In the era of the “digital economy”, companies are increasingly questioning why their contracts and customer/supplier interactions cannot be moved to an entirely paperless model.
In the B2C market, companies including retailers, telcos, and software/app providers have been successful in shifting some (if not all) of their consumer contracting to an on-line model; ticking a box sufficient to confirm a transaction and accept associated T&Cs.
To tackle the B2B market, providers of e-signatures have proliferated, encouraged by favourable regulatory regimes in Europe, the US and further afield. DocuSign state that 50 million customers in 188 countries use their service; Adobe note that an e-signature solution can “cut the cost and hassle of paper-based tasks,” and “speed business transactions.”
However the absence of globally harmonised legislation, coupled with cumbersome local laws, have led to uncertainty around the scope of application and validity of e-signatures. Likewise “Cloud” delivery models (employed by the majority of service providers) can present challenges, particularly from the point of view of data security and data residency.
We consider some of those issues in this briefing.
what is an e-signature?
Regulation (EU) No910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, repealing Directive 1999/93/EC (“eIDAS”) cryptically defines an electronic signature as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. Under the legislation, e-signatures can be “simple”, “advanced” or “qualified”.
This complex designation hides a much simpler reality - most users are “signing” contracts electronically by:
- chip & pin or contactless transactions;
- ticking “I accept” or “submit” in online purchases;
- signing their name at the end of an email; and
- using biometric signatures (fingerprint and facial recognition).
In the business environment, e-signatures can be used as a vehicle to expedite, simplify and manage the contract execution process. Electronic contracts can be circulated, signed, authenticated and loaded in a matter of minutes.
Parties to an agreement can select the e-signature method which best suits their authentication requirements. Good practice dictates that advanced or qualified signatures should be used for high value or strategic agreements as they:
- identify the signatory with a high degree of certainty;
- limit the risk of 3rd party interference or fraud; and
- limit the risk of subsequent amendment or revocation,
and thus enable the parties to validate the integrity of the signature and, in turn, the enforceability of the contract.
“Qualified” electronic signatures supplement “advanced” e-signatures by mandating the use of software or hardware tools to create codes or cryptographic keys (certificates) issued by trust service providers and used to validate the authenticity of the signature. The devices and trust service providers must be “qualified” – that is to say they must meet the requirements of eIDAS, be registered with the supervisory body in the relevant Member State and notified to the European Commission.
Benefits of e-signatures
Signature service providers underline numerous benefits when executing contracts electronically:
- speed of execution - e-signatures enable contracts to be executed and returned in a matter of minutes, on any device by geographically- dispersed signatories;
- security – contracts executed by e-signature, particularly when overlaid with authentication tools, are inherently more secure and harder to forge than paper-contracts;
- traceability – signatures are traceable and auditable; workflow tools enable companies to track the status of contracts in real-time;
- integration – e-signature solutions can be integrated with existing CRM, procurement, accounting, HR and document management systems to provide end-to-end workflow management;
- ease of use – execution processes are technology neutral, intuitive and culturally accepted by the digital generation; and
- cost – whilst there will be inevitable up-front / ongoing charges for implementing an e-signature solution, vendors argue these will be offset by closing contracts more quickly, introducing certainty, saving management time, facilitating contract management and eliminating courier fees.
e-signatures and the legal landscape
In 1999, the European Union, Australia and the United States were amongst the first to codify the treatment of electronic signatures. All recognised the validity of e-signatures for the conclusion of contracts and their admissibility as evidence in legal proceedings; all stipulate that a contract cannot be denied legal effect solely on the grounds that they are in electronic form.
So far so good. However:
- the EU and the US model required states or member states to adopt the legislation; in Europe in particular this created a fractured legislative landscape;
- the legislation (in the interests of being technology neutral) did not stipulate what it regarded as an “electronic signature” but defined them by a set of qualifying criteria;
- the European Directive established a two-tier process for “simple” and “advanced” e-signatures which introduced uncertainty as to the legal effect of the poorer sibling; and
- the legislation was subordinate to existing legislation applicable to specific legal instruments (for example property transfers).
The position in the European Union changed in July 2016 with the introduction of eIDAS. This will be directly enforceable across member states (although obviously the impact of Brexit will need to be considered in the future for the UK) and replaced the existing e- signatures Directive (in force since July 2001). eIDAS is designed firstly to ensure a more harmonised approach with respect to the recognition and enforceability of e-signatures. eIDAS is also designed to build a consistent framework for secure electronic authentication by defining mutually recognised, pan-EU rules for:
- electronic signatures (simple, advanced and qualified);
- electronic identification schemes (classified low, substantial, high);
- electronic seals (simple, advanced and qualified);
- trust services (simple, advanced and qualified);
- electronic time stamps (simple and qualified);
- electronic registered delivery services (simple and qualified);
- electronic documents (simple); and
- website authentication (qualified).
Barriers to adoption of e-signatures
Under the new EU legislative framework, and with technology embedded in popular culture, most documents can be executed electronically – from confidentiality agreements, to contracts of employment.
However there remain some barriers to the use of e-signatures for certain documents, in some jurisdictions:
- deeds, wills and trust documents;
- enduring powers of attorney;
- transfers of title in certain intellectual property;
- certain real estate agreements;
- marriage, birth, divorce and death certificates;
- other official documents required to be submitted in paper form (although this is expected to change under eIDAS); and
- agreements which stipulate that they can only be signed or varied by agreement “in writing and signed by hand”.
It is advisable to seek advice and develop a policy which addresses local law requirements in relevant jurisdictions.
Basic Contractual Principles Apply
It must not be forgotten that traditional legal principles apply to contracts concluded electronically. An e-signature should provide evidence of an intention to be bound, but it is important to define a solution or a process which enables: the valid incorporation of applicable terms; validation that signatories have delegated authority; certification that the agreement has not been varied by any of the signatories; and an actionable change- control process.
Some Practical Considerations
For clients deploying an e-signature solution, it will be important to manage the risk of contracts being mistakenly (or maliciously) executed. Robust security procedures and HR policies should control the risk of physical IT assets being left unsecured or the sharing of passwords and access keys. Clients should also allow for a review of existing contractual arrangements - supplier/customer/employee Ts&Cs may need to be adapted to allow for electronic signatures. The same applies to internal governance procedures, ensuring that contracts/purchase orders have been authorised and signatories have appropriate delegated authority.
Policy Review & Implementation
Introducing electronic contracting requires a mix of technology, legal advice and practical experience. Our Technology team, together with Eversheds Consulting, can help clients define business objectives, manage vendor due diligence, and assist with the implementation of streamlined contracting processes. With the strength of our global network, we can help multi-national clients define global policies, taking into account local law, custom and practice.
Suppliers of these solutions
Obviously, our sector contains a number of suppliers of e-signing solutions. Suppliers who can easily help customers understand how their solutions meet the legal requirements make their progress to sale and contract much swifter.