Does an e-signature have to look like a handwritten signature?
We are so used to handwritten signatures and to sign in wet ink that it has become almost inconceivable not to see signatures at the bottom of a page. E-signatures (at qualified level) are the digital counterpart of our signatures on paper, so we might be inclined to believe that is it equally important to see the e-signature watermark just as “wet ink” signature would look like. Is this right or it is just a myth?
What is the legal value of an e-signature appearance?
Most of the e-signature online tools give you the possibility to create and design how your e-signature looks like on a digital document. The image of the signature and its elements are fully customisable. The result usually includes the full name of the signer, the date and time of when the signature was applied, the company name and the location. Signers can choose to upload and complement the image with a logo, image or even the scanned image of their handwritten signature to make it more personal. At the end, the e-signature can resemble with the signature we are used to see on papers. This is a nice feature, but what is its legal value?
From a legal standpoint, there are no rules or indications on how an e-signature watermark should look like. Seeing an image of a signature on a digital document does not automatically bring any assurance over the identity or consent of the signer. In case of legal dispute, extra evidence would need to be put forward to prove who and when signed that document. Just as much, if you do not see the e-signature watermark on a document it does not mean that that document is not signed correctly. How is this possible?
An electronic signature is different from a handwritten signature
When you sign electronically a document, the system generates a unique code (known as a “hash”) linked to the document. The hash is a series of characters that act like an identifier of the document. It also combines data regarding the certificate of the signer (its identity, validity, issuance etc.). If anything in the document, even a space, changes after e-signature, the hash does no longer corresponds to the original signed documents, so the e-signature becomes invalid. The process is rather technical and automatic; not visible to the naked eye.
This is also why, seeing the e-signature watermark is not mandatory. The document can be successfully signed even if it is missing the visual resemble of the e-signature. A way to check is this to check signature panel in public available tools such as Adobe Reader. However, seeing the green check mark does not always mean that the signature is valid. Depending on how these tools are configured, the result can be a false positive or a false negative.
The Digital Signature Service (DSS) Demonstration WebApp is another tool available to check the validity of e-signatures, but this is rather manual process, meaning that you can only check the validity of one document at a time against a series of pre-defined parameters. This service also requires submitting the documents to be validated on the platform, it is thus advisable to avoid sharing classified or confidential content.
How to make sure the e-signatures are valid?
Over time, the e-signature certificates may expire or be revoked and its elements may become weak (algorithms, cryptographic keys, signed data included in the signature…). So, in order to be able to check the validity of the e-signature at the moment when it was executed, eIDAS Regulation introduced the validation service of e-signatures at qualified level. This service performs the validation of electronic signatures and seals on signed artefacts, provided that the to be validated signatures and seals comply and conform to the eIDAS Regulation and applicable standards. Such service enable businesses to verify automatically the validity of large documents and provides a detailed report of validity elements with a probative value. This is highly useful in case of certificate based signatures (such us the advanced and qualified one), but it can be also configured to check the validity of e-signatures against pre-defined criteria according to the internal needs of the company.
To sum up, the role of an e-signature appearance is to recreate something that is familiar to us. It offers a feeling of reassurance and comfort to both signers and users, but it does not bear any legal importance. What really matters are the cryptographic algorithms and elements behind the creation of an e-signature that have to be up to date and stand the test of time. In order to verify them, the validation service is a useful tool to check their trustworthiness and provide evidence to a judge in case of litigation.
The above represents LuxTrust’s understanding of the relevant law or regulation and should not be taken, relied on or interpreted as a legal opinion. Customers are encouraged to seek independent legal advice before taking any action or decision based on this information. LuxTrust may not be held liable for damages that may result from the use and/or interpretation of the information contained in this document.