Legality of a Digital (Electronic) Signature
With SignRequest your customers are requested to sign a contract after clicking on a link in their email. This is a legal alternative to for example having the contract printed, signed and scanned.
Due to the added documentation, the fact that the contract cannot be changed during the entire process and the signed contracts are automatically stored in one place it's often a more secure alternative to many conventional practices.
European Union: eIDAS regulation
As of July 1 2016 all EU member states have adopted the eIDAS regulation. Therefore all member states have the same new regulations regarding the legal effect of electronic signatures.
eIDAS Article 25: Legal effects of electronic signatures
"An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures."
(source: Article 25 eIDAS)
Through the above article an electronically signed document is admissible as evidence. During a dispute the level of proof will be important. An advanced electronic signature has higher requirements with respect to the level of proof.
eIDAS Article 26: Requirements for advanced electronic signatures
An advanced electronic signature shall meet the following requirements:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
(source: Article 26 eIDAS)
Below, an explanation will be given on these requirements.
a. it is uniquely linked to the signatory
SignRequest adds a ‘signing log’ after the document has been signed. This ‘signing log’ is uniquely linked to the signatory and the document with a hash code.
b. it is capable of identifying the signatory
The SignRequest ‘signing log’ contains the following information about the signatory:
- Email address
- All inputs made, for example: name, date and signature
- Ip address during signing
- Time and date of the signature
- Hash code of the signed document
- Details of added attachments, for example: a picture or scan of an ID and/or bank card (optional)
- Phone number of the signatory (optional)
- Bank number of the signatory (optional)
The signatory can be identified on the basis of the above means. Every organization should choose the means necessary and weigh the degree of reliability required compared to the ease of signing.
When opting for email verification the use of SignRequest is comparable to the process of printing, signing and scanning. With an additional text message verification it is (in the opinion of SignRequest) stronger as there is more proof.
c. it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control
The signatory can keep his email account, phone, bank account and/or SignRequest account under his sole control.
d. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable
SignRequest adds a hash code to the ‘signing log’. A hash code is unique for every document. Therefore, even the slightest change of the document will result in a different hash code. Comparing the hash code of a document with the original hash code on the ‘signing log’ will determine the integrity of the document.
In addition, SignRequest sends the hash codes of the document and signing log by email after all parties have signed and keeps a log of these hash codes.
If requested, the documents can also be sealed with SignRequest’s digital certificate.
There are two laws that establish the legality of electronic signatures in the United States.
- The Electronic Signatures in Global and National Commerce Act (E-Sign Act), signed into law on June 30, 2000, provides a general rule of validity for electronic records and signatures for transactions in or affecting interstate or foreign commerce.
- UETA (1999) establishes the legal equivalence of electronic records and signatures with paper writings and manually-signed signatures, removing barriers to electronic commerce.
What is the starting point?
There is a solid legal framework for the use of an electronic signature. Yet sometimes one still has some doubt. In that case it is good to analyze the current state of affairs within an organization.
When contracts are currently for example sent as a PDF attachment and after printing and signing returned as a scanned document the organisation has no 'wet' signature. Then there is even more uncertainty about the integrity of the document. The content of the PDF sent by email can easily be modified without being noticed and a fake signature can be added.
With SignRequest the document can not be changed without your knowledge and any added data is logged. In addition, all signed documents are easy to find so there are no more lost documents. Therefore the use of SignRequest offers in many cases an even safer and stronger legal position than in the current situation of many organisations.
However, it is important to mention that only a judge can determine if the signed contract has an "adequate" reliability and level of proof.
SignRequest's experience is that organizations using the services of SignRequest often have more evidence than in their current situation.
For more information about Dutch law please visit our Dutch page.