• CSNP

Digital Document Signing Laws: an Overview

This article originally appeared on SSL.com with the title Digital Document Signing Laws: A Global View

White document is signed with quill pen

Author: Connor Wilson


If the whole planet isn’t on the cloud already, it will be before you know it. With a growing digital population, more things are being done remotely that we had never before thought possible. One such thing is digital signatures. As more and more people look to execute documents digitally, cross-border legality of such actions could potentially become a roadblock.


While most industrialized nations now recognize and accept digital signatures as legally binding, there may be slight stipulations from one case to another. Fortunately, there are a few nearly universally accepted principles and steps that you can take to ensure your digital signature is acceptable, wherever the contract is being executed.


Digital Signatures vs Electronic Signatures


While they may seem synonymous, an electronic signature is not necessarily a digital signature. An electronic signature can consist of anything from writing your name at the bottom of an email, a scanned signature, clicking an “I accept” button, associated biometric data such as fingerprints, or using an e-signing platform. A digital signature is the most secure and sophisticated form of electronic signature. Using PKI, digital signatures allow both parties to be sure that the right people are signing. This is because signatories are required to have their identities validated by a trusted certificate authority before a document signing certificate is issued. Depending on the industry and the jurisdiction in which you’re conducting business or executing a document, you may need a verified digital signature over a standard electronic signature.


How do Digital Signatures Work?


Electronic signatures often consist of an image of a handwritten signature, usually made with your finger or a stylus on a touchpad or screen. They may also include single or multi-factor authentication methods such as a PIN, password, email authentication, or more. The term “electronic signature” on its own does not guarantee that any type of third-party validation of the signatory or integrity of the document’s content has taken place. Unlike a basic electronic signature, a digital signature uses a PKI-based digital certificate issued by a certificate authority (CA) which binds the identity of a person or organization to a cryptographic key pair. When a document is digitally signed with the signer’s private key, the document’s content and the signatory’s identity are bound together cryptographically to form a unique digital fingerprint. This digital signature ensures:

  • Authentication

  • Integrity

  • Non-repudiation

A third-party publicly trusted CA can take care of the validation process and issue a document signing certificate, giving you or your organization added assurance when executing a document digitally.


Digital Signatures in the Cloud


As more and more people begin using cloud-based platforms, the use of cloud-based digital signatures is becoming increasingly more common. The main draw of using a cloud-based digital signature is ease of use and automation, all while enjoying the benefits of a true digital signature, including encryption within the document itself.


Is My Digital Signature Valid In Other Countries?


Currently, PKI-based digital signatures are fully acceptable in the US, EU, Canada, and, in most cases, in Mexico. Mexican law requires handwritten signatures for notarization of a variety of legal documents, including real estate contracts, marriage certificates, contracts of inheritance, powers of attorney, and articles of incorporation. Some countries, such as China, view electronic and digital signatures as valid, but consider handwritten signatures as superior to electronic and digital signatures in matters of marriages, inheritance, adaptation, and real estate.


Digital Signature Laws Worldwide


Digital Signature Laws in the US


Electronic and Digital signature laws in the US are among the loosest in the world. The United States passed the ESIGN act in 2000, making electronic signatures legally binding. The law defines an electronic signature as: “an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record generated, sent, communicated, received, or stored by electronic means.” Currently, both handwritten and electronic signatures have the same status in the US.


Digital Signature Laws in the EU


In the European Union, there are two types of certificate-backed electronic signatures: Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES). Both are uniquely linked to the signer, but QES require participants use Qualified Certificates issued by accredited CAs, as well as a qualified signature creation device, which can be a smart card, USB token, or a cloud-based trust service. This means that cloud-based digital signatures are already accepted in the EU, just as they are in the US.


The European Union’s Electronic Identification and Trust Services (eIDAS) Regulation, effective in 2016, recognizes three types of electronic signatures: Electronic Signatures. eIDAS defines an “electronic signature” as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” Like ESIGN, eIDAS also states that a signature cannot be denied legal admissibility solely because it is in electronic form. Advanced Electronic Signatures must be uniquely linked to and identifying of the signatory, must be created using signature data that the signatory can use under their sole control, and any signed data must be tamper-evident. These conditions may be satisfied with a CA-issued digital certificate.


Qualified Electronic Signatures have the same legal standing as handwritten signatures. A qualified electronic signature requires a certificate-based digital ID issued by a qualified EU Trust Service Provider (TSP) and must be made with a “qualified electronic signature creation device” such as a USB token. The eIDAS also recognizes electronic seals: Electronic Seals are similar to electronic signatures, but are typically associated with legal entities rather than natural persons. eIDAS distinguishes between electronic, advanced, and qualified seals according to the same criteria used for signatures. Some countries, such as Sweden and Finland, began accepting digital signatures long before the 2016 EU measure.


Digital Signature Laws in Canada


Handwritten and electronic signatures in Canada are treated with the same level of respect, with one additional requirement. Both parties involved in the signing must agree to accept the legality of electronic signatures in order to make the signature legally binding, per the Personal Information Protection and Electronic Documents Act.


Digital Signature Laws in Australia


The Electronic Transactions Act of 1999 established the legality of electronic signatures in Australia, with the exception of cases related to migration and citizenship. Different states in Australia have different laws regarding digital signatures related to power of attorney agreements, wills, and real estate transactions.


Digital Signature Laws in New Zealand


The Electronic Transaction Act of 2002 legitimizes digital signatures, as long as specific statutory conditions are satisfied.


Digital Signatures in China and Russia


The Electronic Signatures Law of the Republic of China makes electronic signatures valid, but handwritten signatures are still viewed as superior to electronic signatures in matters of marriages, inheritance, adaptation, and real estate. In Russia, contracts don’t need handwritten signatures to be legally binding. This means that e-signatures are valid, and even verbal agreements are acceptable in some cases.


Digital Signatures in Latin America


Digital Signatures are acceptable and valid in the following Latin American countries:

  • Argentina

  • Brazil

  • Chile

  • Colombia

  • Mexico

  • Peru

Digital Signatures in Asia


Digital signatures are legal in the following Asian countries:

  • Malaysia

  • South Korea

  • Hong Kong

  • Indonesia

  • Japan

  • Pakistan

  • India

  • Taiwan

  • Turkey

  • Thailand

  • Kazakhstan

Digital Signatures in Africa


Digital signatures are legal in the following African countries:

  • South Africa

  • Nigeria

Final Word


PKI-based digital signatures offer a great route to compliance with electronic signature laws worldwide, assuring authentication, integrity, and legal non-repudiation over and above basic electronic signatures.


About The Author: Connor Wilson is a content writer for SSL.com, a certificate authority based out of Houston, Texas

5 views0 comments