it also contributes to completely overhauling how a business operates.
Electronic signatures provide a secure way to manage the collection of signatures with identity verification for a wide variety of processes. Documentation that previously required an in-person meeting, often with reams of unnecessary paperwork, can now be tailored, completed, and managed in a fully digital environment.
Businesses using electronic signature options provide both employees and customers with a more streamlined process that offers a higher level of security and privacy.
The legal standing of electronic signatures
An electronic signature can have the same weight and legal effect as a "wet signature" (traditional pen on paper signature). In all countries where electronic signatures are legally binding, their legal status depends on proving that these three elements are present:
#1 Who signed?
A number of methods can be used to verify people's identity, such as verification by SMS, e-mail, scanning physical IDs or using electronic IDs, for example Auðkenni in Iceland and BankID in Sweden and Norway. The stronger the identity protection used, the more secure the method.
#2 What was signed?
The next factor that affects the legal status of a signed document is the content of the document and the intent of its parties. What matters here is what is contained in the agreement and what the parties declared in the signed version of the document. If the contract changes before it is signed, the new wording becomes a new contract offer.
#3 Has the document been altered or tampered with after signing?
The last thing that matters in determining the legal status of a document with an electronic signature is the integrity of the document after signing. This means that after the parties have signed the document, it cannot be changed or tampered with in any way.
The eIDAS regulation
In 2014, the European Union adopted the eIDAS regulation (electronic Identification Authentication and Trust Services). eIDAS is a broad regulation covering electronic authentication and trust services for electronic transactions in the European Single Market. Comparable requirements have been implemented into law in many countries around the world.
The type of electronic signature needed for a given document varies and depends on several factors including the industry the document is used in, the type of document being signed, the personal data collected and the necessary confidence level for authentication. eIDAS divides electronic signatures into the following categories:
Simple electronic signature - SES (Simple Electronic signature)
The definition of an electronic signature in EU law is "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign" (eIDAS Regulation, Article 3). Since the law does not stipulate any specific security requirements, it is not possible to determine the legal validity of such a signature without evaluating the method and security used in each case.
Simple Electronic Signatures includes all types of signatures done in an online space. For example, a scanned signature that is applied to a PDF document through the use of a programme such as Adobe or Preview. Consent checkboxes are also often classified as Standard Electronic Signatures.
Taktikal's Standard Signatures and Click to Sign Signatures are classified as SES.
Advanced Electronic Signature - AdES (Advanced Electronic Signature)
According to the eIDAS regulation, an advanced electronic signature is an electronic signature that meets the following requirement, (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and (d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
The signatory can be idenitified through a variety of methods, such as by scanning physical IDs and comparing the image to a live video of the signatory. Documents signed with an AdES are sealed and cannot be changed after signing.
Taktikal's Advanced Signatures are classified as AdES.
Qualified electronic signature - QES (Qualified Electronic Signature)
The eIDAS regulation defines a valid electronic signature as "an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures". These signatures provide a higher assurance level than advanced signatures. A court must usually give these signature the same legal standing as a handwritten signature.
Qualified signatures are used primarily for highly sensitive documents that require an increased level of confidence in the identity of the signatory. This is done through the use of a qualified trust service provider (QTSP) - a service that ensures the validity of identity verification.
Taktikal's Qualified Signatures are classified as QES.