Qualified Digital Signing and Electronic Signature UK Law

This article aims to demystify electronic signature UK law and explain how it supports all types of electronic transactions in accordance with UK eIDAS legislation.

The Law Commission concluded in its Report Electronic Execution of Documents (2019) that electronic signatures were valid for the great majority of business transactions and legal processes. However, the Report acknowledged that there were significant ambiguities that have hampered the use of eSignatures and reduced experts' and individuals' confidence in their use. These uncertainties may have deterred some parties from using electronic signatures.

Background to Electronic Signature UK Law

The 2019 Report advised convening a multidisciplinary panel of corporate, legal, and technological experts to examine the practical and technical difficulties at hand and identify alternative electronic solutions to wet signatures.

The group's mission was to generate best practice guidelines and make recommendations for future reform and development.

In 2021, the expert Industry Working Group (IWG) on Electronic Document Execution of Documents published their interim report on 1 February 2022, which: 

• Sets out their analysis of the current situation in the UK 
• Identifies simple best practice guidance based on existing technology, including support for vulnerable individuals 
• Makes recommendations for future analysis and reform

The UK common law system is adaptable, and contracts can be formed in a variety of ways. Most transactions are not required to be completed in a specific order. Every day, electronic signatures are used instead of handwritten signatures in transactions.

Past: Legal Validity Uncertainty and Hesitancy to Adopt

The Working Group believes that digital identities should be made available, as a priority, to all members of society as soon as possible. This will facilitate the adoption of electronic signing, notably Qualified Electronic Signatures (QES), and will help to modernise the overall approach to document execution.

It will also be consistent with the position in some other European countries, where these are supplied to people as part of their national identification schemes.

Under Article 25(1) of UK eIDAS, an electronic signature cannot be denied legal effect (either in terms of legal validity or admissibility as evidence) solely because of its electronic nature.

It distinguishes between the three levels of electronic signature:

1. Simple Electronic Signature (SES)
2. Advanced Electronic Signature (AES)
3. Qualified Electronic Signature (QES) 

However, there has been limited uptake of AES and QES in the UK. The Working Group believes there are several reasons for this.

1. Technical Barriers

eIDAS seeks to enhance trust and legal certainty in electronic transactions, in part by providing a common framework for secure electronic interactions. QES are offered to facilitate pan-European adoption of eSignatures, but they impose high identity assurance and security standards. The level of expertise required for these technological criteria may currently be one of the most important impediments to mainstream adoption, especially as there is usually a need for speed and efficiency in high-volume legal transactions.

The Working Group Outcome

Such perceptions are outdated. In fact, electronic execution technology reduces friction, increases convenience, and offers considerable advantages over wet signature

2. Lack of Accessible Guidance

The user has a complete lack of knowledge of legislation, terminology, and definitions which would mean reading detailed requirements which are not translated into either user-friendly or practical terms. It is also not easy to navigate QES signing technologies or platforms that are available on the market. The user has no idea of costs and whether the solution only applies to bulk signing requirements.

The Working Group Outcome

They believe that more guidance should be accessible and provided by a trusted and independent source. For example, if we look at what the European Commission provided for sectors such as business, financial services, retail, transport, and professional services, guidance and encouragement have been available for many years. 

3. Protracted Signing and Identification Process

The term ‘eSignature’ implies a quick and simple signing process. Users would like a system that is straightforward and requires minimal effort. The identification aspect of QES is considered more complex and they feel that additional steps need to be followed that would be time-consuming and invasive.

The Working Group Outcome

The UK Government has commenced work on the framework for digital identities for the purpose of reducing friction with the identification process.

4. Complicated Identification Requirements and Options; Concerns Relating to Cross-border Transactions

In addition to being time-consuming for signatories, the identification and validation procedure adds another layer of complexity for those using a QES system. Because there is no standardised pan-European identification process, the various offerings from different providers employing different means of identification necessitate additional research effort.

The Working Group Outcome

They realise that this is an obstacle for cross-border requirements and are looking for the best means to address it.

5. Evidential Concerns

While the QES identification and validation process may be regarded as time-consuming by the document sender and inconvenient from the signatory’s point of view, it may not be sufficiently definitive for those concerned about the link between the signatory and the eSignature. In view of the Working Group, the technical security requirements for a QES are stringent. However, they feel that the requirements for the identification aspect of that process currently lack consistency.

The Working Group Outcome

The Working Group are aware of this and will be addressing it in their next report. However, since technology that combines QES and handwritten signing forensics is now available, this is a concern that is expected to decrease in the medium term. As any hesitation to adopt electronic execution is understandable, it does need to be considered in context. Such limitations as there are in relation to the reliability of QES remain lesser than those associated with handwritten signatures.

6. Lack of Agreed Processes

A settled practice for eSignatures has begun to emerge. However, there is still a degree of uncertainty regarding the interaction between QES and extra requirements of witnessing. Although eIDAS states that a QES is equivalent to a handwritten signature, it does not eliminate the requirement for a witness when required by national law. As a result, if a person executes a deed via QES in the UK, an in-person witness and attestation is still necessary.

The Working Group Outcome

A strong recommendation has been made to the Law Commission that a reform should be considered at the earliest opportunity.

Present: Best Practices, Higher security, and Enhanced User Experience

Electronic Signature UK Law - User Experience by eSignature Type

Each of the following signature types can be executed electronically when an eSigning platform is used, that uniquely identifies the individual:

Key and Working Group Suggested Best Practice

✔️ Suggested most appropriate option

⭕ Valid with greater assurance and may involve additional processes & cost

* Deeds have different formalities required across different uses and also differ between individual signers. For regular signing where QES is permitted, users may prefer the convenience of cloud-enabled QES methods. Witnessing (see 6. Lack of agreed processes above) remains a practical challenge.

Other Considerations

Some signing solutions also allow you to combine technologies in a mixed signing setting while remaining compliant with eIDAS. For example, within a signing event, one party may sign biometrically in person (perhaps in the presence of a witness/sales consultant), while another party signs cryptographically via the remote signing QES procedure.

Some electronic identity and trust service platforms provide a variety of collaboration and sharing tools. These enable the operator to interact with the customer as part of a near-seamless process to: 

• Exchange and capture documentation 
• Screen share, file share, document share, and co-browse 
• Identity capture and verification (via documents, biometrics, intimate knowledge, etc.) 
• Issue certificates for one-time or future identity authentication (tokens, biometrics, and multi-factor authentication)
• Record video, culminating in transaction sealing, sharing, and archiving 

Conclusion

Legally binding digital signatures provide a full digital operational journey. Even though most people understand the basic concept of digital signatures, there are several factors to consider when using a Qualified Electronic Signature to achieve the highest level of assurance. And this goes beyond being aware of electronic signature UK law.

Cryptomathic Signer provides an end-to-end digital signature solution, incorporating Cryptomathic's certified Qualified Signature Creation Device (QSCD), which abstracts all the complexity and helps governments and businesses to provide a smooth digital signing experience to their clients.

With Signer, organizations can offer a highly versatile, non-repudiable, and legally binding signing service. Cryptomathic masters the legal and technical standards so that your signing service can provide Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES).

Further reading

• Selected articles on eIDAS (2014-today), by Gaurav Sharma, Guillaume Forget, Dawn Illing, Dawn M. Turner, and more

• Electronic Execution of Documents - Industry Working Group Interim Report(Febraury 2, 2022), by the Industry Working Group