Digital Signatures in your Company
Since Covid, more and more companies as well as authorities have recognized the need to digitize their decision-making processes and signature specifications. This somewhat lengthy article will shed some light of the path from analog to digital written communication.
In globally active companies it is simply not possible to always wait for the next personal management meeting or board meeting to print a decision and obtain a “wet ink” signature on it. This approach is nowadays actually an anachronism – though the law in certain situations still demands hard copies. The advantages of virtual business interaction is, however, becoming more clear by the day.
A simple solution for this need is the use of “electronic” signatures. It is advisable to know when digital signatures can be used and when it is not possible to do so. In a few cases the law prescribes the written form, which can only be partially replaced by a relatively costly so-called “qualified electronic signature”. And in some cases, the electronic form is even banned from use completely.
What types of electronic signatures are available? And when are they permitted?
A basic distinction is made between three types of digital signatures:
- (simple) electronic signature,
- advanced electronic signature,
- qualified electronic signature.
Each of these three signatures is linked to specific requirements that correspond to different security levels. The requirements for each signature are defined in the European eID Regulation.
What is the eID Trust Services and Electronic Identification Regulation
The eID regulation is an EU regulation that deals with the regulation of so-called “electronic means of identification and trust services”. As an EU regulation it is valid in all EU member states directly and with priority over respective national laws (in contrast to EU directives, for example). The eID Regulation deals in particular with requirements for electronic signatures. The regulation also covers various other elements, such as electronic seals and services for the delivery of electronic registered mail.
How do I recognize a simple electronic signature?
Examples include an e-mail footer or a scanned signature as an embedded image in a PDF document.
When is a simple electronic signature sufficient as a binding signature?
A simple electronic signature should be used for declarations that do not entail excessive risks for the business and therefore only require a comparatively low value of proof. These can be declarations within the framework of ongoing contractual relationships, for example, which only determine less significant aspects of this relationship (e.g. reconciliation of minutes, confirmation of deadlines in ongoing projects, etc.).
Depending on your willingness to take risks and the individual situation, contracts that are to be concluded in large quantities but only with small volumes can also be a useful field of application for the simple electronic signature. (A typical example is signing a phone contract in the store of a provider.
Under no circumstances may the simple signature be used where a handwritten signature is required by law.
What is an advanced electronic signature?
An advanced electronic signature has to meet much higher requirements than a simple one. The core characteristics to be fulfilled are that this signature can be unambiguously assigned to the signatory and that it enables the signatory to be identified. In many cases, for example, biometric recognition features such as fingerprints are used for this purpose. More elaborate PDF editors provide such advanced electronic signatures.
When is an advanced electronic signature needed in a business?
In contrast to the simple electronic signature, the advanced electronic signature should be used if the document is of great significance, and therefore requires a more reliable signature. This also increases the value as a means of proof. Most contracts will be a suitable field of application for an advanced electronic signature. Therefore, the advanced electronic signature is often the standard signature for common contracts in the normal course of business.
The advanced electronic signature is not sufficient if either the written form is required by law or the significance of the contract is so great that even the smallest uncertainties must be avoided. This includes asset deals, for example, but also important declarations in employment relationships, guarantees or in family and inheritance law.
A two-factor authentication is not legally required but is often used as an additional element for the unique identification of the signatory. Also in this setup, it has to be guaranteed that subsequent changes can be detected.
What is the difference between a qualified and an advanced electronic signature?
Finally, there is the “qualified electronic signature” according to Art. 3 No. 12, 15, 23 eID being the technically and operationally most complex form of digital signature. In order to meet the requirements of a qualified electronic signature, a signature must have at least all the characteristics of an advanced signature. In addition, it must also have been created by a qualified electronic signature creation device (aka as “secoder”) and be based on a qualified certificate for electronic signatures.
Qualified certificates, in turn, can only be issued by so-called “trusted service providers” who identify the applicant by suitable means. Furthermore, they can only be issued to natural persons, not to legal entities such as a limited liability company (GmbH, UG, etc.). This means that an individual digital signature must be created for each person authorized to sign (e.g. each director or authorized signatory or board member).
A list of German trusted service providers can be found on the homepage of the Bundesnetzagentur.
When do I have to apply the “electronic form”?
Whenever the law, the parties to a contract, standard terms and conditions require “written form”, a handwritten signature would be expected in analog life. In digital life, it is replaced by the “qualified electronic signature”. Only the qualified electronic signature fulfills the requirements for so-called “electronic form” under § 126a BGB.
The electronic form is in turn the only alternative to written form permitted by law, unless statutory provisions state otherwise. Examples in which only the qualified digital signature meets the high requirements of the law are
- registering a foundation,
- the time limit of a rental agreement,
- the termination of a building or architects' contract,
- guarantees or promises of debt,
What is the difference between electronic signature and digital signature?
Electronic and digital signatures are essentially completely different generic terms. The electronic signature is a legal term and simply describes the signature of a person (secured to different degrees) by electronic means.
The digital signature as a technical term covering a large number of special procedures that are intended to prevent subsequent manipulation of a document, for example. The terms can also overlap, but do not have to. A simple electronic signature will hardly ever include a digital signature. In the case of an advanced electronic signature, however, the use of a digital signature is quite likely.
Is an electronic signature just as legally valid as a handwritten one?
The electronic signature is almost always as legally valid as a handwritten signature. However, if necessary, the correct type of electronic signature must be chosen. If a declaration requires the written form, only the qualified electronic signature can meet this requirement.
If notarization is ordered (e.g. in the case of real estate or corporate transactions), no electronic signature will be sufficient by itself. The actual handwritten form ("ink on paper" or "wet ink") is, however, only necessary in very rare exceptions and in the case of highly personal declarations, such as a will drawn up by hand (holistic form).
Can contracts also be signed on a smartphone or tablet?
Any declaration that can be made using a PC is also possible via mobile devices. Both the simple and the advanced electronic signature can be technically used on the smartphone or tablet without further ado. This is done, for example, by integrating a field for signing with a finger or a digital pen.
Even qualified electronic signatures, which are necessary to meet legal written form requirements, can be used on mobile devices. In most cases, a device with a webcam may be required for this purpose (which is standard today anyway).
Is it possible to digitally sign contracts that contain a clause on written form?
If it is agreed in contracts that the written form must be observed, this has a different effect than when the law makes it mandatory. Legal written form requirements can only be met by a qualified electronic signature. Therefore, contracts with insufficiently signed digital signatures are invalid.
With contractual written form clauses, however, it must be noted that this "contractual written form" can also be fulfilled by electronic signature. However, the parties to a contract can also regulate this individually with one another in their respective interests.
How do you get an electronic signature?
There are various providers who make a digital signature available. The best known are probably DocuSign, and Adobe. European providers such as Certeurope are also active on the market for electronic signatures. The more complex certificates required for a qualified digital signature can only be provided by the trusted service providers named for this purpose.
How do you find the right provider of electronic signatures for your company?
Questions that can help you find the right provider of electronic signatures for your company should include:
- What type(s) of electronic signature does your business need (simple, advanced or qualified)? i.e. for which contractual situations should the tool be used and what are the legal formal requirements for this, or what is the evidential value of the digitized signature?
- Do you need a provider that also creates a qualified electronic signature?
- Is it important for you to offer different types of signatures simultaneously?
- How easily can the tool be technically integrated into your company's IT environment and what licensing requirements does the provider have to meet?
- Does the provider provide detailed and traceable logs of the signature process as proof of the digital signature?
- Can the provider provide convincing answers and sample agreements on data protection, IT security and the protection of secrets on request?
Conclusion
Electronic signatures have become an integral part of everyday business life and can make business processes enormously efficient. Especially for completely form-free agreements, electronic signatures are a very attractive alternative to paper-based signatures. In many cases, the identity of the signatory can be traced even better with an electronic signature than with an illegible abbreviation in ink on the contract paper.
In the case of agreements that are subject to a formal requirement, however, meticulous attention must be paid to the correct type of signature or electronic signature.
For all other forms of digital signatures as well, care must be taken to ensure that the legal framework for the electronic signature used in each case is observed.