Sep 18, 2019
4 min read

E-Signature: Basics and Usage

Commercial transactions between companies and individuals often lack trust and confidence. There is always a chance that electronically sent documents could have been altered to somebody’s benefit, with false information put on official documents such as tax returns, business records, personal checks, or identification cards. Such cases of fraud can also occur in the KYC flow when imposters sign agreements with fintechs or banks under a different name.

Electronic signatures appeared to stop this kind of falsification from happening, providing documents with the necessary security.

What is an e-sign?

An electronic signature is a legally-binding digital way to sign documents online, just like you do offline. Electronic signatures link the signatory to the information and satisfy legal requirements. It provides authentication and integrity, preventing the authenticity of a signature from being challenged.

Using an e-sign is an advantage for all the businesses that generate a large number of documents requiring signatures: partnership agreements, sales contracts, purchase orders, non-disclosure agreements, statement of work, quality assurance reports and many more.

Types of e-signatures

There are many forms: typewritten, scanned, electronically presented handwritten signatures, uniquely represented characters, digitally represented characteristics (fingerprint or retina scan), cryptographic signatures.

Apart from simple e-signatures (scanned signatures and tickbox plus declarations), there are two important categories to know.

  • Advanced e-signatures – linked to the signatory and the data in the document. Such e-signs can be used as the signatory identifier and detect any changes made to the document.
  • Qualified e-signatures – usually created by a qualified e-sign device and based on a qualified certificate for electronic signatures.

E-Signing helps organisations reduce costs, increase data security, improve process efficiency, accelerates application completion and prevent time-consuming errors.

But, how legal is an electronic signature?

What makes it legally-binding: e-sign laws

Even from lawyers, you can sometimes hear that electronic signs are not legally binding. This statement is incorrect. Of course, in certain situations, it may required to submit a paper document (for example, this applies to the bills of exchange and promissory notes), but often the electronic form is enough.

To guard the authenticity of e-signatures countries have developed special laws.

The EU eIDAS

In the European Union e-Signing is governed by EU regulation number 910/2014, commonly known as EU eIDAS — EU Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

eIDAS sets outs two standards for electronic signature, ‘Advanced’ and ‘Qualified’.

Advanced e-signature

To be considered an advanced signature, it has to meet the following requirements.

  1. Be uniquely linked to the signatory;
  2. Be capable of identifying the signatory;
  3. Be created using electronic signature creation data that the signatory can use under their sole control;
  4. Be linked to the signed data in a way that any subsequent change is detectable.

Qualified e-signature

Such signatures require enhanced identity proof, usually with a physically held device that uses ‘public-key infrastructure’ technology (PKI). It has to comply with eIDAS’s set of regulations on issuance and trust, and provide a framework to a strong level of authentication and encryption.

The difference between an advanced and a qualified e-signature is the addition of a qualified certificate. This certificate must be issued by a qualified trust service provider and adds to the authenticity of the electronic signature proving the identity of the signatory.

Qualified signatures are often used in the government, military and financial institutions that regularly deal with high value and high-risk digital transactions.

The UK Electronic Communications Act

E-Signing regulations in the UK are set out in the Electronic Communications Act 2000 but this is now effectively replaced by eIDAS.

Requirements around electronic signature are common law and some contract-specific regulations (e.g the Consumer Credit Act 1974). The Law Society of England & Wales has produced an authoritative practice note on the common law underpinnings to electronic signature.

The US ESIGN Act and UETA

In the USA it is governed by the United States Electronic Signatures in Global and National Commerce Act (ESIGN) and the Uniform Electronic Transactions Act (UETA). The laws state four major requirements for an e-signature to be recognized as valid in the U.S.

  1. Intent
    Like any other signatures, it is only valid if each party have intended to sign.
  2. Consent
    The parties to the transaction must consent to do business electronically.
  3. Records
    The system must keep records of the process by which the signature was created, or generate a textual or graphic statement.
  4. Record retention
    Records must be retained and accurately reproduced for reference by all parties or persons entitled to the contract or record.

Depending on your use case or industry, federal and state regulations may impose additional requirements. An example of such extra requirements can be found in 21 CFR Part 11.

The requirements for e-signing regulations vary around the world, but only slightly. The key legal issues businesses face when implementing an e-signature into their flow are essentially the same and the eIDAS is the main orienteer.

How does an e-sign work?

Similar to handwritten signatures, e-sign is unique to each signer. Signature solution providers, follow a specific protocol — Public Key Infrastructure (PKI). It requires the provider to generate unique keys, that are then attached to the signer. When a signer electronically signs a document, the algorithms encrypt these keys in the digital signature. It is secure — if the document is altered in any way after the e-sign was put on it, the document turns invalid.

Above all, every user is generated with a complaint to the relevant regulator online certificate, that proves the signature to be legally-binding.

In terms of the user-flow, there is no general scenario, as an e-sign can be used in an indefinite amount of cases. It is frequently used in KYC — identity verification process, becoming more and more popular due to its efficiency of use and its legal power in terms of regulatory compliance. So now, instead of printing, signing, scanning and sending the agreements back to the financial institutions, as it was practiced in KYC originally, the flow cuts down on to-do steps with a simple e-sign. All backed up by an eIDAS compliant certificate.

Digital signatures are created with the help of an international, efficient, standards-based technology that not only speeds up the routine process of signing a document but also helps to prevent forgery or changes to the document after it has already been signed.

If you like how we think – check out other posts and solutions at Sumsub.

AuthenticationKYCSecurity