The UK government welcomes the publication of a new expert report on best practices for using e-signatures
In February, the UK government welcomed the publication of a new expert report on best practices for using e-signatures. In this post, we go through the report’s key findings and recommendations.
On 1 February 2022, the UK Ministry of Justice welcomed the publication of a new interim report by an expert Industry Working Group on best practices for using e-signatures. The Industry Working Group was formed following a recommendation by the Law Commission, which was further endorsed by the Lord Chancellor.
The Electronic Execution of Documents report provides an in-depth overview of the current state of e-signature use in England and Wales along with a simple best practice guidance. The report concludes with a number of key recommendations for further analysis and future reform.
Background
In its Report Electronic Execution of Documents (2019), the UK Law Commission concluded that electronic signatures “were valid for the vast majority of business transactions and legal processes”. However, the report also highlighted various issues and uncertainties related to the use of e-signatures, which have potentially restrained some parties from adopting them. To tackle these, the report recommended the formation of a multi-disciplinary group of business, legal and technical experts to come up with potential solutions and produce a best practice guidelines framework.
Scope
The interim report of the expert Industry Working Group on electronic signatures had the following three key objectives:
to analyse the current situation in England and Wales,
to set out simple best practice guidance which could be followed immediately, using existing technology, and
to make recommendations for future analysis and reform.
Here, we take a more detailed look at each of these objectives and the Group’s findings.
Current state of e-signatures adoption in the UK
In 2019, the UK government introduced a new set of eIDAS Regulations that officially recognised the following three types of electronic signatures:
Simple or Standard
Advanced Electronic Signature (AES)
Qualified Electronic Signature (QAS)
According to the expert Industry Working Group, these three types of e-signatures are adequate and there is no need to introduce any other categories or levels at present.
The simple electronic signature is currently the most widely used type in the UK. Whilst simple e-signatures are convenient and easy to use, they carry a higher risk of signature fraud and they don’t fully meet the extra requirements set out in the UK eIDAS Regulation Article 26 for a signature to be:
uniquely linked to the signatory
capable of identifying the signatory
created using electronic signature creation data that the signatory can, with a high level of confidence, use under his/her sole control
linked to the data signed therewith in such a way that any subsequent change in the data is detectable
The AES type of signatures tackle this by establishing a link between the signature and the signatory, whilst the QESs provide an extra level of security through both additional technological protection and the involvement of a third party in the form of a Qualified Trust Service Provider (QTSP).
Despite the much higher protection offered by AES and QES, the current adoption rates of these types of e-signatures are considerably low across the UK. In an effort to explain the reasons behind this trend, the group looked at some of the possible obstacles to adoption and the overall user perception:
Technical barriers - The requisite sophistication of AES and QES’s technical requirements is considered to be one of the most significant barriers to widespread adoption.
Lack of accessible guidance – Historically, there has been no formal and user-friendly guidance provided by independent and non-commercial parties to navigate the complex legislation and technical requirements associated with QES.
Protracted signing process - The identification aspect of QES could be seen to add an additional hurdle for the user. Unless a signatory is familiar with using an electronic ID (which, in England and Wales, is unlikely), they may find the identification process time-consuming and potentially invasive.
Complicated identification requirements and options – Currently, there is no standardised pan-European identification process, so the different e-signature solutions use different means of identification which adds a further layer of complexity.
Lack of uniformity across various jurisdictions - Many jurisdictions (such as the US) do not have a QES equivalent. Parties from those jurisdictions (and their advisers) would find the complexity of the QES process quite difficult to comprehend, given how dissimilar it is to their own (simpler) regime.
Evidential concerns - Whilst the technical security requirements for a QES are stringent, the requirements for the identification element of that process, according to the Working Group, currently lack consistency across different jurisdictions. The ID verification process involved with a QES could itself be said to be open to identity fraud.
Moving to e-signatures?
Cygnetise complements the use of eSignatures within organisations, mitigating the risk of unauthorised personnel signing where they shouldn’t.
Best practices for executing electronic signatures
The Group identified 5 key principles for the effective execution of electronic signatures and digital document authorisation:
1) Develop a uniform e-signature policy. The policy should clearly set a formal procedure for executing electronic signatures and determine the optimal form of e-signature for the transaction, and in particular, which eIDAS category (Qualified, Advanced or Simple) is required.
2) Deploy an appropriate signing technology. The signing platform of choice should provide a minimum set of security/safety/functionality with a strong audit trail that demonstrates an intention to sign by the signatories. Such platforms should as a minimum include the ability of signing parties to download/retain executed documents. In particular storage, the so-called ‘shelf life’ of documents and their audit trail details should be clearly identified by the signing platform to enable informed choice by signatories.
3) Use a signatory authorisation application. Consider whether additional evidence to record the fact that the signatory is approving the document is necessary and/or appropriate. Digital signatory management tools like Cygnetise allow organisations to easily keep a full track record of all signatory data.
4) Provide multiple signing options. Where possible, provide multiple options to vulnerable customers or counterparties so that these groups can adopt a method of signing that suits their needs.
5) Offer easier authentication for parties with verified digital identities. Authentication should be easier for those with secure digital identities, but this should not be essential.
Recommendations for future e-signature reform
The report concludes with a recommendation framework for future analysis and reform of the UK’s existing legislations related to the execution of e-signatures. According to the group, the government “should take steps now to adopt the use of electronic signatures in its transactions with third parties, whether providers of goods or services to government or the public”. By doing this and acting as an “early adopter”, the government will be able to encourage the widest possible use of e-signatures within the society.
The group also highlighted the crucial role of standardisation, which will significantly facilitate the transition and widespread adoption of electronic signatures. Finally, the group suggested that the temporary provision allowing remote witnessing of wills should be extended permanently.
Cygnetise provides a secure, real-time signatory management platform, equally accessible from principal or remote locations.