A Quick Introduction to eSignatures

Electronic signatures or eSignatures is a type of encrypted digital marker that captures the intent and consent of the signer on electronic forms, agreements, and documents. Being electronic, these signatures are highly adaptive and cost-effective, helping speed up transactions and timelines.

eSignatures or Digital Signatures? — Fixing the term

eSignatures refers to any digital marker used to capture and verify the signee. It is not necessary that it abides by any regulation or uses any security feature. Therefore, an eSignature can range from a simple checkbox on an online form to a complex encryption-backed format.

On the other hand, a digital signature refers to a specific digital marker that uses Public Key Infrastructure (PKI) encryption to authenticate and secure approvals, and also prevent tampering. Digital signatures are also compliant with various global regulations such as ESIGN, eIDAS, etc.

PLEASE NOTE: For the purposes of this article, the term eSignatures shall refer to ONLY digital signatures.


While it has been gaining prominence only recently, eSignatures has been around for much longer than you think.

How Do eSignatures work?

The underlying technology powering eSignatures is the Public Key Infrastructure (PKI), which uses a combination of private and public keys to encrypt and decrypt messages with prominent cryptography algorithms.

PKIs imbibes the eSignature with the following characteristics:

- Establish Identity: It creates a unique hash sequence to create a digital identity for the signee.
- Non-fungible: The eSignature cannot be replicated or replaced, making it impossible to forge.
- Non-repudiation: It proves that nobody other than the target signee could have given their approval.
- Immutable: The eSignature ensures that the signee’s approval cannot be tampered with during and after the signing process.

In addition to the above, PKIs also make use of a trusted third-party known as a Certificate Authority (CA) to endorse the signees and their keys. This practice gives an additional layer of trust and security to the process, as the CA has the power to issue, verify, and revoke certificates.

Here’s how it works:

Let’s say Alice and Bob are signing a sales contract.

- First, Alice selects the contract she needs to add her signature to
- Next, using the encryption algorithm, she processes the contract to compute its hash value
- The contract’s hash value is then encrypted using Alice’s private keys to create the eSignature
- The original contract file and Alice’s eSignature is then sent to Bob
- Bob decrypts Alice’s eSignature using her public key to extract the signed contract’s hash value
- He then compares the signed contract file’s hash value with that of the original contract file’s hash value
- If the hash values match, then Alice had signed the contract without any errors
- In case Bob is unable to decrypt Alice’s eSignature, then it was not signed by her

OR

- If Bob finds that the hash values of the two contracts do not match, then Alice might have tampered with the contract content

What does an eSignature accomplish?

- It defines WHAT contract has been signed
- It mentions WHO all have signed the contract
- It captures the INTENT and CONSENT of the signees
- It protects sensitive information using PUBLIC KEY INFRASTRUCTURE encryption
- It is TAMPER-PROOF and offers an AUDIT TRAIL for better transparency
- It is COMPLIANT with regulations and recognized by a CERTIFYING AUTHORITY

How eSignatures can benefit businesses

Speed: Parties can instantly consent and approve contracts in a few clicks

Transparent: Workflows are easier to track using audit trails

Convenient: Makes it possible to collect approvals from multiple parties simultaneously or sequentially

Cost-effective: Reduction in paper and printing expenses, as well as, savings in terms of time and effort

Secure: Eliminates tampering using encryption and trusted certifying authorities

When and when not to use eSignatures

eSignatures assist in making workflows paperless and can be utilized to legitimize a variety of legal documents, such as:

- Non-Disclosure agreements
- Partnership agreements
- Indemnity contracts
- Purchase orders
- Employment contracts
- Lease agreements
- Franchise agreement
- Freight and shipping documents

However, eSignatures cannot be used for the following contract types:

- Wills and codicils
- Divorce, adoption, and other family law-related contracts
- Court orders, pleadings, motions, and other court-related documents
- Notices related to termination of utility services
- Notices related to foreclosure, repossession, eviction, etc.
- Notices related to termination of insurance benefits
- Notices related to product recalls impacting health and safety
- Documents related to transportation of hazardous cargo

eSignatures and Legislation

eSignatures are considered at par with traditional wet signatures as long as they comply with jurisdiction-based regulations.

In the USA, the Uniform Electronic Transactions Act (UETA) 1999 and the Electronic Signatures in Global and National Commerce Act (ESIGN) 2000, recognize eSignatures only if they meet three conditions:

- Confirm signer identity: If necessary, the identity of the signers can be authenticated using digital markers such as IP address, email trail, timestamp, etc.
- Capture signer intent: The transaction details are well communicated and agreed upon by the signers before proceeding to sign the contract.
- Proof of signing: The signers should maintain verifiable proof of the signing process, including, a) How was the contract signed? b) How did the signers complete the activity? and c) Any other admissible documentation that supports the electronic transaction.

The EU uses the electronic IDentification, Authentication and trust Services (eIDAS) 2014 regulation to oversee and validate electronic transactions. Meanwhile, the UK uses an amended version of the same EU eIDAS regulation through the Electronic Identification and Trust Services 2016 and Section 7 of Electronic Communications Act (ECA) 2000, offering a formal framework to validate eSignatures in the country. The eIDAS classifies eSignatures into three categories:

  1. Electronic Signatures (ES): This relates to consenting to commonplace contracts such as website Terms and Conditions, Privacy Policies, etc.
  2. Advanced Electronic Signatures (AES): This relates to contracts requiring tamper-proof signing along with unique identification markers to authenticate signers. It uses cryptographic algorithms such as XAdES, CAdES, PAdES and ASiC standards to encrypt esignatures.
  3. Qualified Electronic Signatures (QES): This one is similar to Advanced Electronic Signatures, but invites a qualified certifying authority to notarize the contract.

Moving on, unique regulations exist for jurisdictions from the Rest of the World, but they share common principles such as:

- Identify Signer: There should be provisions to verify the identity of the signers using audit trails.

- Capture Intent: Signers should consent to the transaction and also have the provision to decline approval to the contract.

- Evidence Retention: It should be possible to authenticate the signed contract by referring to audit trails and accessing copies on a centralized storage.

SpotDraft eSignatures

SpotDraft eSignatures are built keeping in mind the compliance requirements of different regulatory frameworks, enabling you to conduct business without any restriction.

  1. Authentication: Authenticating the identity of signers is simple with SpotDraft. Everytime a eSignature request is made, the email id of the recipient is registered and a unique URL to the contract is generated. These details are then recorded on the audit trail along with the IP address and timestamp.
  2. Intention: To display intent and consent between parties, SpotDraft makes them agree to customized terms before proceeding to sign the contract. We also offer a provision to opt-out of the process.
  3. Audit Trail: To ensure transparency, SpotDraft adds an extra page at the end of the contract detailing each and every step in the signing process. In addition to this, copies of the contract are automatically delivered to all parties. To prevent tampering, SpotDraft provides end-to-end encryption using one of the approved cryptographic algorithms.