Electronic Signatures – An Introduction
International trade has evolved over the years with electronic commerce taking centre stage in how international business is conducted. The use of electronic signatures has streamlined international trade by reducing the time involved to exchange physical documents signed by parties to a global business transaction.
Definition of Electronic Signatures
In 1996, the United Nations adopted a Model Law on Electronic Commerce (MLEC) to provide a common policy structure for nations in the drafting of their e-commerce statutes. It is important to note that this was just a guideline and nations had to complement it with comprehensive rules and regulations in order to achieve its implementation. It has had a profound impact on the evolution of international e-commerce law, including definitions, variation by agreement, legal recognition and admissibility of electronic form, incorporation by reference in e-contracts, use of electronic signatures, carriage contracts just to mention but a few.
The Model Law of Electronic Commerce of the United Nations of 1996 (‘MLEC’) had many consequences. The MLEC approved the use of electronic signatures, claimed that electronic signatures would have the same legal impact as ink signatures and remained technologically neutral; i.e. did not mandate the utilization of any specific type of technology. They also came up with a Model Law on Electronic Signatures (MLES) in 2001 to provide a standard model structure for nations to use when writing their e-signature laws.
A signature, whether electronic or on paper, is primarily a symbol which signifies intent. Thus, the Standard Commercial Code definition of “signed” includes “any symbol” so long as it is “executed or adopted by a party with the present purpose of authenticating a written document.
An electronic signature is defined as a set of letters or characters represented in an electronic format or similar means and adopted by a party intending to authenticate a document. An electronic signature can also be defined as data in an electronic format attached to another set of electronic data and is used as a method of authentication of that data.
A variety of forms may be used for an electronic signature. It could take the form of a digital signature, a digitized fingerprint, a retinal scan, a pin number, a digitized image of a handwritten signature attached to an electronic document, or a name typed at the end of an e-mail address. Examples of electronic signatures include: A name typed by the sender at the end of an e-mail message; a digitized image of a handwritten signature attached to an electronic document (sometimes generated using a biometrics-based technology called signature dynamics); a hidden code or PIN (such as that used for ATM cards and credit cards) to identify the recipient’s sender; a code or “tag” used by the sender of a message to identify the recipient.
Signatures in an electronic environment typically serve three critical purposes for the parties engaged in an e-commerce transaction Firstly, an electronic signature identifies the sender. Secondly, it indicate the sender’s intent (e.g., to be bound by the terms of a contract), and finally it ensures the integrity of the document signed. Proof of signing is demonstrated via a secured process that often includes an audit trail and a final tamper-evident digital certificate embedded into the completed signed document.
There are generally three forms of electronic signatures recognized. These are the Basic, Advanced and Certificate (Qualified) electronic signatures.The distinction is based on the EU Regulation 910/2014 on electronic identification, Authentication and trust Services regulation (eIDAS Regulation).
Basic/Simple E-signature (SES)
This is a technology-neutral electronic signature consisting of all electronic signatures that indicate acceptance or approval by the signatory by means of some kind of certificate. These could include manually drawn signatures stored on your computer, or the “I accept” button on your computer screen, or the use of passwords, or the credit card number, etc. This signature should be applied in a manner that demonstrates the intention of the signatory, should be attached to the document or should the signatory’s data be used by the person whose signature it is. It is necessary to remember that the verification of the identity of the signatory is not mandatory and the duty of proof lies with the party that initiated the signature.
Advanced/Digital E-signature (AES)
The Advanced Electronic Signature is an electronic signature based on an advanced certificate that uniquely identifies the signer. It is one of the methods of accreditation of identity and acceptance of the content of a document. It adds four additional requirements to the Basic Electronic Signature and also has features that provide complete and high-level security in the signing and contracting processes. The advanced signature needs to be uniquely connected to the signer, identify the signer, be under the signer’s sole control and be able to detect changes to the document or data after the electronic signature is applied. The burden of proof is on the party which initiated the signing.
Certificate /Qualified/ advanced electronic E-signature (QES)
An Advanced Electronic Signature based on a valid certificate is a Certified Electronic Signature. A professional electronic signature production system (QSCD) is used to create it. This uses the digital certificate as a protected credential for personal electronic identification. A unique digital certificate is issued to an individual in a form they can keep under their control. In this type of signature, the burden of proof lies with the party that disputes the signature. It is legally considered as equivalent to a written signature. As mentioned above a certificate is issued by a qualified trust service provider (QTSP). All features in an advanced electronic signature are also found in the qualified electronic signature.
With the development of e-commerce around the world, governments have adopted regulatory mechanisms for the identification and legal validity of electronic and digital signatures. While the aim of all these regulations is to recognize some form of electronic representation as legally valid, there are currently three different regulatory models in place which are discussed below.
A Minimalist or Permissive Approach
This approach allows the parties to choose the technology they want, giving the same legal validity to any chosen technology. This strategy has been embraced by the United States, Canada, Australia and New Zealand. This approach gives the parties the greatest freedom to adopt any type of technology, thus reducing costs. However, the approach does not consider that certain systems are more secure than others and that, under certain circumstances, greater protection might be required. The minimalist approach is considered business-friendly. Its benefits include flexibility, ease of use and adaptability to new technologies.
In this approach parties to a contract use a particular form of digital signature technology to sign documents electronically, so that these documents can be legally accepted. It only recognizes one type of electronic signature as legally valid. This approach offers maximum security because adopted specific encryption mechanisms are used and it follows prescribed procedures. However, it is costly and burdensome for most activities, as the parties may be forced to resort to certification authorities and pay a fee thereto.
A Hybrid or Two-tiered Approach
Two-tier or hybrid legal systems use a mixed approach. Under this approach countries embrace all electronic signature methods on a technology neutral basis but also create a class of approved technologies. Just like the prescriptive approach, it describes the requirements of a digital signature and includes rules of conduct relating to the rights and responsibilities of the parties, including the signatory, the Certification Service Provider (CSP) and the trustee.
Clearly, the legal validity of electronic signatures is of international importance since no progress can be made in developing the legal institutions needed for conducting international electronic commerce without unique or identical definitional frameworks. Electronic commerce ‘s exceptional success will depend more on facilitating and encouraging trade between unknown parties in different jurisdictions than on interactions between known parties, whether within the same jurisdiction or not.
The 1996 United Nations Model Law on Electronic Commerce (‘MLEC’) had many implications. The MLEC permitted the use of electronic signatures and stated that it would have the same legal impact as ink signatures and remained technologically neutral. Many attempts have been made by the United Nations Commission on International Trade Law to strengthen the quality of these legal rules by adopting model legislation which countries can use as a reference when developing their own legislation. In generating electronic records, the MLEC promotes principles of non-discrimination, technological freedom and functional equivalence. The concept of non-discrimination is at the core. The law ensures that a document is not denied legal meaning, validity or enforceability solely on the grounds that it is in electronic form.
More than 70 nations have embraced the 1996 Model Law on Electronic Commerce (MLEC), and over 30 countries haveimplemented the 2001 Model Law on Electronic Signatures (MLES). A legally binding treaty was also been signed by 18 countries, the 2005 United Nations Convention on the Use of Electronic Media in Foreign Contracts. Regional legal gaps in electronic signature regulations exist for cross-border traders. When states are using the U.N. Model Laws, their respective governments may choose to implement the elements they like and discard the others.
With varying degrees of flexibility, policymakers have used direct regulation, co-regulation, and self-regulation in recent decades to adapt to the growth of global information technology and e-commerce. Different states have signed and ratified various treaties relating to electronic signatures such as the Model Electronic Commerce Act, Model aw on Electronic Signatures, the United Nations Convention on the Use of Electronic Communications in International Contracts, etc.
United Kingdom (the Electronic Communications Act 2000)
The Electronic Communications Act of 2000 (ECA) is an important piece of legislation signed into law by the Parliament of the United Kingdom and went into force on March 8, 2002. The ECA has allowed the growth, expansion and use of electronic commerce services in the United Kingdom since then. The primary purpose of the Act was to help build trust in electronic commerce and the technology underlying it by providing businesses and other organizations providing cryptographic support services such as electronic services and confidentiality services with an approval scheme.
Australia (The Electronic Transactions Act 1999)
The Electronic Transactions Act was introduced in 1999. The existing legal provisions prior to 1999 were capable of dealing with electronic transactions but the Electronic Transactions Act 1999 was enacted to provide a more secure environment for e-commerce and the creation of electronic signatures in Australia. By Australian law, contracts are enforceable if the parties have signed the agreement verbally or with a wet-ink (physical) or electronic signature. The law on electronic signatures in Australia is regarded as permissive or minimalist.
New Zealand (Electronic Transactions Act 2002)
The New Zealand Electronic Transactions Act 2002 sets down guidelines for promoting the use of email and other electronic technologies, both in industry and in contact between government and public. In fact, the 2003 Regulation on Electronic Transactions (SR 2003/288) lays down some comprehensive guidelines for different circumstances. On 21 November 2003 the Act and Regulations came into effect.
China (People’s Republic of China Electronic Signature Law)
The Electronic Signature Law of the People’s Republic of China, published in 2005 and revised in 2015 (the “E-signature Rule”) provides legal basis for determining the validity of electronic legislation. Under the law, contracts can be electronically signed. Under Chinese law, a written signature is not necessarily required for a contract to be valid. A contract is valid if parties agree on the terms whether verbally, electronically or in a physical paper document.
European Union (Regulation 910/2014)
The electronic identification and trust services (eiDAS Regulation) entered in to force on 17 September 2014 and was applicable from 1 July 2016. The eiDAS regulation provides a comprehensive legal framework to ensure trustworthiness and legal validity of electronic transactions in the European Single Market. It was meant to provide a predictable regulatory environment for safe and seamless electronic interactions between companies, citizens and public authorities in the European Union. With eIDAS, the EU has succeeded in laying the right foundations and a clear legal framework for citizens, businesses (especially small and medium-sized enterprises) and public administrations to access services securely and make transactions online and across borders in just one click.’ Indeed, the roll-out of eIDAS means greater security and convenience for any online e-commerce activity.
Hong Kong (Electronic Transactions Ordinance Act of 2000)
Hong Kong’s Electronic Transactions Ordinance provides that contracts cannot be invalidated merely because they were concluded electronically. Under the law electronic signatures have been recognised as having the same legal status as a wet-ink signature.
UNCITRAL Model Law on Electronic Signatures
According to information shared by the UN, the aim of the Model Law on Electronic Signatures (MLES) is to allow and promote the use of electronic signatures by defining technical reliability standards for the equivalence between electronic and hand-written signatures. The MLES is based on the fundamental principle underpinning Article 7 of the UNCITRAL Model Law on Electronic Commerce with regard to the fulfilment of the signing function in an electronic environment by a technologically neutral approach, which avoids promoting the use of any particular technology or process.
Legal Recognition of Electronic Signatures
All electronic signature laws enacted up to now have a substantial part designed to eliminate perceived e-commerce barriers. In addition, this is the only problem that is discussed with most legislation involving electronic signatures. Unfortunately, legislative approaches to what appears to be a simple matter of simply removing barriers to e-commerce have been very complicated and inconsistent, which may have made the situation much worse.
In the UK, constitutional efficacy is “generally dealt with by specific orders” of the court and is “generally applicable in the absence of clear legislation” to the contrary. Electronic signatures are admissible as evidence in court, but their probative validity must be determined by the judge on a case-by-case basis. In such exceptional cases, electronic signatures may be forbidden.
In the United States of America, National Conference of Commissioners on Uniform State Laws (“NCCUSL”) created the Uniform Electronic Transactions Act (“UETA”) a model law. The goal of the UETA is to promote e-commerce by giving electronic documents and agreements the same legal standing as “hard copy records” and agreements.
Electronic signatures are key in the advancing world that is filled with day to day technological advancements. It is therefore important for states and other international organizations to have clear and proper legal frameworks and fill the existing gaps in legislations in e-commerce so as to facilitate the seamless use of electronic signatures and easy authentication of the same.