e-signatures – what’s the big deal?
22 January 2018
In the era of the “digital economy” (with nearly a third of shopping done on-line and 44% of UK on-line1 payments made using a mobile device2), companies are increasingly questioning why their contracts and customer/supplier interactions cannot be moved to an entirely paperless model.
Banks, insurance companies, retailers, telcos, utility providers, software/app vendors and airlines have all been successful in shifting some (if not all) of their consumer contracting to an online model; ticking a box sufficient to confirm a transaction and accept associated Ts&Cs.
To tackle the B2B market, providers of e-signatures have proliferated, encouraged by favourable regulatory regimes in Europe, the US and further afield. DocuSign claim that 50 million customers in 188 countries use their service3; Adobe assert that an e-signature solution can “cut the cost and hassle of paper-based tasks” and “speed business transactions4.”
However the absence of globally harmonised legislation, coupled with cumbersome local laws, have led to uncertainty around the scope of application and validity of e-signatures. Likewise “Cloud” delivery models (employed by the majority of service providers) present challenges, particularly from the point of view of data security and data residency.
We seek to address some of those issues in this briefing.
What is an e-signature?
The “eIDAS” Regulation5 cryptically defines an electronic signature as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. Under eIDAS, e-signatures can be “simple6” , “advanced” or “qualified”. This complex designation hides a much simpler reality – most users may not realise that they are “signing” contracts electronically by:
- chip & pin or contactless transactions
- ticking “I accept7” or “submit” in online purchases
- signing their name at the end of an email8
- using biometric signatures (fingerprint and facial recognition).
In the business environment, e-signatures can be used as a vehicle to expedite, simplify and manage the contract execution process. Electronic contracts can be circulated, signed, authenticated and loaded in a matter of minutes.
Parties to an agreement can select the e-signature method which best suits their authentication requirements. Good practice9 dictates that advanced10 or qualified signatures should be used for high value or strategic agreements as they:
- identify the signatory with a high degree of certainty
- limit the risk of 3rd party interference or fraud
- limit the risk of subsequent amendment or revocation
and thus enable the parties to validate the integrity of the signature and, in turn, the enforceability of the contract.
“Qualified11” electronic signatures supplement “advanced” e-signatures by mandating the use of software or hardware tools to create codes or cryptographic keys (certificates) issued by trust service providers and used to validate the authenticity of the signature. The devices and trust service providers must be “qualified” – that is to say they must meet the requirements of eIDAS, be registered with the supervisory body in the relevant Member State12 and notified to the European Commission.
e-signatures and the legal landscape
In 1999 the European Union13, Australia and the United States14 were amongst the first to codify the treatment of electronic signatures. All recognised the validity of e-signatures for the conclusion of contracts and their admissibility as evidence in legal proceedings; all stipulate that a contract cannot be denied legal effect solely on the grounds that they are in electronic form.
So far so good. However:
- the EU and the US model required states or member states to adopt the legislation; in Europe in particular this created a fractured legislative landscape15;
- the legislation (in the interests of being technology neutral) did not stipulate what it regarded as an “electronic signature” but defined them by a set of qualifying criteria;
- the European Directive established a two-tier process for “simple” and “advanced” e-signatures which introduced uncertainty as to the legal effect of the poorer sibling;
- the legislation was subordinate to existing legislation applicable to specific legal instruments (for example property transfers).
The position in the European Union changed in July 2016 when eIDAS came into force. eIDAS is directly enforceable across member states and replaces the existing Directive. eIDAS is designed firstly to ensure a more harmonised approach with respect to the recognition and enforceability of e-signatures. eIDAS is also designed to build a consistent framework for secure electronic authentication by defining mutually recognised, pan-EU rules for:
- electronic signatures (simple, advanced and qualified)
- electronic identification schemes (classified low, substantial, high)
- electronic seals (simple, advanced and qualified)
- trust services (simple, advanced and qualified)
- electronic time stamps (simple and qualified)
- electronic registered delivery services (simple and qualified)
- electronic documents (simple)
- website authentication (qualified)
Law Society Guidance
In response to eIDAS, the Law Society of England and Wales (with input from counsel) published a practice note16 which recognises the validity of electronic signatures for commercial contracts and provides some guidance on the extent to which e-signatures satisfy the requirement for documents to be “in writing” and “signed”. The practice note also provides some guidance on documents which still require a wet-ink signature, as well deeds, originals, counterparts and conflict of laws issues. Importantly, given the complexity of the subject matter, the Law Society recommend that advice is taken on the individual circumstances and nature of the documents to be executed.
Law Commission Programme
In December 2017, the Law Commission published their Thirteenth Programme of Law Reform17 which highlights Electronic Signatures as an area that requires significant reform. The Law Commission stated that e-signatures could “boost Global Britain and help enhance the UK’s competitiveness as we leave the EU”18 but recognised that further work was necessary to eliminate uncertainty over the validity of e-signatures for the execution of certain types of agreements and instruments.
Benefits of e-signatures
e-signature service providers underline numerous benefits when executing contracts electronically19:
Speed of execution – e-signatures enable contracts to be executed and returned in a matter of minutes, on any device by geographically- dispersed signatories;
Security – contracts executed by e-signature, particularly when overlaid with authentication tools, are inherently more secure and harder to forge than paper-contracts;
Traceability – signatures are traceable and auditable; workflow tools enable companies to track the status of contracts in real-time;
Integration – e-signature solutions can be integrated with existing CRM, procurement, accounting, HR and document management systems to provide end-to-end workflow management;
Ease of use – execution processes are technology neutral, intuitive and culturally accepted by the digital generation;
Cost – whilst there will be inevitable up-front / ongoing charges for implementing an e-signature solution, vendors argue these will be offset by closing contracts more quickly, introducing certainty, saving management time, facilitating contract management and eliminating courier fees.
Barriers to adoption of e-signatures
Under the new EU legislative framework, and with technology embedded in popular culture, most documents can be executed electronically – from confidentiality agreements, to contracts of employment. Indeed retail banks routinely use electronic signatures for the execution of consumer credit agreements20, loan and mortgage applications.
However there remain some barriers to the use of e-signatures for certain documents in some jurisdictions, for example:
- deeds21, wills and trust documents;
- enduring powers of attorney;
- certain real estate agreements23;
- marriage, birth, divorce and death certificates;
- other official documents required to be submitted in paper form (although this is expected to change under eIDAS); and
- agreements which stipulate that they can only be signed or varied by agreement “in writing and signed by hand”.
It is advisable to seek advice and develop a policy which addresses local law requirements in relevant jurisdictions.
Selecting an e-signature platform
There are a myriad of e-signature service providers. The big players include DocuSign, Adobe, Silanis, ARX, and Dealflo24.
Some suppliers offer an “on-premise” solution (i.e. where the software is hosted by the customer) but most are cloud-based. Many are compatible with mobile devices (enabling tablet or smart phone signatures), and offer custom branding so they can be white-labelled or “integrated” with existing CRM systems. Most offer multiple authentication options (from public/private keys to biometric signature verification). Many warrant that they are compliant with existing legislation (including eIDAS and the US ESIGN Act).25
Given the range of vendors and features, it will be important to conduct detailed due diligence and vendor selection taking into consideration:
- functionality and ease of use
- pricing plans and options
- performance and availability requirements
- integration and compatibility with existing CRM/ERP systems
- scalability and flexibility
- data privacy, data security and data residency requirements
- compliance with SYSC26/Solvency II27
- other applicable terms and conditions
Basic Contractual Principles Apply
It must not be forgotten that traditional legal principles apply to contracts concluded electronically (offer, acceptance, consideration, certainty of terms and an intention to be bound). As such it is important to define a solution or a process which enables: the incorporation of applicable terms; validation that signatories have adequate capacity and delegated authority; certification that the agreement has not been varied; and an actionable change-control process.
Some Practical Considerations
For clients deploying an e-signature solution, it will be important to manage the risk of contracts being inadvertently disclosed or mistakenly (or maliciously) executed. Robust security procedures and HR policies should control the risk of physical IT assets being left unsecured or the sharing of passwords and access keys. Clients should also allow for a review of existing contractual arrangements – supplier/customer/ employee Ts&Cs may need to be adapted to allow for electronic signatures. The same applies to internal governance procedures, ensuring that contracts or purchase orders have been authorised and signatories have appropriate delegated authority.
Future Developments – Digital Passports (UK)
Whilst e-signatures can be used by financial institutions to transact with existing customers, digital verification tools are not yet widely used for KYC/AML checks on new customers. The use of traditional identification processes (which may require an applicant to visit a physical branch) are regarded as both a failure to meet changing customer expectations and a barrier to entry for Fintechs and Challenger Banks in some jurisdictions.
In the UK at least, the FCA recognises this challenge28 and has undertaken to work with Government departments29 and industry bodies30 to develop suitable regulation and infra-structure for digital identities and e-verification.
Policy Review and Implementation
Introducing electronic signatures requires a mix of technology, legal advice and practical experience. Our Technology team can help clients define business objectives, manage vendor due diligence and procurement, assess regulatory requirements and assist with the implementation of streamlined contracting processes. With the strength of our global network, we help multi-national clients define global policies, taking into account local law, custom and practice.
For more information please contact Craig Rogers or Angus Simpson.
- IMRG Capgemini e-Retail Sales Index 2016.
- Adyen Mobile Payments Index 2015.
- Regulation (EU) No 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, repealing Directive 1999/93/EC.
- We use the term “simple” to distinguish those identification or trust services to which no special conditions apply; for further detail on “advanced” or “qualified” e-signatures, please see below.
- Bassano v Toft  EWHC 377 (QB).
- Golden Ocean Group Ltd v Salgaocar Mining Industries Pvt Ltd and another  EWCA Civ 265.
- For guidance refer to Department for Business Innovation and Skills, Guide on Electronic Signatures, September 2014.
- eIDAS article 26.
- eIDAS article 28 – an “advanced” e-signature based on a “qualified certificate” created by a “qualified electronic signature creation device” and issued by a “qualified trust service provider”.
- In the UK, tScheme Limited manages the register on behalf of the Secretary of State; accreditation is provided by UKAS.
- Electronic Signature Directive 1999/93/EC.
- US Electronic Signatures in Global and National Commerce Act (ESIGN), 30 June 2000; US Uniform Electronic Transactions Act (UETA) July 1999; Australian Electronic Transactions Act 1999.
- The applicable UK legislation is the Electronic Communications Act 2000 and the Electronic Signatures Regulations 2002.
- Practice note on execution of a document using electronic signature by the Law Society Company Law Committee and The City of London Law Society Company Law and Financial Law Committees, July 2016.
- Law Commission Thirteenth Programme of Law Reform 13 December 2017
- Project status and objectives of the 13th Programme of Law Reform
- This is a summary of the perceived benefits and do not reflect the view of Eversheds Sutherland – actual benefits will depend upon individual circumstances.
- Consumer Credit (Agreements) Regulations 2010; see regulation 4(5) for example.
- In England Wales it had been widely thought that e-signatures were unsuitable for executing documents to take effect as deeds. However, provided that practical considerations around witnessing can be satisfied, it is now thought e-signatures can be used to execute deeds. Note that where deeds are to be registered at the UK Land Registry or certain other specialist asset registries, e-signatures will not be acceptable.
- Statute of Frauds Act 1677. However English case law suggests that even simple e-signatures will be recognised for guarantees – Pereira Fernandes SA v Mehta  EWHC 813 (Ch) (obiter); Golden Ocean Group Ltd v Salgaocar Mining Industries Pvt Ltd and another  EWHC 56 (Comm); WS Tankship II BV v The Kwanju Bank Limited and another  EWHC 3103.
- Law of Property (Miscellaneous Provisions) Act 1989. Note also Land Registry Practice Guide 8 requires manual signature “in ink or some other indelible medium”.
- Forrester Research, Inc. No data was available on comparative market share as at the date of publication.
- Though it is not always clear whether their products satisfy the requirements for “qualified” e-signatures.
- Senior Management Arrangements, Systems and Controls set out in the FCA Handbook and the PRA Rulebook.
- Directive 2009/138/EC which harmonises risk and capital requirements for insurers.
- FCA Feedback Statement (March 2016): Regulatory barriers to innovation in digital and mobile solutions.
- See for example www.gov.uk/verify.
- Including the Joint Money Laundering Steering Group (JMLSG) and working groups of The Tax Incentivised Savings Association (TISA).