Electronic Signatures In The UK

The eIDAS Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions came into effect on 1 July 2016. As a European Regulation, it has a direct effect in UK law and automatically applies in the UK. The eIDAS regulation was created to simplify and standardize digital IDs and signatures across European Member States.

The eIDAS Regulation defines three types of electronic signature:

• Simple electronic signature (SES)
• Advanced electronic or digital signature (AES)
• Qualified advanced electronic or digital signature (QES)

An Electronic Signature (or Simple Electronic Signature) is defined by eIDAS as:

“data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”.

As you might expect, this means an electronic signature is any method an individual uses to ‘sign’ an electronic document. This covers a wide range of measures, from the simple act of affixing text or a digital image, to more sophisticated hi-tech methods which meet specific criteria set out in the regulation for advanced or qualified electronic signatures. Electronic signatures are admissible as evidence in court. You can, in a couple of clicks, without any concrete process of identity verification or consent, have a document signed that is legally binding. However, there is no way of guaranteeing that the document has not been modified since signing or of establishing the true identity of the person who signed. So, while electronic signatures may be legally binding, proving that the person signed the document is a whole other issue.

SigniFlow uses Digital Signatures (or Advanced Electronic Signatures), and they must meet the extra requirements set out in article 26 of the eIDAS Regulation. They are more reliably linked to the person signing the document and can detect any changes made afterwards. SigniFlow use digital certificates and PKI (or Public Key Infrastructure) for authentication and encryption/hashing for security and its audit trail.

Based on this definition, Digital Signatures must:

  •  Be uniquely linked to the signatory;
  •  Be capable of identifying the signatory;
  • Be created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
  • Be linked to the data signed in such a way that any subsequent change in the data is detectable.

All electronic signatures provided by SigniFlow comply to International digital X.509 cryptographic signature standards for Advanced Electronic Signatures (AES).

Qualified Electronic Signatures are only offered by a qualified trust service provide and have the same features as advanced electronic signatures, but are created using more sophisticated technology, meet a higher standard of security, meet stricter validation criteria, and are supported by a more detailed certificate. They have the same legal effect as a handwritten signature.

SigniFlow was developed with compliance at its core and is independently certified against European Commission-recommended technology standards for all types of electronic signatures defined under eIDAS. We utilize state-of-the-art digital cryptographic signature technology that allows you and your customers to sign documents remotely and securely, with the sound knowledge that you are signing with legally binding, enforceable signatures.

Without digital signatures, your document-based transactions may not be legally binding, putting you and your business at risk in the event of a compliance or legal case. Get in contact with us to discuss how we can assist you in to achieve a state of legally enforceable documents.