Last week, we evidenced the importance of using standards-based technology supplied by certified providers. In this second part of the article, we will enrich the series of best practices in adopting and using electronic signature with four new ones with an indisputable impact over the legal level of assurance of electronic signatures.
3. Do not print your electronically signed documents – they lose their probative value
If a paper contract is signed then scanned and stored digitally, it is loses part of its legal value. So, we got used to always keep safely the original which will serve as best evidence possible in case of legal disagreement. The same principle applies to electronically signed documents. Since they are electronic (digital), they must be kept in an electronic format, otherwise they lose their legal value. The electronic signature, at least the visible part, does not only contain the signer’s name, date and time of the signature, but it is also linked to a certificate which provides vital information about the signature level, the validity of the certificate, the provider etc. These features are available for consultation only in an electronic format. They do not appear when the document is printed, hence the legal value and authenticity of the electronic signature can be easily disputed in court.
Not being allowed to print electronically signed documents also means that they must be archived digitally. This could be good news for companies, which no longer need huge physical spaces to store their paper documents. Nonetheless, digital preservation must be done in compliance with personal data protection and privacy laws and must guarantee the confidentiality integrity and availability of documents. We will come back on this topic in one of our following posts.
Other possible issues could rise from mixing electronic signatures with handwritten ones. This process may involve printing and scanning. Our recommendation is that all parties involved in signing electronically a contract adopt or use the same process: either digital (electronic signature) or analogue (“wet ink” signature).
4. Be aware of the expiration date of your electronic certificate
This is highly important in industries that require documents to be accessible for a long-term period of time (10, 25, 50 years). An electronic signature is shown as valid as long as the certificate to which it linked it is valid. Typically, the lifetime of such a certificate is between 1-3 years. Do not worry, this does not mean that electronic signature loses its legal value once the certificate expires. It still stands in court if the certificate was valid at the time of the signing, just the verification process might turn out to be a very complicated task. It will be quite hard and time-consuming (depending of the technology used) for an independent body to verify in present time the status of the certificate at the time of signing, but not impossible.
There are technological solutions currently being developed to ensure e-signature’s validity over longer periods of time in compliance with current regulations (eIDAS regulation) or standards (see ISO 14533). One could be to periodically renew the short-term certificates. Another one could be to subscribe to a service that ensures a higher longevity for the certificates. Now, we come back to points 1&2 largely discussed in the previous post, where we advised to work with accredited, certified providers which dispose of the legal knowledge and expertise to help you choose the best solutions adapted to your needs.
5. Opt for an e-signature level that allows tampering detection
As described here, not all eIDAS e-signature levels enable tampering detection. This is an invaluable feature in detecting and fighting fraud. It informs you that the data in the signed documents has been altered which leads to the invalidation of the signature. This is also an advantage of using e-signature services that the wet ink signature does not provide. Paper documents can be modified or even backdated, but electronically signed ones provide an incomparable level of data reliability and traceability.
6. Opt for an e-signature service that provides an extended audit trail
Most of the e-signature services capture a minimal required level of information regarding the signing event visible directly in the signature template. This usually includes: first and last name of the signatory, date and time of the signing event, maybe the email address. You may ask yourself why we would need more information… after all, when signing paper documents we do not have more details about the context or the signing event.
Not having enough information can be troublesome in case of litigation where more factual evidence is required for a strong legal defense/offense when qualified electronic signature is not applied. Things can get even more complicated if multiple signers are involved in the process. One of the strengths of using e-signature solutions is the wide range of data that the system can collect, so why do not take advantage? A detailed report that tracks every step in the signature process adds transparency and clears any doubts. A complete audit log (or trail) should provide information about: when the signing session was created, started, completed; about every email/notification sent to signers; when signers viewed, signed or rejected the documents etc.
We have learnt something new (hopefully!) about digital archiving and validity of certificates and we encouraged you to opt for e-signatures complemented by tampering detection and audit trail features. These best practices came out of a deeper understanding of technology use and relevant regulations. With every technological advancement made and use case developed, we refine and upgrade our best practices knowledge. Are you interested in adopting these electronic signature best practices in your company? Get in touch with our experts here. They will support you in implementing the right solutions tailored to your company’s needs and expectations.