About The Layer’s Electronic Signature Process
At the core of The Layer’s electronic signature process is its ability to identify the signer through multiple levels of authentication.
This includes email address, IP address and a unique access code - a pair of keys which is provided with the quotation document which is required to access the document. These keys are also stored alongside the audit trail for the quotation upon successful request.
E-Signature Law in Europe
The adoption of the Regulation (EU) No 910/2014 establishes a community framework for the use of electronic signatures on electronic contracts in the EU. Thirty European countries (EU-27, Croatia, Turkey and Liechtenstein) have already implemented the Directive. Electronic signatures are actively in use in Europe, and worldwide, and The Layer’s signature capture process helps you receive signatures for your quotations directly via The Layer.
Electronic Signature Definitions
Laying the groundwork for the legality of electronic signatures, the Directive provides three important definitions:
The “electronic signature” is simply data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication.
The “advanced electronic signature” defines a process that does not describe a particular technology, but rather a process that creates an enforceable electronic signature if the signature:
is uniquely linked to the signatory;
is capable of identifying the signatory;
is created using means that the signatory can maintain under their sole control;
is linked to the data to which it relates in such a manner that any subsequent change in the data is detectable.
The “qualified certificate” defines a process which must in particular include specific technology:
an indication that it is issued as a qualified certificate;
the identification of the certification service provider;
the name of the signatory;
provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
signature-verification data corresponding to signature-creation under the control of the signatory;
an indication of the beginning and end of the period of validity of the certificate;
the identity code of the certificate;
the advanced electronic signature of the issuing certification service provider.
Paper & Pen vs. Electronic Signatures
Using these definitions, the Directive goes on to establish the criteria that form the basis for legal recognition of electronic signatures to carry the same weight and legal effect as a traditional paper document with a pen and ink signature. It ensures that no matter what form of electronic signature is used, the electronic signature will be valid—as long as a recognised process is followed.
An electronic signature may not legally be refused simply because:
it is in electronic form;
it is not based on a qualified certificate;
it is not based upon a qualified certificate issued by an accredited certification service provider;
it is not created by a secure signature-creation device.
Making Sense of the Definitions
An advanced signature is generally taken to be a specific type of electronic signature that meets an additional set of criteria for signer identification. The main purpose of an advanced electronic signature is authentication, i.e. to give added assurance that the individual signing the message really is the person that he or she claims to be. Ostensibly, any electronic signature mechanism that captures the signer’s intent to adopt the signature and his affixing that signature to a record would meet this requirement if the record is at some point provisioned with a tamper-evident seal.
A qualified certificate is not an electronic signature per se; it is a technical mechanism for establishing the source of an electronic message. When affixed or associated with an advanced electronic signature, the combination of the two is given an elevated status and becomes the “functional equivalent” of a handwritten signature. This has caused much confusion, because in many jurisdictions (common law countries in particular), there is no legal distinction between different “tiers” of signatures.
Court cases illustrate that courts will accept the use of electronic communication, including electronic signatures, as evidence, so they can constitute the basis of binding contracts.
Please note that even a simple electronic signature is recognized under the Directive as valid and enforceable. This aspect of the law, which closely resembles the United States federal E-SIGN law, is the governing principle behind the vast majority of electronic contracts currently executed in Europe. The Directive simply enables parties to an agreement to enhance the transaction with additional measures of security if desired.
The Layer’s Support of the Advanced Electronic Signature
The Layer has elected to support the Advanced Signature model, primarily because it affords a reasonable range of identification and authentication of the parties without requiring the added expense and inconvenience of obtaining a qualified certificate. The Layer Supports Advanced Electronic Signatures by:
Uniquely identifying the signer
The Layer provides the secure and auditable process for the signer to adopt their own electronic signature. Through email authentication, IP address and additional authentication methods the The Layer can uniquely link the signer to the electronic signature.
Identifying the signer
The Layer provides multiple levels of authentication that can identify the signer. This includes email address, IP address and an access code - a pair of keys which is provided with the quotation document which is required to access the document, required to access the document prior to signature. The Layer stores this in the audit trail of the transaction. This is also known as “out of band” authentication.
Assuring the Electronic Signature is under the signer’s sole control
The Layer Service allows the signer to create their electronic signature in a secure and auditable manner. After the signing process is completed, the signer can observe their signature when the signed document is e-mailed to them directly after the transaction completes.
Locking the signed document so that subsequent changes in the data is detectable
After the documents have been electronically signed, the The Layer Service holds the documents in a tamper-proof state (using hashing and encryption) for the parties to retrieve at a later time. Each access to the documents is written to the audit trail. When any party to the transaction downloads the documents, the The Layer Service will apply a Global Digital Certificate, which creates a tamper-evident seal around the documents.
Electronic Signature Best Practices
In the event of a dispute regarding an electronically executed contract, merely complying with the EU Directive is not enough much like their paper counterparts, electronically signed documents can become the subject of a dispute. The signature process must provide enough proof to uphold the transaction. For this reason, compliance with the EU Directive is an important step in selecting an electronic signature platform.
The Layer’s comprehensive approach includes:
A signature area is required so signers can see their signature on the document
Audit trail time/date stamps on signature, encrypted with the quotation keys generated by The Layer
Secure encryption so the document can be read and signed by only designated users
Unique signatures created by each user, accessible only to that user, and stored securely online
Selectable user authentication methods to be commensurate with the transaction’s security requirements.
Intent to Sign
A key convention in the paper world, precise signature placement is important in establishing the signer’s intent. Similar considerations should be made when adopting an electronic signature platform.