In its report on Electronic Execution of Documents (Law Com No 386) published in 2019 (the “Report”), the Law Commission set out its high level conclusions regarding the validity of electronic signatures (“E-signatures”).
They confirmed that:
- E-signatures are capable of being used to execute a document (including deeds) provided that the signatory intends to authenticate the document and that any relevant formalities (whether required by statute or laid down in contract/ other private law instrument) are satisfied; and
- The existing requirement for deeds to be signed in the presence of a witness still requires a physical presence when E-signatures are involved.
The Lord Chancellor and Secretary of State for Justice published the Government’s response to this Report on 3 March 2020, agreeing:
- that formal legislation was not necessary to reinforce the legal validity of E-signatures; and
- to convene an industry working group to consider practical and technical issues associated with the electronic execution including the question of video witnessing.
Individuals were appointed through public competition to form an Industry Working Group. The multi-disciplinary group of business, legal and technical experts’ task was to produce best practice guidelines and make proposals for further reform and development. The group started work in 2021 and their Interim Report was published on 1 February 2022.
OPTIONS FOR ELECTRONIC SIGNING IN THE UK
The eIDAS Regulation created a uniform regime for electronic identification and trust services throughout the EU and in the UK, was supplemented and on-shored (with amendments) as part of Brexit. Article 25(1) of UK eIDAS, provides that E-signatures cannot be denied legal effect solely owing to their electronic nature.
Three levels of E-signature are distinguished between:
|Standard Electronic Signature||Advanced Electronic Signature (AES)||Qualified Electronic Signature (QES)|
No identity verification of signatory required.
Used in many common transactions.
Examples: “writing” using a finger or stylus, attaching a text or digital image, typing a name or symbol.
|Adds identity verification
Links signatory identity to the signed document.
Signature record can show evidence of tampering.
|Requires heightened identity verification
Special legal status: equivalent to handwritten signature.
Sometimes required by law.
Reverses the burden of proof.
The Standard referred to above is by far the most popular in the UK, and most people will have used it in everyday life. The nuances of AES and QES explain their far smaller uptake.
AES AND GES IN DETAIL
The crucial feature of AES is its identity authentication which means it thereby meets the extra requirements in Article 26 UK eIDAS, for:
- a unique link to the signatory;
- an ability to identify the signatory;
- being created using data that the signatory can use under their sole control with a high level of confidence; and
- being linked to the data signed in such a way that any subsequent change is detectable.
Most AES rely on Public Key Infrastructure (“PKI”) to meet these requirements. PKI is a set of rules, policies and hard and software that, although implemented differently by different vendors, has the overarching aim of meeting E-signature requirements demanded by regulators across multiple jurisdictions. To properly manage the AES process and create and store the relevant keys, a Certificate Authority is involved.
QES, the most secure option, is the only E-signature with the same legal effect as a handwritten “wet ink” signature; i.e. of carrying a presumption of authenticity. QES builds on the features of AES by both its technological protection as well as a third party involvement. QES uses Qualified Trust Service Providers (“QTSPs”) which are regulated by the Information Commissioner’s Office under UK eIDAS. To achieve being a QES, a signature must firstly fulfil AES requirements and then receive a Qualified Certificate (“QC”) from a QTSP. The purpose of the QC is to verify the signatory’s identity; to prove they are both a real person and also the same person who created the account. The signature itself needs to be created by a Qualified Signature Creation Device which has a unique technical process including the aforementioned account creation.
An important point to note about QES relates to its non-domestic use. The UK eIDAS retains many aspects of the EU Regulation, including allowing EU eIDAS qualified services to be recognised in the UK. However, no reciprocal agreement exists and so QTSPs regulated by UK eIDAS are not automatically recognised and accepted within the EU.
INDUSTRY WORKING GROUP RECOMMENDATIONS
Unsurprisingly, the requisite sophistication of AES or QES constitutes one of the most significant barriers to their widespread adoption. The Industry Working Group noted that although such sophistication would probably disincentivise individuals and SMEs more than it would larger commercial organisations, the latter may nonetheless be put off by the staged process of AES/QES given that executions are often very time sensitive.
Nonetheless, the Industry Working Group affixed importance to the fact that use of smart contracts is on the rise in society. Smart contracts in turn, generally go hand in hand with an electronic signature and hence they see the goal as being for the more secure AES/QES to be taken up as much and as effectively as possible.
To achieve this, the Major Recommendations of the Interim Report included:
- establishing a cross-border database of permissible regulatory and execution modes, starting with major trading partners and potentially through a subscription access. This would vest QES with extra territorial applicability;
- establishing a government or a not-for-profit industry organisation to maintain the database access;
- the Government starting to take steps now to adopt the use of E-signatures in its third-party transactions and thereby being a visible “early adopter”. This would encourage the widest possible use of E-signatures within society (and ultimately save costs and time);
- the Government ensuring that as many documents as possible which the public may have to execute with them can be done electronically (for example Lasting Powers of Attorney and wills); and
- permanently extending the temporary provision allowing remote witnessing of wills.
Although the Interim Report is silent regarding solutions to some of the identified E-signature challenges, they are very much under review and will be addressed in the Industry Working Group’s Final Report. This Final Report is due later in 2022 and will also cover how E-signatures can be best protected from the risk of fraud. As modern technology continues to move at increasingly astonishing speed, the Final Report will seek to anticipate future changes in product availability. However, to avoid stifling such innovation through steps to reduce E-signatures prevalence, we can expect a considered effort to increase the accessibility of AES and QES, thereby bolstering their attractiveness without any compromise to contract security.
For more information, and any guidance or advice on electronic execution of agreements, Cleveland & Co External in-house counsel™, your specialist outsourced legal team, are here to help.
Please click here to follow us on LinkedIn to receive the latest information on this and other important topics!