Electronic Signatures Internationally
Worldwide businesses are digitizing business processes to enable global e-commerce and delivery of digital services. Part of this is adopting e-signatures.
The ability to execute binding transactions online has compelling benefits. Questions still arise about the legal requirements and implications of e-signing.
This memo is an introduction to global e-signature legislation.
While most countries recognize the legal validity of e-signatures, there are restrictions in the types of electronic signatures supported, as well as rules for the types of documents for which an ink signature is still required.
WHAT IS AN ELECTRONIC SIGNATURE?
“E-signature” is often confused with “digital signature”.
An e-signature is a legal concept. It is about having a lasting record of an individual’s intent. Digital signature is the security technology used in e-signatures. An electronic signature application is built on digital signature security.
ARE THERE DIFFERENT TYPES OF ELECTRONIC SIGNATURE?
There are generally three forms of electronic signatures recognized: Basic, Advanced and Certificate.
This is an e-signature that is technology-neutral. Any electronic form or process is generally accepted and the resulting e-signature should meet three basic requirements for signing:
The e-signature should be applied in a manner that demonstrates the intent of the signer. The e-signature can be captured by click-to-sign, typing a name, or a handwritten signature.
The e-signature should be applied by the person whose signature it is.
The e-signature should be associated to the document or data the signer intended to sign.
This is a form of e-signature that adds four additional requirements to the Basic Electronic Signature. This electronic signature must:
Be uniquely linked to signer;
Identify the signer;
Be under sole control of the signer;
Detect changes to the document or data after the application of the electronic signature.
In the European Union, this is called a Qualified Signature.
The Certificate E-Signature is an advanced electronic signature based on a personal digital certificate. It uses a digital certificate as a secure, personal electronic identity credential. A unique digital certificate is issued to an individual in a form they can keep under their control. An electronic signature based on a digital certificate meets the requirements for Basic and Advanced E-Signatures.
COUNTRIES WITH E-SIGNATURE LEGISLATION
More than a decade after the passing of ESIGN and UETA, there is no question about whether electronic signatures are legal. Federal and state law gives e-signatures the same legal status as handwritten signatures. The federal Electronic Signatures in Global and National Commerce (ESIGN) and the state Uniform Electronic Transactions Act (UETA) give legal recognition to electronic signatures and records to satisfy the “in writing” legal requirements for transactions, and permit companies to satisfy statutory record retention requirements solely through the use of electronic records.
These Acts enable organizations to adopt a uniform e-signature process across all 50 states with the assurance that records cannot be refused by a court of law solely on the basis that they were signed electronically.
These US laws are technology-neutral and do not favor any one type of technology over another.
Similar to US UETA laws, Canadian provincial e-signature laws give electronic signatures the same legal status as handwritten signatures.
All the provinces and territories have stand-alone e-commerce statutes of general application based on model laws promulgated by the U.N. and the Uniform Law Conference of Canada. While there are some variations, the provincial e-commerce statutes generally stipulate that signatures, documents and originals are not invalid or unenforceable by reason only of being in electronic form. The Canadian provincial laws are technology-neutral.
The Federal Personal Information Protection and Electronic Documents Act (PIPEDA) also documents the processes covered in Federal laws and regulations that apply to federally-regulated entities (FRE), as well as any documents and processes used within the Federal government. The Act provides for use of a Secure Electronic Signature with certain documents and processes, and requires the use of digital certificates in such cases.
Directive 1999/93/EC of the European Parliament (“the EU Directive”) establishes the criteria for the legal enforceability of e-signatures. Unlike US law which is technology neutral, the EU Directive sets out three forms of e-signature. A new Regulation on Electronic ID and Trust Services (eIDAS) will enter into force in July 2016 and replace the EU Directive.
The new Regulation intends to create an efficient and effective e-signature market in the EU to overcome the current differences in national laws and the lack of interoperability of e-signatures. It establishes the basis of the European Market for Digital Trust for secured transactions between citizens, businesses and administrative authorities. It will also regulate electronic identification, e-documents and e-delivery services.
In 1999, the Australian Parliament passed the Electronic Transactions Act, which was amended in 2011. It gives electronic signatures the same legal status as handwritten signatures. The law is technology-neutral and requires a person’s consent to conduct business electronically.
Each state and territory also has their own Electronic Transactions Act, which is very similar to the national Act.
Japan’s Law Concerning Electronic Signatures and Certification Services has been in effect since 2001. Japan recognizes the legal enforceability of two types of electronic signature used worldwide:
In Japan, using a red seal or stamp instead of a handwritten signature is common practice when signing personal and business documents. However, the law supports the use of electronic signatures without the use of a seal or stamp.
The Electronic Transactions Act of Singapore (ETA) was put in place in 1998 to provide a legal foundation for electronic signatures, and give predictability and certainty to electronically formed contracts.
In addition to advanced electronic signatures and digital signatures, Singapore law also recognizes the legal enforceability of Basic E-Signatures.
Brazil’s Provisional Measure 2200-2 (MP 2200), recognizes the legal enforceability of electronic signatures that use the Brazilian public key infrastructure (PKI)only.
Each country that has enacted legislation enabling electronic records and signatures includes admissibility into legal proceedings.
In countries where only Basic E-Signatures are required, like the US, Canada, UK and Australia, electronic records and signatures are treated as any other type of electronic data and are as admissible as paper-based records.
Where Certificate E-Signatures (Qualified E-Signatures) are recognized as equivalent to a handwritten signature, they are also viewed as automatically admissible as evidence.
In practice, other forms of e-signatures may be challenged in legal proceedings and the user may need to prove to the court that it is reliable and original. While some countries may favor admissibility of electronic signatures based on digital certificates, they cannot deny admissibility to records using Basic and Advanced E-Signatures.