As companies are heading toward modernization, more things are getting digitized and handled remotely in a way we never thought possible. One example is digital signatures allowing people to execute and sign documents remotely. While it is definitely more convenient to be able to do these tasks from miles away, legal concerns may prohibit us from moving forward.
Let’s start with the difference between “Digital Signature” and “Electronic Signature” and then look at the legal issues and concerns around the subject. We’ll wrap up with a quick look at this topic from a world perspective.
Digital Signature vs Electronic Signature
While we use the terms interchangeably and think they are the same, there is a huge difference between them. An “Electronic Signature” can consist of anything from a scanned image of your signature, an “I accept” button, or even your name at the end of an email. This can and does raise serious security issues in our minds since anyone can do it on your behalf. The fact is, an “Electronic Signature” itself, does not guarantee non-repudiation and signature ownership. In fact, the integrity of your e-signed document and the validity of your signatory binding authority may be challenged in court.
On the flip side, a “Digital Signature” is the most secure form of electronic signature due to the encryption algorithms it uses. The encryption ensures the authorized people have signed and the integrity of the document is intact. When you sign a document via a digital signature, through the encryption algorithm, the document content and the identity of the signatory are bound together. As a result, a certificate of authenticity can be produced confirming the identity of signatories as well as the document's integrity.
Digital Signature in Canada
As stated in the Personal Information Protection and Electronic Document Act (PIPEDA), every type of electronic signature that holds a similar significance to a physical one is legally permissible and fully court-admissible in Canada. Each company operating in Canada can use digital or paper documents but PIPEDA insists on specific requirements for electronic/digital signatures to be considered secure. Businesses should pay attention to issues including:
- Documents should be created under the signer’s sole control
- Businesses should be able to confirm the identity of the signer
- Documents should be protected by a sort of technology that can determine if any changes have been made to the document along the transmission
In brief, there are technical requirements including approved cryptographic algorithms, tamper-evident technology, and verifiable signer identity which should be used for a digital signature and a document.
Digital Signature in the U.S.
Electronic and digital signatures are both accepted in the U.S. and they have the same weight as wet ink in almost all cases (as it has been declared in the federal ESIGN Act). Also, there is an Act (Uniform Electronic Transactions Act-UETA) that provides details of E-Signature regulations at the state level of the U.S. The District of Columbia, Puerto Rico, and the U.S. Virgin Islands have adopted this act. It’s worth mentioning that in the U.S., neither law accepts the validity of an electronic signature in below circumstances:
- The creation and execution of wills
- Areas related to Family law like adoption or divorce
- Uniform commercial code
- Court documents
The use cases, acceptance, legality, and validity of digital/electronic signatures vary in different countries so, depending on the country that you’re working in you should be aware of these issues.
Three types of E-Signature laws around the world
There are three types of E-signature laws in the world including:
- Permissive: In this type, an E-signature will have the same weight as a handwritten signature. In other words, few restrictions exist surrounding the E-signature and they’re considered legal and enforceable in every case. Countries with permissive laws regarding E-Signature include the U.S., Canada, Australia, and New Zealand.
- Prescriptive: This type is the rarest type of E-signature law. It is strict and more difficult to adhere to if you don’t have the appropriate technology. There are specific rules regarding how to create and sign documents, and what processes and technology you should use in order to create a legally binding signature. It is being used in a few countries including Israel, Brazil, India, and Malaysia.
- Two-tier: This is somehow a combination of the previous two models. It will allow and accept all sorts of electronic signatures, however, it will require specific processes and technology to create a digital signature. All the European countries take this approach with the eIDAS regulation along with South Korea, Thailand, and China.
Digital Signature Adoption for Businesses
When it comes to using digital signatures for businesses, additional measures should be taken specifically in some cases where the contract is referring to a significant amount of money, dealing with governmental organizations, etc. Businesses must ensure that their Electronic/Digital Signature solution meets all applicable laws and regulations of the country they’re operating in. Moreover, in the business environment, below items are extremely crucial for the legal enforceability of the Electronic/Digital Signature:
- Record-keeping of transactions and signatures
- Keeping metadata such as IP, and timestamps in a way that could be reproduced at a later time
- Security Protocols
- Audit trails
- Security measures to protect the integrity and confidentiality of both e-signature and records including:
Encryption, Two-Factor Authentication, Digital certificates, Secure servers
In summary, electronic and digital signatures are not the same. They can both be useful enhancements to business but they each must be adopted in the right circumstances. Where signing authority and document integrity are mandatory, only the Digital Signature is the right choice!
Leave Comment