Electronic signatures

Everything you need to know about legality and how to use them

Overview

An electronic signature is meant as a replacement for the traditional handwritten signature. It's in the form of electronic data and is associated with other data in electronic form, such as a document.

The benefits are many and one of them is speed. By removing physical logistics, doing business is made much easier, especially internationally.

Saving costs is perhaps the biggest factor. Postage, printing and paper are now a thing of the past. And by automating the validation and archiving of signed documents, a lot of time and can be saved.

  1. Benefits

    A brief explanation about what electronic signatures and their benefits are

  2. information Created with Sketch.

    Regulation and legality

    What does legally valid mean. And which laws and regulations should you consider.

  3. settings Created with Sketch.

    3 tiers of electronic signatures

    Higher does not equal better. Pick the right tier that matches your needs.

Regulation

Electronic signatures in South Africa are approved under The Electronic Communications and Transactions Act (ECTA) instituted in 2002. Any company operating in the South African market can use eSignatures as a signing method.

ECTA is the equivalent of eIDAS in Europe and the ESIGN act in the United States.

More about eIDAS
what is eIDAS

Legally valid

Electronic signatures are legally valid thanks to ECTA. But what does this mean? Just like traditional signatures, they can now be used as evidence in a courtroom.

But that does not mean they are holy. Both electronic and traditional signatures can be disputed. In that case, it is up to you to prove that the person has really signed.

It is therefore extremely important to record and secure the process of creating the electronic signature.

Legally valid

Technology neutral

ECTA describes electronic signatures without mentioning specific technologies. This is deliberately done to leave room for innovation. The flip side of this is that there may be confusion due to different interpretations. Our advice is to look carefully at the regulations yourself when in doubt.

Electronic signature

"Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign"

Simply entering a check mark, your name or 'agreed' on a website can already be an electronic signature. This doesn't have to look like your handwritten scribble in any way.

The big advantage is that this is very accessible for the signatory.

The disadvantage is that this type of signature is easy to dispute. It is quite possible that another person has completed the form. So the risk is high.

Electronic signature

Advanced electronic signatures

For this tier, the identity of the signatory must be uniquely linked to the signature.

This can be done by basing the signature on data that only the signatory has at his/her disposal. For example, access to a specific device, phone number or bank account. But other methods are also possible.

Another requirement is that the signature and the associated data are protected against future changes.

In practice, the same proven techniques are used to achieve this, such as encryption and digital signatures.

The final requirement is an audit and accreditation by the South African Accreditation Authority.

Advanced electronic signatures

Comparison

The two tiers compared

Standard Advanced CM Sign
Legally valid Yes Yes Yes
Connected to other data Yes Yes Yes
Uniquely connected to the signatory Optional Required Yes
Identification of signatory Optional Required Yes
Two-factor Authentication (2FA) ¹ Optional Required Yes
Detection of changes² Optional Required Yes
Secured with a certificate³ Optional Required Yes
Accredited for Advanced eSignatures Optional Required No

Two-factor Authentication (2FA) ¹

The risk of fraud is drastically reduced if, during a login session, the user not only has to enter his username and password (something he knows) but also needs something he "has" - like his cell phone - to complete the login session. This second factor of authentication can, for example, be a One Time Password or verification via the Authenticator app.

Detection of changes²

PDF documents are hard to adjust for the average person. However, it could be possible that someone changes your signed documents. For example, by adjusting the terms of a contract. Thanks to a digital certificate, every modification to the original document can be traced. Simply put, the digital signature of the certificate no longer matches the document as soon as it is adjusted. Thanks to cryptographic calculations that only work in one direction, this cannot be forged.

Secured with a certificate³

Certificates are issued by special Certificate Authorities (CA). Certificates can expire and be withdrawn, making it possible to validate the validity of documents even after a long time. According to eIDAS, a certificate is not required for an advanced electronic signature, but in practice this is almost always used. This is because a certificate is the most common way to meet the other requirements of an advanced electronic signature.

Ready to start?

Check out CM Sign to start with eSigning today. Or contact us for more information.

CM Sign Contact us

Choose a different country or region if you want to see the content for your location.

Go