08 May 2022
‘Is an e-signature legally binding?’ is a question that can cause some confusion, especially when considering the results of recent court cases.
This article will help you find out what the rules are about electronic signatures and their legal bearing, as well as why these court cases ended as they did.
Here are the legal requirements for electronic signatures in some of the biggest global markets:
The eIDAS Regulation applied from 1st July 2016 and declares that “an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form.”
The regulation sets out three levels of electronic signature:
Following Brexit, the Information Commissioner’s Office (ICO) in the UK confirmed that “the government has incorporated the eIDAS rules into UK law.” This means that the rules around SES, AES and QES all apply in the UK.
However, whilst the UK still recognises EU trust services to provide digital certificates for electronic signatures, the EU no longer recognises UK trust service providers. This means that a QES generated in the UK may not hold the same weight within the EU.
The United States implemented the ESIGN Act in 2000, giving electronic signatures the same weight as handwritten signatures. It describes an e-signature as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” In the Act, it terms a ‘digital signature’ as being roughly the equivalent of a QES in the EU.
Whilst ESIGN covers federal law, 1999’s Uniform Electronic Transactions Act (UETA) applies to electronic signatures in state law and has been adopted by nearly all states. Similarly to eIDAS, UETA dictates that a signature cannot be discounted, purely because it is in electronic form.
Although not involved with the adoption of UETA, Illinois and New York have their own, similar, independent rulings on e-signatures.
The reason the solicitor’s email in the British land sale example above was deemed legally binding is due to the fact that the agreement to sell at a certain price, along with the email signature that showed the solicitor was acting in a professional capacity, combined to meet the requirements for an SES. In the Spanish case, although the association claimed the document featured QESs, it sent the document by fax rather than through electronic means. A QES is only legal if it is in electronic form. The court decided that a fax did not count as electronic.
Although any type of electronic signature can be legally binding, there are a number of steps you need to take in order to ensure its validity. Here is a checklist of those requirements.
You should know the identity of the signatory for their signature to be legal. With an SES, this might simply be their printed name, whereas a QES requires a digital fingerprint that uniquely links them with the signature.
You do not need to check or guarantee the signer identity on an SES, you can take the word of the signer. With an AES, you need to check their identity, but you do not need to guarantee it. A QES guarantees you are 100% certain of the identity of the signer and that should be backed up by face-to-face verification either in person or via a video call.
If the signer disputes the fact that it is their signature on a document, the burden of proof lies with the issuer for an SES or AES. With a QES, the burden of proof is on the signer to prove it wasn’t them.
The European Commission states that “an electronic signature is a legal concept capturing the signatory’s intent to be bound by the terms of the signed document.” This means that, whatever the security level of the signature, the signer needs to show intent. This can be represented by anything from clicking an opt-in box, tapping a button that says “I consent” or making any kind of mark in the signature box to identifying and verifying oneself through an electronic signature solution.
There is no requirement to guarantee the integrity of a Simple Electronic Signature, but Advanced and Qualified Electronic Signatures must feature the capability to prevent or spot tampering with the document after it is signed. This tamper seal is usually backed up with an electronic timestamp and is essential for the integrity of these signatures and for instilling confidence in them.
It is important to keep records of the process of acquiring an electronic signature. This proves that both the issuer and signer have carried out the necessary steps to ensure its legality.
When the signatory verifies their identity and signs your document through an e-signature provider such as Signhost, you receive a transaction receipt and audit trail of all the steps taken throughout the process. You should keep this in your records and use it as proof that you took the correct steps should there be a disagreement in the future.
To ensure that e-signatures are encrypted and can only be controlled by the person for whom they are intended, online signature solutions use a technology called Public Key Infrastructure (PKI). This creates a private key used by the signatory and a public key used by the issuer of the document. The process ensures compliance with the requirements of the Trusted Service Provider or Certificate Authority (CA), which oversee the integrity of the process.
When the signatory signs the document, the private key encrypts the data into what is essentially a unique digital fingerprint. Only the issuer’s public key can decrypt that particular data and, when they come together, it proves that the signer is who they said they are.
Although eIDAS does not explicitly mention any types of documents that are not allowed to be signed electronically, each member state has the right to exclude certain types of document. For example, some nations require all signatures to be notarised. However, the union has taken steps towards allowing notarising to take place online, with signatories representing the EU member states electronically signing and notarising commitments relating to European Digital Day on 19th March 2021.
Legal documents can be signed electronically. It is up to the issuer of the document to decide on the amount of protection they require from the signature. With a QES, they can be certain that the signatory is who they say they are and that the signature is legally valid, bearing the same weight as a handwritten signature in court.
As the eIDAS Regulation clearly states an electronic signature cannot be denied legal effect based on it being digital or not being a QES, the choice is yours when it comes to your documents. However, should you opt for an SES or AES, the burden would be on you to prove the signatory was who they claimed to be in the event of any issues. For full security when it comes to electronic identification, a QES is the best option.
Electronically signed documents are legally valid and admissible in court. However, with anything other than a QES, you need to have proof that the signatory was the correct person. With a QES, you have an audit trail and the backing of the face-to-face verification to prove the legality of the signature.
Yes, it is possible for you to have an SES, AES and QES. The one you use is dependent on the requirements of the company that issues the document. They may simply require you to add a saved image of your signature onto the document (an SES) or they might ask for you to verify your identity for a QES.
You can even provide a different signature for every different document if you like. For Simple Electronic Signatures, this does make it difficult to prove that it was you who made the signature. For a QES, the digital data connects you specifically with the signature, meaning that it doesn’t matter what mark you make on the page, it is uniquely your signature and can be traced back to you.
Typing your name on a form, clicking submit, ticking a checkbox and all other similar actions are classed as Simple Electronic Signatures. If that is all that is required by the issuer of the document, then that is acceptable in a legal context.
If you have asked the question ‘is an e-signature legally binding’ previously, this article has proven that, yes, it is. The EU, US and UK all accept e-signatures as proof of intent to sign a document. However, for important documentation, the issuer may require the highest possible form of security for an electronic signature. For example, the QES in the EU. If you want to add these secure and watertight signature requirements to your documents, take a look at the features that Signhost has to offer. You can even try out a Signhost account for your business to see how it would work for you.