Have you been wondering what types of signatures exist, when are they needed and how they work? 

In this article, we will provide you with a summarized overview of signatures and general insight into digital signatures which you can use on your Contractbook-native legal documents.

Digital signatures

When are digital signatures binding?

A signature is made by an individual on a document to signify acceptance, an obligation, certification of knowledge, or approval. When signing a document, the signature authenticates in writing that the individual accepts/validates the contents of the document.

What is a digital signature and why should you use it?

You can find more information about that in our blog section here.

How can I make sure a digitally signed document is valid?

You can always validate a digital signature manually after downloading any of your signed through Contractbook contracts as a PDF. Simply open the document in Adobe and go to the signature panel. Click here for more information about that.

What regulation applies to digital signatures?

In the European Union, we have a Regulation shortly called eIDAS: Regulation on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market.

Any idea on what eIDAS is?

Here is a link to our blog section which will help you understand that much better. 

The Regulation came into effect in 2016 and has its aim to ensure an adequate level of security of different mechanisms of electronic identification and trust services. It is directly applicable to all EU countries. eIDAS has also been implemented in some non-EU countries such as the EEA EFTA States: Norway, Iceland, and Liechtenstein.

Digital signatures are also accepted by many countries across the world. See what countries accept digital signatures here.

Why are digital signatures binding?

According to the eIDAS:

• “Digital signatures shall not be denied legal effect or admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form, or that it does not meet the requirements for Qualified Electronic Signatures.” What this means is that no one can deny the legal effect of a digital signature because it is in electronic form.
• “A Qualified Electronic Signature shall have the equivalent legal effect of a handwritten signature.”

Therefore, in cases where a handwritten signature is absolutely required, a Qualified Electronic Signature is sufficient, but an Advanced Electronic Signature would not be sufficient.

Therefore, a digital signature in the EU countries cannot be denied its legal effect just because they are digital.

What types of signatures are there, and what are the differences?

Handwritten Signatures

A handwritten signature is signing a document with a pen. This is commonly referred to as “wet signature”. Although it is a simple way of signing documents, it still carries a lot of strength but it requires extra time. Some public agencies do not enable digital signatures or forms to be sent digitally, and a handwritten signature is the only valid type of signature in those cases.

Electronic Signatures

eIDAS defines 3 different forms of electronic signatures:

• Standard Electronic Signature
• Advanced Electronic Signature
• Qualified Electronic Signature

A digital signature cannot be denied legal effect just because it is digital, but countries may request a specific type of digital signature. In other words, a digital signature may be denied on the basis that it is considered a Standard Electronic Signature, and not an Advanced Electronic Signature.

Here is some further elaboration upon the 3 types of electronic signatures:

1) Standard Electronic Signature

• Is defined as “means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”.
• Examples: 1) Typing the name at the bottom of the document; 2) Drop-signature using the mouse, pre-saved signatures on a PDF, or signing by clicking.
• It does not usually involve a third party to verify the identity of the Signee. Therefore, it can easily be forged/misused, depending on what kind of Standard Electronic Signature is used.
• This form of the signature can easily be used across different countries and it is a time-efficient way of signing contracts.

A one-click signature is a form of Standard Electronic Signature that is one of Contractbook digital signatures.

2) Advanced Electronic Signature

• This is a more “formal/sophisticated” signature, and is defined as “an electronic signature which meets the requirements set out in Article 26”. Article 26 of eIDAS reads as follows:

“An advanced electronic signature shall meet the following requirements:

1. it is uniquely linked to the signatory;
2. it is capable of identifying the signatory;
3. it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
4. it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.“

• As seen, the regulation is “tech-neutral” and it does not state how the above requirements should be met. However, it is commonly agreed that AES is usually achieved by using Public Key Cryptography (PKI) technology
• In simple words, a PKI consists of a key pair. One public key and one private key. Private keys are kept secret, public keys are known to the public. Documents encrypted with a public key can only be opened with the corresponding private key

NemID is a form of Advanced Electronic Signature and constitutes the Danish electronic identification (eID) mechanism. Through NemID, identity validation is conducted through national identity systems. NemID is based upon PKI technology.

Norwegian BankID is also an Advanced Electronic Signature. In order to get BankID in Norway, users must legitimize themselves with a passport in order to get a customer relationship established and get an issued BankID. BankID is also based upon PKI technology.

Our SMS verification is also an Advanced Electronic Signature as it satisfies all the requirements under Article 3(11). Despite this, Norwegian and Danish companies will often opt for BankID and NemID as the identification of the user is validated through national identity systems/banks. BankID and NemID carry a bigger legitimacy because of this (especially in Norway). Our SMS verification is nonetheless an Advanced Electronic Signature.

3) Qualified Electronic Signature

• Is defined as “an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures”
• A “qualified certificate for electronic signature’ means a certificate for electronic signatures that is issued by a qualified trust service provider and meets the requirements laid down in Annex I”. Annex 1 contains 10 further requirements
• A Qualified Electronic Signature is only required in very few specific cases and is not very sought, it is however the most secure electronic signature currently 

Contractbook does not offer a Qualified Electronic Signature.

Document Sealing

What is Document Sealing?

Document sealing means the process whereby a document is downloaded as a PDF, and the document sealed. In simple words, the sealed document cannot be tampered with or changed. It is the Electronic Seal, together with a Time Stamp that assures that the document has not been tampered with.

Why using Document Sealing is beneficial?

Let us say two parties sign a contract and each of them downloads that document as a PDF. Then, one of the parties which are tech-savvy changes the content of the contract. How can it be proven that the original contract was tampered with and that one party changed it? 

When a document is sealed with the Electronic Seal and Time Stamping, and these mechanisms remain intact, the parties to the document know that nothing has been changed.

When a user is using Adobe, the following will be displayed on Contractbook contracts:

How is a Document Sealed?

After our users have drafted and signed a contract, the users get the option of downloading the document as a PDF. The moment the last signee signs a contract, Contractbook generates the sealed PDF. Everyone who downloads a fully signed contract as a PDF will download that exact same file. The timestamp will therefore be set to the last moment of signature.

Contractbook can then claim that the content of the document, including the signatures, is true. Then the seal together with the time stamp proves that the content of the document has not been changed ever since because of the secure time stamp which shows the passage of time.

Does the Document Sealing affect the Signature in any way?

No. The signature used in the document is not in any way affected by the sealing of the document. When a document is sealed, we merely ensure that the document has not been changed in any way. This means if the document is signed using SMS verification, the sealing of the document will not change its validity in any way.

The technical Part of Sealing Documents

When Contractbook seals a document, two services are needed:

1. Qualified Certificate for Electronic Seal
2. A Time-Stamping Service

Qualified Certificate for Electronic Seal

According to eIDAS recital (59) “Electronic seals should serve as evidence that an electronic document was issued by a legal person, ensuring certainty of the document’s origin and integrity.”

A Qualified Certificate for Electronic Seal is issued by a trust service provider (TSP). The TSP Contractbook uses for its Qualified Certificate for Electronic Seal is called Buypass.

A Time-Stamping Service

Contractbook uses a Qualified Time Stamp that is issued by Certum and is valid in all EU states.

Do you want to learn more about using digital document sealing in your business? Here is a link to our blog section dedicated to that.