Glynn Cooper and Aaron Ong
As part of efforts to flatten the COVID-19 curve, governments across the globe have decided to restrict the movement of their citizens. For companies, this means that the majority of employees are working from home. Thankfully, the internet and technology have allowed many businesses to continue their operations, in some cases with little to no disruption. In this context, contracts continue to be made and deals continue to be signed and completed, in most cases remotely.
In this article, we outline the principles that are typically seen in electronic signatures legislation and things to consider when deciding whether you can, or should, use an electronic signature. The position differs from jurisdiction to jurisdiction and specific advice would need to be taken, but there are a number of common themes.
Is an electronic signature the same as a digital signature?
The short answer is no, or at least not in all cases.
Typically, digital signatures are a subset of electronic signatures, with the latter involving some form of system to authenticate the signature, such that the recipient can be assured as to the genuine nature of the signature. Not all electronic signatures involve authentication.
Digital signatures will typically employ an encryption technology, such as an asymmetric cryptosystem, meaning that the signature can only be encrypted and decrypted with a specific set of keys. Hence the recipient can check that the signature originated from a particular person.
However, in certain contexts and in certain jurisdictions, the terms are used interchangeably. Indeed, in some legislation the term digital signature is used to refer to an electronic signature, regardless of whether any authentication system is involved.
Which should I use?
It is important to check exactly what method is required or proposed in a given set of circumstances. For example, in some cases there are legislative requirements mandating the use of a digital signature involving authentication. This is often the case where additional formalities are involved, such as the affixing of a seal or notarisation of the document.
As mentioned above, using digital signatures generally means having access to some form of encryption and authentication system, and this generally involves third party systems and software. Many businesses have acquired software or access to software in direct response to the COVID-19 crisis. Although they have the benefit of increased security and reliability, such systems involve additional cost and complexity and some businesses may feel that these will outweigh the benefits of being able to use digital signatures; particularly where the occasions on which a digital signature is mandatory may be infrequent in practice.
In considering whether the additional security and reliability is desirable, companies should take into account a number of factors, including the following:
- The likelihood of there being any risk as to the authenticity of signatures.
- The likelihood of there being any subsequent challenge as to the authenticity of signatures.
- What is the nature of the document, and what is the monetary or other (e.g. strategic/reputational) value of the transaction that it represents?
In many cases, the authenticity risk and the risk of challenge will be a function of the relationship with the parties. Counterparties with a long term commercial relationship and course of dealings may feel that these risks are minimal and therefore all that they need is for the signature to be valid (and, as noted above, an electronic signature will be sufficient in legal terms in many cases).
In assessing these risks, companies should ask their legal counsel whether the jurisdiction in question provides for a presumption as to the validity of a particular type of signature. In some cases the presumption exists for digital signatures, but not electronic signatures.
What will be recognised as a valid electronic signature?
Helpfully, the scope of electronic signatures is typically defined broadly by applicable legislation. It would not be uncommon for an electronic signature to be defined to include any letter, character, number, sound or symbol in an electronic form, provided it has been adopted by a person as their signature.
Also helpfully, several jurisdictions with legislation dealing specifically with electronic signatures recognise the validity of electronic signatures; for example by providing that a document shall not be denied legal effect, validity or enforceability simply because it is wholly or partly in an electronic form.
That is not to say there are no minimum requirements to be met. Indeed, in most cases the legislation will prescribe requirements that need to be satisfied in order for a particular type or method of signing to be recognised as a valid electronic signature. The exact requirements differ from jurisdiction to jurisdiction but two common themes would be:
- Identification requirement: The electronic signature should enable the identification of the signer and indicate his/her approval or intention with regard to the document or information that the signature accompanies.
- Reliability requirement: The electronic signature should be appropriately ‘reliable’ given the purpose and the circumstances. In some cases reliability will be linked to the degree of control that the signor has over the signature (i.e. so as to reduce the risk of others being apply to apply the signature) as well as an ability to detect any alterations made to the document or the signature after the purported signing.
In some jurisdictions, the recipient must have consented to the use of electronic signatures.
Can all documents be electronically signed?
Firstly there is a question of appropriateness. This is a question for the user having regard to some of the issues referred to above, such as risk of authenticity.
Secondly there is a question of what the law permits. Generally, the relevant electronic contracting legislation will have a list of documents that are excluded from being able to be validly signed by electronic means. Although jurisdiction-specific, these lists will typically include documents that have particular sensitivity or enhanced risk associated with their execution, such as wills, trusts and powers of attorney.
There may also be regulatory requirements, applicable to specific companies or transactions, imposed via licence terms or guidelines. Consider, for example, compliance with KYC requirements in the financial services industry.
Companies should also bear in mind any ancillary legal or regulatory requirements, such as the requirements of bodies such as companies registries and land registries, with whom documents may need to be filed. A document that has been validly executed may, nonetheless, fail to be accepted by a registry. A number of them continue to apply ‘wet ink’ requirements.
In a nutshell, electronic signing is often a useful, practical and (importantly) valid alternative to wet ink signatures and the flexibility they allow is particularly important during the present crisis.
However, as with many technological advances, some legislation has not kept up to date with the latest methods and in some cases uncertainty remains as to the enforceability of electronic contracts. It is important to undertake a case-by-case assessment.
Herbert Smith Freehills LLP is licensed to operate as a Qualified Foreign Law Firm in Malaysia. Where advice on Malaysian law is required, we will refer the matter to and work with licensed Malaysian law practices where necessary.