Electronic verification of intent and identity

Modern electronic signatures use security technology that protects them from forgery or changes after the signature itself.

An electronic signature must be as reliable and tamper-proof as a handwritten signature on paper. It must also enable the identity of the signatory to be verified and confirm that the intention of the signatory corresponds to the provisions of the signed document. When using electronic signatures for global business purposes, it is important to understand the requirements and differences between electronic and digital signatures.

ELECTRONIC SIGNATURE REQUIREMENTS VARY FROM COUNTRY TO COUNTRY

Businesses around the world are increasingly adopting digital solutions that enhance the customer, user experience while eliminating cumbersome and costly manual systems. As a core component of electronic processes, electronic signatures should be a key factor when considering activities that move towards digital transformation. However, care should be taken that requirements vary from region to region. A legally acceptable electronic signature in the US may not meet European standards. In the case of global business, adopting a solution that is recognised worldwide is the start of a sound digital transformation strategy.

WHY ARE THERE TWO NAMES? DIFFERENCES BETWEEN ELECTRONIC AND DIGITAL SIGNATURES

When exploring the transition to digital business processes, it's important to use accurate terminology to ensure your e-signature solution is truly complete. The terms "electronic signature" and "digital signature" are not interchangeable, although they are often used as such.

WHAT IS AN ELECTRONIC SIGNATURE (E-SIGNATURE)?

The U.S. ESIGN Act relating to electronic signatures defines an electronic signature as "an electronic sound, symbol, or process attached to or logically related to a contract or other record that is executed or received by a person with the intent to sign the record in question."

E-signatures include handwritten signatures such as:

• Clicking on the phrase "I agree" during an online process
• Capturing a photograph at the time of signature and inserting it into the document
• Capturing biometric data such as signature speed and pressure

ELECTRONIC SIGNATURE - DEFINITION IN THE EU

Within the European eIDAS Regulation 2014, electronic signatures form only a small part of the new Regulation, but this small part is intended to enable cross-border recognition as well as European harmonisation of electronic signatures. The new eIDAS Regulation took immediate effect in all EU countries and replaced all previous laws relating to electronic signatures.

THREE TYPES OF E-SIGNATURES

Neither the 1999 European Directive nor the 2014 eIDAS Regulation are limited by a specific technology. Instead, both define three types of electronic signatures:

Electronic signature. Also known as simple electronic signature or lightweight electronic signature. This is where "a piece of electronic data that is attached to or logically related to another piece of electronic data serves as a method of authentication."

Advanced electronic signature. This category of electronic signature meets four standards: 1) it must be exclusively associated with the signer, 2) it must be reversibly associated with the signer, 3) it must be created so that only the signer can control it, and 4) any subsequent changes can be detected and tracked.

An advanced electronic signature is based on a qualified certificate. It is also known as a secure digital signature, strong digital signature, or qualified digital signature. This signature must meet two standards: 1) it must be created by a secure signature creation device (also known as a Certificate Authority [CA]) and 2) it must have technical support to ensure that the key is not forced or reproduced within a reasonable time. 

WHAT IS A DIGITAL SIGNATURE?

Digital signatures are considered a subset of electronic signatures. While an electronic signature is a legally binding document, a digital signature refers to the underlying encryption technology that authenticates the transaction.