If the whole planet isn’t on the cloud already, it will be before you know it. With a growing digital population, more things are being done remotely that we had never before thought possible. One such thing is digital signatures. As more and more people look to execute documents digitally, cross-border legality of such actions could potentially become a roadblock.
While most industrialized nations now recognize and accept digital signatures as legally binding, there may be slight stipulations from one case to another. Fortunately, there are a few nearly universally accepted principles and steps that you can take to ensure your digital signature is acceptable, wherever the contract is being executed.
Digital Signatures vs Electronic Signatures
While they may seem synonymous, an electronic signature is not necessarily a digital signature. An electronic signature can consist of anything from writing your name at the bottom of an email, a scanned signature, clicking an “I accept” button, associated biometric data such as fingerprints, or using an e-signing platform.
A digital signature is the most secure and sophisticated form of electronic signature. Using PKI, digital signatures allow both parties to be sure that the right people are signing. This is because signatories are required to have their identities validated by a trusted certificate authority like SSL.com before a document signing certificate is issued. Depending on the industry and the jurisdiction in which you’re conducting business or executing a document, you may need a verified digital signature over a standard electronic signature.
How do Digital Signatures Work?
Electronic signatures often consist of an image of a handwritten signature, usually made with your finger or a stylus on a touchpad or screen. They may also include single or multi-factor authentication methods such as a PIN, password, email authentication, or more. The term “electronic signature” on its own does not guarantee that any type of third-party validation of the signatory or integrity of the document’s content has taken place.
Unlike a basic electronic signature, a digital signature uses a PKI-based digital certificate issued by a certificate authority (CA) which binds the identity of a person or organization to a cryptographic key pair. When a document is digitally signed with the signer’s private key, the document’s content and the signatory’s identity are bound together cryptographically to form a unique digital fingerprint. This digital signature ensures:
A third-party publicly-trusted CA such as SSL.com can take care of the validation process and issue a document signing certificate, giving you or your organization added assurance when executing a document digitally.
Digital Signatures in the Cloud
As more and more people begin using cloud-based platforms, the use of cloud-based digital signatures is becoming increasingly more common. The main draw of using a cloud-based digital signature is ease of use and automation, all while enjoying the benefits of a true digital signature, including encryption within the document itself.
Is My Digital Signature Valid In Other Countries?
Currently, PKI-based digital signatures are fully acceptable in the US, EU, Canada, and, in most cases, in Mexico. Mexican law requires handwritten signatures for notarization of a variety of legal documents, including real estate contracts, marriage certificates, contracts of inheritance, powers of attorney, and articles of incorporation.
Some countries, such as China, view electronic and digital signatures as valid, but consider handwritten signatures as superior to electronic and digital signatures in matters of marriages, inheritance, adaptation, and real estate.
Digital Signature Laws Worldwide
Digital Signature Laws in the US
Electronic and Digital signature laws in the US are among the loosest in the world. The United States passed the ESIGN act in 2000, making electronic signatures legally binding. The law defines an electronic signature as: “an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record generated, sent, communicated, received, or stored by electronic means.”
Currently, both handwritten and electronic signatures have the same status in the US.
Digital Signature Laws in the EU
In the European Union, there are two types of certificate-backed electronic signatures: Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES). Both are uniquely linked to the signer, but QES require participants use Qualified Certificates issued by accredited CAs, as well as a qualified signature creation device, which can be a smart card, USB token, or a cloud-based trust service. This means that cloud-based digital signatures are already accepted in the EU, just as they are in the US.
The European Union’s Electronic Identification and Trust Services (eIDAS) Regulation, effective in 2016, recognizes three types of electronic signatures:
Electronic Signatures. eIDAS defines an “electronic signature” as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” Like ESIGN, eIDAS also states that a signature cannot be denied legal admissibility solely because it is in electronic form.
Advanced Electronic Signatures must be uniquely linked to and identifying of the signatory, must be created using signature data that the signatory can use under their sole control, and any signed data must be tamper-evident. These conditions may be satisfied with a CA-issued digital certificate, such as SSL.com’s Business Identity certificates.
Qualified Electronic Signatures have the same legal standing as handwritten signatures. A qualified electronic signature requires a certificate-based digital ID issued by a qualified EU Trust Service Provider (TSP) and must be made with a “qualified electronic signature creation device” such as a USB token.
The eIDAS also recognizes electronic seals:
Electronic Seals are similar to electronic signatures, but are typically associated with legal entities rather than natural persons. eIDAS distinguishes between electronic, advanced, and qualified seals according to the same criteria used for signatures.
Some countries, such as Sweden and Finland, began accepting digital signatures long before the 2016 EU measure.
Digital Signature Laws in Canada
Handwritten and electronic signatures in Canada are treated with the same level of respect, with one additional requirement. Both parties involved in the signing must agree to accept the legality of electronic signatures in order to make the signature legally binding, per the Personal Information Protection and Electronic Documents Act.
Digital Signature Laws in Australia
The Electronic Transactions Act of 1999 established the legality of electronic signatures in Australia, with the exception of cases related to migration and citizenship.
Different states in Australia have different laws regarding digital signatures related to power of attorney agreements, wills, and real estate transactions.
Digital Signature Laws in New Zealand
The Electronic Transaction Act of 2002 legitimizes digital signatures, as long as specific statutory conditions are satisfied.
Digital Signatures in China and Russia
The Electronic Signatures Law of the Republic of China makes electronic signatures valid, but handwritten signatures are still viewed as superior to electronic signatures in matters of marriages, inheritance, adaptation, and real estate.
In Russia, contracts don’t need handwritten signatures to be legally binding. This means that e-signatures are valid, and even verbal agreements are acceptable in some cases.
Digital Signatures in Latin America
Digital Signatures are acceptable and valid in the following Latin American countries:
Digital Signatures in Asia
Digital signatures are legal in the following Asian countries:
Digital Signatures in Africa
Digital signatures are legal in the following African countries:
PKI-based digital signatures offer a great route to compliance with electronic signature laws worldwide, assuring authentication, integrity, and legal non-repudiation over and above basic electronic signatures. SSL.com’s Business Identity certificates offer legally-compliant, publicly-trusted digital signatures (along with secure S/MIME email and client authentication) on a convenient USB token you can take with you anywhere, for a price as low as $249.67 a year.
As global business continues to move online and many countries’ policies favor the assurances offered by PKI and digital certificates, taking the step to provide your organization with legal, valid digital signatures will keep you in a position to scale with larger and more varied opportunities in the future.