e-signatures – what’s the big deal?
22nd January 2018
In the era of the “digital economy” (with nearly a third of shopping done on-line and 44% of UK online payments made using a mobile device), companies are increasingly questioning why their contracts and customer/supplier interactions cannot be moved to an entirely paperless model.
Banks, insurance companies, retailers, telcos, utility providers, software/app vendors and airlines have all been successful in shifting some (if not all) of their consumer contracting to an online model; ticking a box sufficient to confirm a transaction and accept associated Ts&Cs.
To tackle the B2B market, providers of e-signatures have proliferated, encouraged by favourable regulatory regimes in Europe, the US and further afield. DocuSign claim that 50 million customers in 188 countries use their service; Adobe assert that an e-signature solution can “cut the cost and hassle of paper-based tasks” and “speed business transactions.”
However the absence of globally harmonised legislation, coupled with cumbersome local laws, have led to uncertainty around the scope of application and validity of e-signatures. Likewise “Cloud” delivery models (employed by the majority of service providers) present challenges, particularly from the point of view of data security and data residency.
We seek to address some of those issues in this briefing.
What is an e-signature?
The “eIDAS” Regulation cryptically defines an electronic signature as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. Under eIDAS, e-signatures can be “simple” , “advanced” or “qualified”. This complex designation hides a much simpler reality – most users may not realise that they are “signing” contracts electronically by:
- chip & pin or contactless transactions
- ticking “I accept” or “submit” in online purchases
- signing their name at the end of an email
- using biometric signatures (fingerprint and facial recognition).
In the business environment, e-signatures can be used as a vehicle to expedite, simplify and manage the contract execution process. Electronic contracts can be circulated, signed, authenticated and loaded in a matter of minutes.
Parties to an agreement can select the e-signature method which best suits their authentication requirements. Good practice dictates that advanced or qualified signatures should be used for high value or strategic agreements as they:
- identify the signatory with a high degree of certainty
- limit the risk of 3rd party interference or fraud
- limit the risk of subsequent amendment or revocation
and thus enable the parties to validate the integrity of the signature and, in turn, the enforceability of the contract.
“Qualified” electronic signatures supplement “advanced” e-signatures by mandating the use of software or hardware tools to create codes or cryptographic keys (certificates) issued by trust service providers and used to validate the authenticity of the signature. The devices and trust service providers must be “qualified” – that is to say they must meet the requirements of eIDAS, be registered with the supervisory body in the relevant Member State and notified to the European Commission.
e-signatures and the legal landscape
In 1999 the European Union, Australia and the United States were amongst the first to codify the treatment of electronic signatures. All recognised the validity of e-signatures for the conclusion of contracts and their admissibility as evidence in legal proceedings; all stipulate that a contract cannot be denied legal effect solely on the grounds that they are in electronic form.
So far so good. However:
- the EU and the US model required states or member states to adopt the legislation; in Europe in particular this created a fractured legislative landscape;
- the legislation (in the interests of being technology neutral) did not stipulate what it regarded as an “electronic signature” but defined them by a set of qualifying criteria;
- the European Directive established a two-tier process for “simple” and “advanced” e-signatures which introduced uncertainty as to the legal effect of the poorer sibling;
- the legislation was subordinate to existing legislation applicable to specific legal instruments (for example property transfers).
The position in the European Union changed in July 2016 when eIDAS came into force. eIDAS is directly enforceable across member states and replaces the existing Directive. eIDAS is designed firstly to ensure a more harmonised approach with respect to the recognition and enforceability of e-signatures. eIDAS is also designed to build a consistent framework for secure electronic authentication by defining mutually recognised, pan-EU rules for:
- electronic signatures (simple, advanced and qualified)
- electronic identification schemes (classified low, substantial, high)
- electronic seals (simple, advanced and qualified)
- trust services (simple, advanced and qualified)
- electronic time stamps (simple and qualified)
- electronic registered delivery services (simple and qualified)
- electronic documents (simple)
- website authentication (qualified)
Law Society guidance
In response to eIDAS, the Law Society of England and Wales (with input from counsel) published a practice note which recognises the validity of electronic signatures for commercial contracts and provides some guidance on the extent to which e-signatures satisfy the requirement for documents to be “in writing” and “signed”. The practice note also provides some guidance on documents which still require a wet-ink signature, as well deeds, originals, counterparts and conflict of laws issues. Importantly, given the complexity of the subject matter, the Law Society recommend that advice is taken on the individual circumstances and nature of the documents to be executed.
Law Commission programme
In December 2017, the Law Commission published their Thirteenth Programme of Law Reform which highlights Electronic Signatures as an area that requires significant reform. The Law Commission stated that e-signatures could “boost Global Britain and help enhance the UK’s competitiveness as we leave the EU” but recognised that further work was necessary to eliminate uncertainty over the validity of e-signatures for the execution of certain types of agreements and instruments.
Benefits of e-signatures
e-signature service providers underline numerous benefits when executing contracts electronically:
Speed of execution – e-signatures enable contracts to be executed and returned in a matter of minutes, on any device by geographically- dispersed signatories;
Security – contracts executed by e-signature, particularly when overlaid with authentication tools, are inherently more secure and harder to forge than paper-contracts;
Traceability – signatures are traceable and auditable; workflow tools enable companies to track the status of contracts in real-time;
Integration – e-signature solutions can be integrated with existing CRM, procurement, accounting, HR and document management systems to provide end-to-end workflow management;
Ease of use – execution processes are technology neutral, intuitive and culturally accepted by the digital generation;
Cost – whilst there will be inevitable up-front / ongoing charges for implementing an e-signature solution, vendors argue these will be offset by closing contracts more quickly, introducing certainty, saving management time, facilitating contract management and eliminating courier fees.
Barriers to adoption of e-signatures
Under the new EU legislative framework, and with technology embedded in popular culture, most documents can be executed electronically – from confidentiality agreements, to contracts of employment. Indeed retail banks routinely use electronic signatures for the execution of consumer credit agreements, loan and mortgage applications.
However there remain some barriers to the use of e-signatures for certain documents in some jurisdictions, for example:
- deeds, wills and trust documents;
- enduring powers of attorney;
- certain real estate agreements;
- marriage, birth, divorce and death certificates;
- other official documents required to be submitted in paper form (although this is expected to change under eIDAS); and
- agreements which stipulate that they can only be signed or varied by agreement “in writing and signed by hand”.
It is advisable to seek advice and develop a policy which addresses local law requirements in relevant jurisdictions.
Selecting an e-signature platform
There are a myriad of e-signature service providers. The big players include DocuSign, Adobe, Silanis, ARX, and Dealflo.
Some suppliers offer an “on-premise” solution (i.e. where the software is hosted by the customer) but most are cloud-based. Many are compatible with mobile devices (enabling tablet or smart phone signatures), and offer custom branding so they can be white-labelled or “integrated” with existing CRM systems. Most offer multiple authentication options (from public/private keys to biometric signature verification). Many warrant that they are compliant with existing legislation (including eIDAS and the US ESIGN Act).
Given the range of vendors and features, it will be important to conduct detailed due diligence and vendor selection taking into consideration:
- functionality and ease of use
- pricing plans and options
- performance and availability requirements
- integration and compatibility with existing CRM/ERP systems
- scalability and flexibility
- data privacy, data security and data residency requirements
- compliance with SYSC/Solvency II
- other applicable terms and conditions
Whilst e-signatures can be used by financial institutions to transact with existing customers, digital verification tools are not yet widely used for KYC/AML checks on new customers.
Basic contractual principles apply
It must not be forgotten that traditional legal principles apply to contracts concluded electronically (offer, acceptance, consideration, certainty of terms and an intention to be bound). As such it is important to define a solution or a process which enables: the incorporation of applicable terms; validation that signatories have adequate capacity and delegated authority; certification that the agreement has not been varied; and an actionable change-control process.
Some practical considerations
For clients deploying an e-signature solution, it will be important to manage the risk of contracts being inadvertently disclosed or mistakenly (or maliciously) executed. Robust security procedures and HR policies should control the risk of physical IT assets being left unsecured or the sharing of passwords and access keys. Clients should also allow for a review of existing contractual arrangements – supplier/customer/ employee Ts&Cs may need to be adapted to allow for electronic signatures. The same applies to internal governance procedures, ensuring that contracts or purchase orders have been authorised and signatories have appropriate delegated authority.
Future developments - digital passports (UK)
Whilst e-signatures can be used by financial institutions to transact with existing customers, digital verification tools are not yet widely used for KYC/AML checks on new customers. The use of traditional identification processes (which may require an applicant to visit a physical branch) are regarded as both a failure to meet changing customer expectations and a barrier to entry for Fintechs and Challenger Banks in some jurisdictions.
In the UK at least, the FCA recognises this challenge and has undertaken to work with Government departments and industry bodies to develop suitable regulation and infra-structure for digital identities and e-verification.
Policy review and implementation
Introducing electronic signatures requires a mix of technology, legal advice and practical experience. Our Technology team can help clients define business objectives, manage vendor due diligence and procurement, assess regulatory requirements and assist with the implementation of streamlined contracting processes. With the strength of our global network, we help multi-national clients define global policies, taking into account local law, custom and practice.
For more information please contact Craig Rogers or Angus Simpson.