Digital signatures in your company
Ever more companies are recognizing the need to digitize their decision-making processes and signature specifications. Not only in times of restricted freedom of movement and higher numbers of staff working from their home offices.
Globalized companies simply cannot afford to wait every time for the next personal management meeting or board meeting to make decisions by signature.
In HR, the advantages of virtual “onboarding” of employees are also becoming clear. Increasingly, HR departments are contacting our firm to examine the options of remotely concluding agreements with employees in compliance with the law.
There is a simple solution to this need: the use of electronic signatures.
Companies should be aware of the legal framework, however, under which digital signatures may be used and realize in which cases this will not be possible.
This is because In some cases, the law stipulates the written form, which may only be replaced in part by what is referred to as qualified electronic signatures. In some cases, the electronic form is even entirely excluded.
What types of electronic signature are there? And when are they permissible?
Generally, basic distinction is made between three types of digital signature:
- (simple) electronic signature
- advanced electronic signature
- qualified electronic signature.
Each of these three signatures is linked to specific requirements that correspond to different security levels. The requirements placed on each signature arise from the European eIDAS Regulation.
What is the eIDAS Regulation on electronic identification and trust services?
The eIDAS Regulation is an EU Regulation that governs “electronic means” of identification and trust services. As an EU Regulation, it is applicable in all EU Member States directly and has precedence over the respective national laws (in contrast to EU Directives, for example). In terms of content, the eIDAS Regulation governs in particular the requirements for electronic signatures, while also reinforcing them under certain conditions, for instance by establishing their probative value in court. In addition to electronic signatures, the Regulation also includes various other elements, such as electronic seals and services for the delivery of electronic registered mail.
When are simple electronic signatures sufficient as binding signatures?
According to the legal definition, (simple) electronic signatures are data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign (Article 3(10) eIDAS Regulation). This may even be the case for an email signature or a scanned signature as an embedded image in a PDF document. This means should be used for declarations that do not entail excessive risks for the company and therefore only require comparatively low evidentiary value. These may include declarations within the scope of ongoing contractual relationships, for instance, that only govern less significant aspects of this relationship (e.g., reconciliation of minutes, confirmation of deadlines in ongoing projects, etc.).
Depending on the willingness to take risks and the individual situation, contracts that are to be concluded in large quantities but only at small volumes in each case may also be a useful field of application for simple electronic signatures. Under no circumstances may simple signatures be used where the written form as a handwritten signature is required by law.
Where are advanced electronic signatures needed in the company?
The requirements for advanced electronic signatures are already significantly higher. The core characteristics to be met by this signature are for it to be uniquely linked to the signatory and being capable of identifying the signatory (Articles 3(11), 26 eIDAS Regulation). In many cases, for instance, biometric recognition features such as fingerprints are used for this purpose.
Two-factor authentication is not mandatory for legal reasons, but it is frequently used as an additional element to uniquely identify the signer. It must also be ensured that it is possible to detect subsequent changes.
In contrast to simple electronic signatures, advanced electronic signatures should be used where a document’s high significance also requires a more reliable signature. This also increases the evidentiary value so that most contracts will be a suitable field of application. Therefore, advanced electronic signatures are frequently the standard signatures for common contracts in the normal course of business.
Advanced electronic signatures are not sufficient only where either the written form is stipulated by law or the significance of the contract is so high that even the smallest uncertainties need to be avoided. This includes asset deals, for instance, but also important declarations in employment relationships, guarantees, or family law and inheritance law.
What is the difference between qualified and advanced electronic signatures?
The qualified electronic signature is governed by Articles 3(12), (15), (23) eIDAS Regulation. In order to meet the requirements for a qualified electronic signature, a signature must meet all the characteristics of an advanced signature. In addition, it must be created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures.
Qualified certificates, in turn, can only be issued by “trusted service providers“ who identify the applicant by suitable means. In addition, they may only be issued to natural persons, not to legal entities such as limited liability companies or stock corporations. This means that an individual digital signature must be created for each person who is authorized to sign (e.g., each general manager, authorized signatory, or board member).
A list of German trusted service providers is available on the homepage of the Federal Network Agency.
Where the law (not only the parties to a contract or a provision on written form in General Terms and Conditions) stipulates the written form, thus the handwritten signature, it may, if at all, be replaced by the qualified electronic signature because only the qualified electronic signature meets the requirements of the electronic form in accordance with Section 126a Civil Code.
The electronic form is legally permissible as the only alternative to the written form, unless the statutory provisions stipulate otherwise. Examples in which only the qualified digital signature meets the high requirements of the law include foundations among the living, the time limitation of a lease, the termination and cancelation of an employment contract, the termination of a building or architect’s contract, guarantees and acknowledgements of debt, certain agreements with commercial agents, and public law contracts between private citizens and the administration (this does not refer to normal procurement procedures of authorities).
What is the difference between electronic signatures and digital signatures?
Electronic and digital signatures are essentially entirely different generic terms. The electronic signature is a legal term and, simply put, describes the signature of a person (secured to different degrees) by electronic means.
The digital signature as a technical term, on the other hand, encompasses a multitude of special procedures intended to prevent subsequent manipulation of a document, for instance. While the terms may overlap, they do not have to. Simple electronic signatures will hardly ever include digital signatures.
In cases of advanced electronic signatures, however, the use of digital signatures is likely.
How do you obtain an electronic signature?
There are various providers that offer digital signatures. Probably the best known are DocuSign and Adobe. European providers such as Certeurope are also operating on the market for electronic signatures. The more complex certificates, which are necessary for qualified digital signatures, may only be provided by the aforementioned trusted service providers.
Are electronic signatures just as legally effective as handwritten ones?
Electronic signatures are almost always as legally effective as the handwritten signature. The correct type of electronic signature may, however, have to be selected. Where declarations require the written form, only qualified electronic signatures are able to meet this requirement.
Where even notarization is stipulated (such as in the case of real estate transactions), no electronic signature will be sufficient in itself. Notaries also have specialized instruments, however, by which some of their activities may be carried out electronically. The actual handwritten form (“ink on paper” or “wet ink”) is, however, only necessary in very rare exceptions and in cases of highly personal declarations, such as wills drawn up by hand.
What is the international legal situation (e.g., in the USA) regarding digital signatures?
Internationally, the respective applicable national legal framework must be observed. Due to the eIDAS regulation, a uniform legal framework with identical signature rules applies to all Member States in the EU.
In the U.S., for instance, digital signatures with electronic signatures are treated equally to handwritten signatures. This is laid down in the Electronic Signatures in Global and National Commerce Act (ESIGN) and in the Uniform Electronic Transactions Act (UETA).
May digital signatures also be used when dealing with authorities?
The federal and state governments have made comprehensive provisions for electronic access to public authorities through their respective e-government laws. In particular, they have obligated their authorities to provide access for the transmission of electronic documents and to set up electronic payment options.
It must always be assessed on a case-by-case basis and in some instances will depend on the respective authority whether the specific administrative procedure may be carried out electronically.
May contracts also be signed on smartphones or tablets?
Any declarations that may be made by using a PC may also be made on mobile devices. Both simple and advanced electronic signatures may also be used on smartphones or tablets. This may be effected by integrating a field for signing by finger or digital pen.
Even qualified electronic signatures, which are necessary to meet legal written form requirements, may be used on mobile devices. In most cases, devices with a webcam (which is included as a standard nowadays) may be required for this purpose.
Is it possible to digitally sign contracts that contain a clause on written form?
Where it is agreed in contracts that the written form must be observed, the effect is different than where the law makes this mandatory. Statutory written form requirements may only be met by qualified electronic signatures. Contracts with insufficiently signed digital signatures will therefore be invalid.
As regards contractual written form clauses, however, it must be noted that the “contractual written form” may also be met by electronic signatures. The parties to a contract may agree this individually with one another, however, in their respective interests.
In business transactions (such as between suppliers and customers or in subcontracting relationships), it is frequently agreed which level of evidentiary value and thus which electronic signature form is recognized by both parties for certain contracts (referred to as evidence agreements). In employment relationships, this may be governed in employment contracts or in appropriate works agreements.
When are digital signatures invalid?
Where the written form is required by law, digital signatures other than qualified electronic signatures may not be used to enter into an effective agreement. Contracts without an individual qualified certificate from the person authorized to sign in the company are therefore invalid, and no party may invoke it.
The same applies to declarations such as notices of termination or time limits of employment contracts and leases, where the law stipulates the written form - i.e., the qualified electronic signature. If the law requires the involvement of a notary (such as in the case of real estate ownership or the establishment of a limited liability company), documents that have “only” been digitally signed are entirely void, irrespective of the type of electronic signature, and are treated as if they had never existed.
On the other hand, in cases where the parties are free to choose the form or have only made contractual agreements in writing (even in accepted General Terms and Conditions), it is possible to conclude contracts effectively in many ways from a legal point of view.
When two declarations of intent are given that correspond in content, an agreement may also be legally binding verbally or by phone. For digital signatures to be effective in everyday business life, however, the legally effective agreement process that has actually taken place must be proven with sufficient persuasive power.
Anyone who wants to invoke an effective agreement and derive claims or rights therefrom must be able to convince a judge that all parties deliberately wanted to reach a binding agreement. It is the judge alone, objectively and as a non-party, who will consider the proven circumstances of the contract conclusion. The stronger electronic signatures are secured or the signing processes are documented, the more likely it is that this will succeed in practice.
May secret and confidential or personal documents be digitally signed?
Using the products of electronic signature providers, it will frequently be technically unavoidable for the documents to be signed to be forwarded via the provider’s systems for exchange between the signature partners or for the provider to at least have technically necessary access to the documents. In those cases, as in the analog signature process, the special requirements for technical and organizational compliance with confidentiality, particularly in cases of business secrets, and for compliance with data protection need to be observed. Where necessary, appropriate data processing agreements and confidentiality obligations will need to be entered into with the provider.
May employment contracts be concluded by digital signature?
In principle, employment agreements and amendment agreements may be concluded without adherence to a specific form, including the parties’ freedom to decide how they want to sign (electronically). This makes it conceivable, for example, to conclude employment contracts using advanced electronic signatures.
In employment law overall, however, there are a large number of declarations and agreements for which the legislator has provided for written form. More details are available here.
How do you find the right provider of electronic signatures for your company?
Here are some questions to assist you in finding the right provider for electronic signatures in your company:
- What type(s) of electronic signature will your company require (simple, advanced or qualified), i.e., for which contractual situations should the tool be used and what are the legal formal requirements or how high will the evidentiary value of digital signatures need to be?
- Do you need a provider that also creates the qualified electronic signature?
- Is it important for you to offer different types of signatures simultaneously?
- How easily can the tool be technically integrated into your company’s IT environment and what licensing requirements does the provider offer?
- Does the provider provide detailed and traceable logs of the signature process as proof of digital signatures?
- is the provider able to offer convincing answers and model agreements on data protection, IT security, and protection of secrets on request?
Electronic signatures have become an indispensable part of everyday business life and may make business processes enormously efficient. Especially for completely form-free agreements, electronic signatures are an attractive alternative to paper-based signatures. In many cases, the identity of the signatory can be traced even better with an electronic signature than with an illegible abbreviation in ink on the contract document.
In cases of agreements that are subject to formal requirements, however, meticulous attention must be paid to the correct type of signature or electronic signature.
With all other digital signature forms, attention must also be paid to compliance with the legal framework for the electronic signature used in each case.
Take advantage of our expertise in digitalizing your business decisions.
We support you with legal expertise, technical know-how, and pragmatic solutions:
- Use our checklists for all legal issues that need to be checked as part of digitalizing your business decisions.
- You will receive specific recommendations for suitable e-signatures based on a comprehensive product comparison of the major tools and providers on the market
- Advice on integration into your internal processes
- Drafting of signature agreements with business partners, suppliers, and customers
- Legal support of your requests for quotation at providers to design your processes
- Performing practice-oriented online and classroom training on digital signature forms, individually tailored to the relevant contact persons in your company
- Offering training materials and service cards for use within your company
Data protection and data security
- Specific assessment of the tools available on the market and their providers relating to generally applicable requirements on data protection and data security. We take into account all current interpretations of courts and data protection supervisory authorities as well as relevant references from legal literature.
- Assessment of data protection and encryption settings according to GDPR conformity
- Full audit of data processing agreements of the major suppliers of e-signatures, including comprehensive audit reports
- Drafting specific data protection information/data protection declarations for users in German and English
- Customized company agreements, guidelines, and work instructions
- Support with integrating the tools into your company’s licensing and IT landscape
- Legal protection of business secrets and know-how in relation to tool providers, where they require access to the documents to be signed
- Answers to your additional questions relating to IT law and to overcome licensing stumbling blocks in integrating tools into your company’s daily business
We offer the individual modules either at fixed prices agreed in advance or individually according to the amount of work involved.
We undertake to offer cost transparency in every case.
We would be pleased to support you efficiently in all issues to concerning digital signatures in your company. Please do not hesitate to contact us.
Signature. A brochure by the Federal Office for Information Security.
The Federal Network Agency offers a list of providers of electronic trust services (Trusted List Browser)
Link to the Trusted List Browser of the European Commission with all German providers.
Last updated: May 27, 2020
Does the ECJ prohibit all US service providers? - Online webinar with our SKW Schwarz data protection experts
What are the next steps after Schrems II? – An initial assessment of the DSK press release - The Conference of Independent German Federal and State Data Protection…
BfDI publishes its position on anonymization under the GDPR - At the end of June 2020, the Federal Commissioner for Data Protection and…