Electronic Signature Types and compatibility with Core Signature
With OpenText Core Signature your customers are requested to sign a contract after clicking on a link in their email. This is a legal alternative to for example having the contract printed, signed and scanned.
Due to the added documentation, the fact that the contract cannot be changed during the entire process and the signed contracts are automatically stored in one place it's often a more secure alternative to many conventional practices.
As of July 1 2016 all EU member states have adopted the eIDAS regulation. Therefore all member states have the same new regulations regarding the legal effect of electronic signatures.
eIDAS Article 25: Legal effects of electronic signatures
"An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures."
(source: Article 25 eIDAS)
Through the above article an electronically signed document is admissible as evidence. During a dispute the level of proof will be important. An advanced electronic signature has higher requirements with respect to the level of proof.
eIDAS Article 26: Requirements for advanced electronic signatures
An advanced electronic signature shall meet the following requirements:
it is uniquely linked to the signatory;
it is capable of identifying the signatory;
it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
(source: Article 26 eIDAS)
Below, an explanation will be given on these requirements.
a. it is uniquely linked to the signatory
A ‘signing log’ is generated after the document has been signed. This ‘signing log’ is uniquely linked to the signatory and the document with a hash code.
b. it is capable of identifying the signatory
The ‘signing log’ contains the following information about the signatory:
All inputs made, for example: name, date and signature
IP address during signing
Time and date of the signature
Hash code of the signed document
Details of added attachments, for example: a document tied to verify identity (optional)
The signatory can be identified on the basis of the above means. Every organization should choose the means necessary and weigh the degree of reliability required compared to the ease of signing.
When opting for email verification the use of Core Signature is comparable to the process of printing, signing and scanning.
c. it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control
The signatory can keep his email account, phone, and/or Core Signature and Core account under his sole control. Indeed when an account is managed by the enterprise, such as through SSO and Active Directory integration as part of Core Share, this further increases the level of confidence.
d. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable
Core Signature adds a hash code to the ‘signing log’. A hash code is unique for every document. Therefore, even the slightest change of the document will result in a different hash code. Comparing the hash code of a document with the original hash code on the ‘signing log’ will determine the integrity of the document.
In addition, Core Signature sends the hash codes of the document and signing log by email after all parties have signed and keeps a log of these hash codes.
Lastly, the documents are also sealed with an OpenText-controlled digital certificate stored securely in a hardware security module.
There are two laws that establish the legality of electronic signatures in the United States.
The Electronic Signatures in Global and National Commerce Act (E-Sign Act), signed into law on June 30, 2000, provides a general rule of validity for electronic records and signatures for transactions in or affecting interstate or foreign commerce.
UETA (1999) establishes the legal equivalence of electronic records and signatures with paper writings and manually-signed signatures, removing barriers to electronic commerce.
What is the starting point?
There is a solid legal framework for the use of an electronic signature. Yet sometimes one still has some doubt. In that case it is good to analyze the current state of affairs within an organization.
When contracts are currently for example sent as a PDF attachment and after printing and signing returned as a scanned document the organisation has no 'wet' (or drawn) signature. Then there is even more uncertainty about the integrity of the document. The content of the PDF sent by email can easily be modified without being noticed and a fake signature can be added.
With Core Signature the document can not be changed without your knowledge and any added data is logged. In addition, all signed documents are easy to find so there are no more lost documents, and the documents are stored securely within OpenText Core Share.
While it is important to mention that only a judge can determine if the signed contract has an "adequate" reliability and level of proof, the use of OpenText Core Signature offers, in many cases, provides an an even safer and stronger legal position for external and internally-driven signature-related use-cases than the traditional way that signatures have been obtained in the past.