The nuts and bolts of electronic signatures: answers to 5 frequently asked questions
Today, most people have some experience putting digital signatures on documents. The way in which we do this differs per situation, contract, and country. Everybody has their own experience — from scribbling on an iPad to signing a piece of paper, scanning it, and adding it as a picture.
Consequently, people ask a wide variety of questions about electronic signatures. Finding reliable answers is no easy feat, especially not on the World Wide Web. Connective, a leader in the field of digital signatures, gets a lot of questions from (prospective) clients who require an expert’s advice. In this blog, we’ll have a closer look at 5 pressing, frequently asked questions about electronic signatures. Let’s discuss what you really need to know!
1. What are the different types of digital signatures or electronic signature methods?
The most basic and simple way to digitize your paper flow is to have people sign on paper, upload a picture, and send it through email. But this comes with a major drawback: it’s a very fraud-sensitive process. Signers send unsealed documents that are easy to manipulate: prices can be adjusted, legal clauses can be adapted or taken out, and the signer’s identity is not protected.
A better option is the advanced signature, as defined under eIDAS. Here, the integrity of the document must be guaranteed. If you use an advanced digital signing solution, it cryptographically seals the document that is signed. This means that any edits made post-signature will render the signature invalid.
To make sure it’s an advanced signature, you need to have it authenticated through the signature channel — for instance, by having a client log in to a client portal (preferably using two-factor authentication) before they can access the document to be signed, so their identity is validated.
An example of creating an advanced signature is to send a one-time password or a secure code to an address you know is under the (sole) control of the signer. This address may be a corporate email address or a cell phone number. Another perfect example of an advanced signature is the biometric signature method where you use a specific device that captures the signer´s biometric data during the signing process.
eIDAS also defines the qualified electronic signature. This signature is the equal equivalent of the ‘wet’ signature and binds the signer’s identity to its signature by means of a personal, qualified certificate issued by a Qualified Trust Service Provider (QTSP). This ensures that the signature is not only valid in the EU-country where it has been assigned, but is recognized as a valid, legally binding signature in every other member state of the European Union. Having this special legal status in Europe, it can be used for the most crucial high-risk documents – from life insurances to credit applications – depending on the local legislation. In addition to the four previously discussed requirements, this non-repudiation digital signature must meet a range of other measures. For example, that the user’s signature private key is managed on a Qualified electronic Signature Creation Device (QSCD), which ensures that only the signer has the sole control to access and use their personal private key, and the signature creation data is unique, confidential and protected from forgery. Examples of a qualified signature is signing with an electronic Identity card (eg. .beID, LuxID, NEMID,…) or the private mobile initiative itsme® sign (available in BELUX), Swisscom and many more.
2. Are there any specific types of documents that can’t be signed digitally?
Yes, there are. It varies by country and sector. Some examples; most documents that are relevant within wealth management can be signed using digital signatures. But Land Registry documents, lasting powers of attorneys, and wills, for example, are often still considered inappropriate for digital signatures. And in some countries in the European Union, labor agreements require a qualified signature.
So, a lot depends on local regulations. If you want to use digital signatures for a niche contract, it’s definitely recommended that your legal team investigates whether it’s permitted.
3. How are documents transferred for signing, and how can you effectively verify the signer’s identity?
To allow someone to digitally sign a document, you need to provide them with a unique signing link. When they click on it, a browser-based signing session will open, and they can go through the process of creating a digital signature.
You’re free to choose the way in which you direct the signer to their unique signing link. For example, it’s possible to send it to them by email, preferably in the form of a nice-looking HTML button. You can include some additional information — for example, which document they’re asked to sign for what reason. Another option is to direct the signer to your client portal and present the signing link as a signature button.
The chosen signing method determines how you verify the signer’s identity. So, if the signer simply puts a manual scribble on the document by copying their wet-ink signature, the signing method doesn’t provide proper verification of the signer’s identity. The context of the signing ceremony together with relevant audit data would verify their identity — you could, for example, send the signing link to their personal corporate email address or make the signing screen available to them after they log into a portal.
Other signing methods don’t require an extra step like that. The one-time password signing method, for instance, allows you to verify the signer’s identity by sending a secure code to an address you know is under their control.
4. If one person uses an electronic signature, do all parties involved need to sign electronically?
It’s not a strict requirement, but we strongly recommend it. If all parties involved sign a document electronically, it’s a lot easier for you to manage your internal processes.
Now, here’s an important caveat: it’s paramount that you archive and save both the wet-ink signed and the electronically signed copies of the document. If you print out an electronically signed document, it will lose its legal value, as the digital signature is stored digitally. Likewise, a wet-ink signed document loses its value and becomes a basic signature the moment you scan it. So, remember to keep both copies of the contract.
5. How has the pandemic impacted the adoption of digital signature solutions?
We’ll speak from our own experience here. What we’ve seen at Connective is that our customers’ monthly consumption of digital signatures has increased significantly. When people were forced to work remotely, digital signing became the status quo. And most customers tell us they don’t consider this a temporary change — digitalization has accelerated in a structural way.
A the same time, we have welcomed a slew of new customers that tend to start with the so-called low-hanging fruit — or, document streams which are easy to digitize. Of course, this is a great way of laying the foundation for an end-to-end integration for automated document streams in the future.
One thing to look out for, though, is a stopgap solution. Some organizations have reverted to simpler methods, such as asking for pictures of scanned documents which can be emailed around. Technically, they get a digital signature, but it’s very weak.
It’s best to opt for structural measures — your approach will be safer and more future proof!
Do you want to know more about digital signatures? Download our guide to digital signatures now.
Must read for you:
- What is a digital Signature?
- Three types of electronic signatures, three levels of reliability: which one best suits your needs?
- Your complete checklist for choosing an electronic signature solution