Overview of electronic signature law and its legality in the United Kingdom (UK)
In the UK, legally valid eSignatures are enforceable in general business use and cannot be denied admission in court solely on the grounds of not being handwritten.
The legal framework for eSignatures in the UK is derived from the EU legislature. Regulation (EU), N°910/2014 on electronic identification and trust services in the internal market (commonly known as the eIDAS Regulation) was adopted in the EU member states to replace its predecessor, eSignature Directive, on July 23, 2014. The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 implement the eIDAS Regulation in the UK, setting specific provisions on the effect, supervision, and enforcement of the regulation.
The ECA 2000
Section 7 of the Electronic Communications Act 2000 (the ECA 2000) provides a statutory framework for the admissibility of electronic signatures in the UK. The act also incorporates the eIDAS Regulation into the UK eSignature law.
What exactly is eIDAS?
The eIDAS Regulation took effect in July 2016 and has since been providing a legal framework for secure electronic interactions across all EU member countries, including the UK. The law offers businesses, citizens, and public authorities with the legal confidence to use eSignatures when carrying out transactions electronically.
The new regulation distinguishes between eSignatures and other emerging electronic trust services like seals, time stamps, registered delivery services, and website authentication certificates. While reinforcing the legally binding effect of eSignatures outlined in Directive 1999/93/EC, the eIDAS Regulation is the first legal act establishing non-discrimination of electronic documents at the EU level. Since the law is a regulation rather than a directive, it has direct applicable and mandatory force in all EU member states.
What exactly are eSignatures?
The eIDAS Regulation introduces a slight modification into the definition of an electronic signature. While maintaining that an eSignature is “data in an electronic form which is attached to or logically associated with other data in an electronic form,” the eIDAS Regulation shifts the focus from a means of authentication to the signatory’s intention to express their consent on the data that is being signed.
Another change in the new regulation is that now eSignatures can only be used by individuals (previously, eSignatures could be used by both natural and legal persons).
The possible forms of eSignatures include the following non-exhaustive examples:
- A name typed into a contract/an email containing the terms of a contract
- A scanned manuscript signature pasted as an image into the signature block of an electronic version of a document
- Accessing a document through a web-based software and clicking to have one’s name inserted into the contract
- The usage of a finger or an e-pen to write one’s name on a touchscreen and have it displayed in the signature block of the contract
It matters neither how nor in what form the eSignature was inserted into the document, provided the signatory puts it in the appropriate place in a contract with the intention to authenticate the document.
eSignatures non-discrimination principle
Article 25 of the eIDAS Regulation sets the fundamental principle of non-discrimination of legal effects and admissibility of electronic signatures in legal proceedings. Simply put, an otherwise legally valid eSignature won’t be rejected in court or denied its legally binding force solely because it is not handwritten. The same non-discrimination principle holds true for non-qualified eSignatures as opposed to qualified eSignatures.
Types of eSignatures under eIDAS
Electronic signatures (ES)
‘Simple’ electronic signatures range from scanned manuscript signatures to website UI elements such as selected tick boxes and buttons with the “I Agree” (or similar) text on them. Under English law, when even a wet ink “X” sign is considered to be a valid signature, simple electronic signatures stand up to the legally valid standard.
Advanced electronic signatures (AES)
When it comes to real-life business deals, parties to a contract require more trust and certainty that the signing process is tamper-proof. Advanced electronic signatures ensure unique identification and authentication of the signatory and enable verification of the integrity of the signed contract.
Currently, three related technologies allow validation of advanced eSignatures years after its generation (even in case the cryptographic algorithms securing them were tampered with):
- XAdES – a group of extensions built around the XML signature syntax
- CAdES – a standard putting Cryptographic Message Syntax (CMS) to use. May include the collection of validation data such as Public Key Certificates (PKCs)
- PAdES – a set of restrictions and extensions that are used with PDF and the ISO 32000-1 standard
Qualified electronic signatures (QES)
Qualified eSignatures offer the same signatory authentication and integrity validation as advanced electronic signatures, plus additional security considerations:
- Are based on qualified certificates issued by a qualified authority, which has been granted its status by the Supervisory Body
- Are created using a secure qualified signature creation device storing the signature
As noted in the practice note on the execution of a document using an electronic signature, qualified electronic signatures are not commonly used under English case law. However, in cases involving foreign jurisdiction or a necessity to notarise or apostille the document, the parties to a document may wish to consider using a qualified eSignature.
Do I need specific software to use eSignatures?
While, from a legal standpoint, you certainly don’t need specific software to use simple eSignatures, high-value transactions should have quality eSignatures. eSignature software tools offer:
- Secure ways to link the signatory to the information, including authentication and IP address recording.
- Document integrity and the ability to quickly detect any changes to the content.
- Non-repudiation – assurance (in a legal sense) that nobody can deny the validity of the eSignature even years later.
The evidential weight that comes with usage of the eSignature software brings more trust to the eSignature process regardless of the applicable jurisdiction.