Electronic Signatures - are they legal in the UK?

Posted by Roy Sinclair on 03 August 2014 at 2:55pm     5 comments

Paperwork! The hidden costs of printing, scanning, posting, storing and shredding signed documents can often be a drain on an organisation's overheads. The obvious solution is to employ some kind of electronic signature system, but with so many vendors offering sometimes expensive products, it is difficult to know where to turn. Each claims to offer the perfect solution but are they promoting a system that would be overkill for your particular circumstances, and would it be legal in the UK?

What is an electronic signature?

In general contractual terms, a legal signature is any mark (e.g. printed name, initials, stamp) made on a document to indicate agreement and willingness to be bound by its terms. In the UK, even the keyed-in signatory's name at the end of an email can be classed as a legal signature (but not just their name in the email's header) [ref: Mehta v J Pereira Fernandes].

An electronic signature is the equivalent of a written signature and is defined in UK law as "…data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication" [ref: Section 2 of The Electronic Signatures Regulations 2002].

These same UK regulations further define an 'advanced electronic signature' as one which is uniquely linked to the signatory; is capable of identifying the signatory; is created using means that the signatory can maintain under his sole control; and is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

So, before we even start to look at the many solutions on offer, we need to know if electronic signatures are legal for our purposes in the UK, and if so, what 'advanced electronic signatures' are and if we are obliged to use them or not. And this is where the fun starts. Each country and each American State has its own guidelines and legislation on this matter, and then each industry and different legal discipline within those countries and industries has its own interpretations and requirements depending on the type of document being signed. In short, it depends upon your organisation's circumstances, and on the specific requirements of whatever regulatory body or insurance company oversees and/or indemnifies your day-to-day operations.

If that organisation takes a pragmatic view and directly compares the legal risks with those of the traditional ink-on-paper model, you could be free to employ affordable solutions that offer you greater protection than ink-on-paper. But if they deem your circumstances to require an iron-clad umbrella approach, involving advanced electronic signatures issued by certification service providers (CSPs) registered with the Secretary of State, you may need to dig deep to find a satisfactory solution.

Forms of electronic signature (a cause of confusion).

Many people use electronic signatures every day without even knowing it. For example, clicking an 'I accept' button when buying online is technically classed as supplying a legal electronic signature. The generally accepted terminology in this field goes something like this:

Scanned Signature – a hand-written signature that has been scanned and transformed into a digital format. Without some means of verifying the relationship of the image to the related document (e.g. by scanning the entire signed document), a scanned signature is unlikely to carry any legal weight whatsoever.

Digitised Signature - a signature directly recorded by a digital device (e.g. a stylus and iPad or tablet) such as might be requested by a courier to show acceptance of a delivery. If made as a function of a secure and well designed Electronic Document Management System (EDMS), the authenticity of a digitised signature can usually be verified by recording (in an 'audit log') exactly when the signature was made, where (using GPS or a fixed IP address), and who was accessing the application at the time. If the digitised signature is then attached or embedded in the document and 'sealed' using a cryptographic hash, a secure and robust solution should result.

Biodynamic Signature – a special pen and pad is used to measure and record attributes of the signature's creation, such as pressure and speed, as well as the appearance of the end result. To be properly effective, this method still needs to be part of a wider EDMS as above, and is probably only worth the extra expense in cases where a signature is repeatedly required i.e. so that an immediate comparison of the dynamic data collected can be made with a known 'master' biodynamic signature.

Digital Signature - a technically complex cryptographic solution whereby the signatory uses a private and public key pair to allow verification by the recipient. This involves similar digital mechanisms to how a website 'green bar' internet connection is verified. This high-end solution is employed by CSPs as part of their certificated 'advanced electronic signature' service. It is obviously a worthwhile procedure for high-value contracts, medical authorisations, deed transfers or mission-critical legal documents exchanged remotely, but its relevance to day-to-day operational procedures for SMEs will depend on the particular legal risk associated with the signature's collection, and whether or not the person signing is on the premises or far away.

So come on then ...are electronic signatures legal in the UK?

The legislation that covers the legality of electronic signatures in the UK can be found in Sections 7 and 8 of The Electronic Communications Act 2000 which (in summary of s.7(1)(a)) states that in any legal proceedings, an electronic signature incorporated into or logically associated with a particular electronic document, shall be admissible in evidence relating to that document's authenticity or integrity. Alternatively, s.7(1)(b) states that the electronic signature can be certified by a statement confirming that it is a valid means of establishing the document's authenticity. The important point to note is that the Act makes no distinction between the different forms of electronic signature so long as there is either a logical association with the relevant document, or a certification of its validity.

Furthermore, Part 1 of the Act which deals with the cryptography service providers never came into force and has now been repealed, further increasing confidence in electronic transactions by providing legal admissibility for electronic signatures. Finally, the Act allows for the modification of existing legislation to specifically remove restrictions on using electronic communications instead of paper, which are collectively known as Section 8 orders.

So the answer is a definite 'yes', all e-signatures are admissible in UK legal proceedings, but it will be down to the courts to individually determine the evidential weight to be granted to them, depending on their type and the circumstances of their collection and use. Thus if all you have to submit to a court is a scanned image of a person's signature and they are denying having made it relative to the document in question, you will surely be on shaky ground. But if they sent the document remotely with an accompanying 'advanced electronic signature', or if you can produce a forensically verifiable audit log that convincingly shows the signature to have been made on your premises at a particular time, relating to a specific document, you'll most likely be in a very strong legal position.

How might electronic signatures benefit hotels or motorsport circuits?

The potential cost savings of using electronic contracts and forms should be obvious to any hotel or circuit manager, but different methods have different costs. Common-sense suggests that you should choose a method of electronic signature authentication that is proportionate to the risk profile of the particular contract. Thus if you are selling or buying a hotel or race circuit electronically, you might want to use an 'advanced electronic signature' to minimise the chances of the signature being questioned. Conversely, if you wish to collect the signature of a registering hotel guest at check-in, or an arriving racing driver at 'sign-on', you might want to find out if your insurers will accept a digitised signature as part of a secure EDM System with verifiable audit logging.

As always, if you know anything I have written here to be incorrect, I would welcome your comments below.

Author: Roy Sinclair is an experienced web application developer who started Sinclair Design in 1987. Please note that he has no formal legal training. G+

Loading Conversation