Gartner: Entrust Named a Leader in Identity Verification

Open Web Portal Support
Signhost logoSignhost logo
Log in

Electronic Signature Best Practices + Three Companies That Faced Challenges

Team Signhost

August 9, 2024

image

The global market in electronic signatures is set to rise from US$3.92 billion in 2022 to a projected US$43.14 billion in 2030. Given the rise in remote working and the efforts being made in areas such as the European Union to make it easier to do business across national borders, the ability to add legally recognized digital signatures of official documents is integral to the way we will work in the future. 

In the US, the Internal Revenue Service (IRS) – the country’s tax collection service – has agreed to continue to allow taxpayers to sign documents electronically on an ongoing basis. This followed the acceptance of electronic signatures as a temporary measure during the pandemic. 

Indeed, once users experience the convenience and practical nature of using e-signatures, they are more likely to want to integrate them into their workflows in the future. In the UK it is reported that two-thirds of electronic signature users signed up for the service as recently as 2020. In this short time frame, 66% of the respondents said they planned to increase and expand their usage of e-signatures.

 

The legal framework governing e-signatures in the EU

The framework for e-signatures is continually evolving in the EU. Until 2000, the only legal form of signature was a handwritten one, known as a wet signature. Here are the relevant pieces of legislation since then:

LegislationEffect on electronic signatures
eSignature Directive (2000)Established the legality of using digital signatures on communications within the European Union.
eIDAS Regulation (2016)Harmonized the definition of electronic signatures across the EU and established that documents could not be denied legal effect because the signature is in electronic form.
eIDAS 2.0 (estimated for 2026)Will increase the security of managing electronic signatures, including adding an e-signature to a user’s European Digital Identity Wallet (EUDI).

 

There are three recognized types of electronic signatures in the EU. They are: 

  • Simple Electronic Signature (SES) – A basic way to show confirmation or acceptance of something.
  • Advanced Electronic Signature (AES) – Allows the party receiving the signature to check, but not verify, the identity of the signing party. This makes it more secure than an SES.
  • Qualified Electronic Signature (QES) – The most secure type of e-signature, which holds the same weight as a handwritten signature and requires verification methods to establish the signatory is who they say they are. 

 

Electronic signature best practices

If you want to accept digital signatures for electronic documents, here are the steps and best practices involved: 

Understand the legislation

To gain the benefits of using e-signatures in your workflows whilst maintaining compliance, you should be aware of the legislation around electronic signatures. In particular, pay attention to the definitions of different types of signatures within the eIDAS regulation, the details of their legal effect, the technical standards regarding e-signatures and the list of accepted EU trust service providers

By knowing what the signatures can legally represent and how organizations can use them, you will be able to implement this capability into your business processes more effectively and with the full knowledge of your legal standing. 

Match your needs with the type of signatures available

Analyze the tasks that you want to complete using digital signatures and assess the requirement for each to understand what level of protection they need. 

 

For example, a large amount of the documents that need signing might be low-risk, such as internal PDFs that need signing off. These could be completed with an SES, which does not require strict identification and verification processes. 

 

However, you might want to implement electronic signatures for employment contracts, non-disclosure agreements or mortgage or loan agreements. In these situations, a QES would be more appropriate. 

 

Consider the risks associated with the tasks and weigh up the expense of requiring a more secure signature versus the potential damage of a legal challenge against the agreement. 

Decide how to offer electronic signing

There are two options for allowing stakeholders to sign legal documents electronically. One option is to design your own system to use in-house, but you will need to check that it is compliant with the eIDAS regulation for it to be suitable for your purposes. 

 

Alternatively, you can partner with an electronic signature software provider such as Entrust Signhost. It can provide you with a web portal through which to request electronic signatures and help you build the capability into your own site through an application programming interface (API).

 

In the latter option, whoever is signing the document simply uploads it, adds their chosen verification methods, and then sends the document to be signed. 

Create a digital signature policy

 

If you have multiple different methods of signing for different risk categories of documentation, create a policy so that stakeholders understand which level of protection to utilize for each type of document. 

 

Make this policy available to all stakeholders and implement training to ensure they understand how and when to request the different types of electronic signatures. Educate them on the company’s responsibilities when working with e-signatures and the law regarding electronic identification in general (eID). 

Three companies that experienced e-signature challenges 

Case study: Thumbs up

A Canadian grain and crop company, SWT, sued a farming business, Achter, in 2023 over a deal for flax that SWT said Achter had agreed to. A representative of SWT had sent a picture of a contract by text message to Achter’s owner, requesting a consignment of flax at CA$17 per bushel. The sender had written  “Please confirm flax contract” to which the recipient responded with a thumbs-up emoji. 

 

Achter failed to deliver the flax and SWT sued for breach of contract. It asserted that the thumbs-up was an acceptance of the contract, whereas Achter defended itself by claiming it was instead just an acknowledgement that it had received the offer. 

 

However, the court found that the thumbs-up did signify a contractual agreement and could be seen as a legal signature. It cited previous deals between the two parties where Achter’s representative had replied to similar messages with comments such as “ok”, “yup”, or “looks good” before delivering the goods. Achter had to pay CA$82,000 in damages

 

This shows that a simple electronic signature can take many forms and that companies must be precise in their wording surrounding deals that they make. It is also advisable to confirm contracts with a type of signature that records an intent to sign. With a QES, the process is so robust that the burden of proof is on the signatory to prove they did not mean to sign the contract in case of dispute. This gives the party that produced the document peace of mind that the contract can be legally enforced and an audit trail to prove its efficacy. 

Case study: Loan agreement

A Dutch man applied for a loan from Swishfund for his company, signing a loan guarantee agreement personally at the same time. When the company failed to repay the loan, it defaulted and was made bankrupt. Swishfund requested the guarantor pay the remaining €14,776.57 of the loan, but he argued that he had not signed the guarantee contract.

 

Swishfund took the man to court and explained that it had sent the agreements to the man in Adobe Sign via email. He had entered a verification code sent by text to his phone before he could open the documents. He then initialed and signed the documents before completing the process, leading to Adobe Sign creating a seal that prevented further edits taking place. 

 

However, the court found that it was not a QES or even an AES and that meant the signature was not significantly reliable to show consent to the guarantee agreement. It stated that Swishfund had carried out significant due diligence on the man’s company, but it only held one piece of identification for him personally. And it could not prove it had undertaken any further contact with the man. 

 

The court found that this was not a sufficient identification process to prevent fraud from someone who had gained access to a company email and the business banking details. The man did not have to pay the amount requested

 

This shows the importance of choosing the correct security level of signature for the type of document in your electronic signature processes. For a contract worth thousands of euros, to not have sufficient checks in place is a major mistake. 

Case study: Train purchase

In 2021, the Austrian Federal Railways ÖBB signed an agreement with Swiss train manufacturer Stadler to procure a fleet of double-decker trains. The €3 billion contract was in place and ready to go until a rival manufacturer queried the signature on the agreement

 

Stadler had used a qualified electronic signature as requested, but it was from a Swiss Trust Service Provider. Despite Switzerland’s close links with the EU and the European Economic Area (EEA), it is not a member of either and, as such, the signature was not legally recognised in the EU.

 

In fact, the Swiss QES is almost identical to the EU version, but despite the EU and Swiss laws allowing for the possibility of creating a recognition agreement between the two countries, it had not been a part of the negotiations in this case. 

 

As such, the contract was declared null and void. ÖBB reopened the tender process at a later stage and awarded the new contract to Stadler again. 

However, this shows the importance of understanding the legal standing of your signatures. eIDAS means that there is interoperability between all EU and EEA member states, but you must be careful when entering into agreements with third countries. 

FAQ

What constitutes a legally binding electronic signature in the EU? 

Electronic signatures must comply with the eIDAS regulation, which sets forth standards for electronic signatures to be considered legally binding across the EU. This includes ensuring the identification and consent of the signatory and the integrity of the signed document.

Can electronic signatures be used for all types of contracts in the EU? 

You can use electronic signatures for all contracts in the EU, as eIDAS states that an e-signature cannot be discounted purely for being in digital form. However, you should match the security and risk level of the types of documents with the level of signature you choose to use. 

How can companies verify the identity of a person signing electronically? 

Companies can use various methods, including SMS verification, email confirmation, digital ID verification services or biometric data, depending on the level of assurance required by the eIDAS regulation and the company's own security policies.

How can cross-border legal recognition of electronic signatures be ensured within the EU? 

Ensuring that an electronic signature is created using a solution that adheres to eIDAS standards is crucial for cross-border recognition. Additionally, using a trusted service provider listed under the EU Trust List can ensure acceptance across borders with other member states.

Does an email count as a signature?

According to the eIDAS regulation, an email can be considered part of an electronic signature process but on its own does not necessarily meet the standards for an electronic signature. The regulation distinguishes between different types of electronic signatures, and the validity of an email as a signature would depend on the context and adherence to specific requirements, such as the intent to sign and assurance of the signer's identity. 

Following electronic signature best practices can help businesses avoid some of the pitfalls that have befallen other organizations. Using an electronic signature solution means that you follow the correct process to request and accept signatures that meet the legal requirements and provide peace of mind that there will be no challenges to the authenticity of the signature. 

Entrust Signhost

Entrust Signhost offers this service to businesses, with seamless integration into your systems and the ability for signatories to sign using any device, wherever they are. Start using Entrust Signhost for free today.

References and further reading

 

*Disclaimer: This content does not constitute legal advice. The suitability, enforceability or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.