Electronic signatures

Everything you need to know about legality and how to use them

Overview

An electronic signature is meant as a replacement for the traditional handwritten signature. It's in the form of electronic data and is associated with other data in electronic form, such as a document.

The benefits are many and one of them is speed. By removing physical logistics, doing business is made much easier, especially internationally.

Saving costs is perhaps the biggest factor. Postage, printing and paper are now a thing of the past. And by automating the validation and archiving of signed documents, a lot of time and can be saved.

  1. language Created with Sketch.

    Benefits

    A brief explanation about what electronic signatures and their benefits are

  2. information Created with Sketch.

    Regulation and legality

    What does legally valid mean. And which laws and regulations should you consider.

  3. settings Created with Sketch.

    3 tiers of electronic signatures

    Higher does not equal better. Pick the right tier that matches your needs.

Regulation

The electronic signature is not a new concept. The EC (European Commission) already drafted the e-Signature Directive in 1999.

Still this was not enough to stimulate large scale adaptation in Europe. Largely because the legislation could still differ per country.

The new eIDAS (Electronic Identification and Trust Services) regulation brought the necessary change. Since 1 July 2016 all EU member states are required to follow the same standards.

Electronic signatures in South Africa are approved under ECTA instituted since 2002. The South African law adheres to the EU Directive on electronic signatures.

More about eIDAS
what is eIDAS

Legally valid

Electronic signatures are legally valid thanks to eIDAS. But what does this mean? Just like traditional signatures, they can now be used as evidence in a courtroom.

But that does not mean they are holy. Both electronic and traditional signatures can be disputed. In that case, it is up to you to prove that the person has really signed.

It is therefore extremely important to record and secure the process of creating the electronic signature. To achieve this, eIDAS describes three tiers of electronic signatures: 'standard', advanced and qualified.

Legally valid

Technology neutral

eIDAS describes electronic signatures without mentioning specific technologies. This was deliberately done to leave room for innovation. The flip side of this is that there may be confusion due to different interpretations. Our advice is to look carefully at the regulations yourself when in doubt.

Electronic signature

"Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign"

Simply entering a check mark, your name or 'agreed' on a website can already be an electronic signature. This doesn't have to look like your handwritten scribble in any way.

The big advantage is that this is very accessible for the signatory.

The disadvantage is that this type of signature is easy to dispute. It is quite possible that another person has completed the form. So the risk is high.

Electronic signature

Advanced electronic signatures

For this tier, the identity of the signatory must be uniquely linked to the signature.

This can be done by basing the signature on data that only the signatory has at his/her disposal. For example, access to a specific device, phone number or bank account. But other methods are also possible.

Another requirement is that the signature and the associated data are protected against future changes.

In practice, the same proven techniques are used to achieve this, such as encryption and digital signatures. This makes an advanced electronic signature very strong legal proof.

Advanced electronic signatures

Qualified Electronic Signatures

Qualified Electronic Signatures are the only exception where eIDAS requires specific technology. Documents must be provided with a certificate issued by a TSP (Trusted Service Provider).

This means that every signatory must first identify themselves with the TSP. This makes the qualified electronic signature more secure, but also less practical and more expensive.

The qualified electronic signature is therefore best applied to agreements of very high value and high potential risk. For example the ownership transfer of real estate.

Qualified Electronic Signatures

Comparison

3 tiers compared

Standard Advanced Qualified
Legally valid Yes Yes Yes
Connected to other data Yes Yes Yes
Uniquely connected to the signatory Optional Required Required
Identification of signatory Optional Required Required
Two-factor Authentication (2FA) ¹ Optional Required Required
Detection of changes² Optional Required Required
Secured with a certificate³ Optional Optional Required
Certificate issued by a TSP Optional Optional Required
Enclosed data for validation Optional Optional Required

Two-factor Authentication (2FA) ¹

The risk of fraud is drastically reduced if, during a login session, the user not only has to enter his username and password (something he knows) but also needs something he "has" - like his cell phone - to complete the login session. This second factor of authentication can, for example, be a One Time Password or verification via the Authenticator app.

Detection of changes²

PDF documents are hard to adjust for the average person. However, it could be possible that someone changes your signed documents. For example, by adjusting the terms of a contract. Thanks to a digital certificate, every modification to the original document can be traced. Simply put, the digital signature of the certificate no longer matches the document as soon as it is adjusted. Thanks to cryptographic calculations that only work in one direction, this cannot be forged.

Secured with a certificate³

Certificates are issued by special Certificate Authorities (CA). Certificates can expire and be withdrawn, making it possible to validate the validity of documents even after a long time. According to eIDAS, a certificate is not required for an advanced electronic signature, but in practice this is almost always used. This is because a certificate is the most common way to meet the other requirements of an advanced electronic signature.

Ready to start?

Check out CM Sign to start with eSigning today. Or contact us for more information.

CM Sign Contact us

Select Your Country

Selecting a country will show relevant information for that region and may change the language.

Choose a different country or region if you want to see the content for your location.

Go

Select Your Country

Choosing a country or region will show content for your location.

Go

If you have any questions or suggestions, you can always contact us.