eSign (Sign Online):

Some Questions Answered

How does eSign Work?

Sign&Send’s eSign allows you to invite your prospective signatories to sign documents online. You simply set up a covering Sign&Send letter, supply the signatory’s email address, and enclose the documents you would like to have signed.

The signatory receives an email attaching your covering letter and advising that a link to a document for online signing will follow very shortly.

When your prospective signatory clicks their agreement, a signature widget appears which allows the signatory to sign the document electronically. The document has now been electronically signed. In other words, an electronic graphical representation of the signature now appears in the document.

The electronically signed document is now digitally signed. The electronic signature is the ‘mark. (i.e., the visual representation of the signature on the document) whereas the digital signature is digital framework behind the ‘mark’ that guarantees the legal validity of the signature. The digital signature guarantees that this present document is precisely the document which was signed by a person with access to the particular email address the link was sent to, at such and such a time, and from such and such an IP address.

You and the signatory both receive electronically and digitally signed copies of the document. Additionally, you (as the sender of the original document) will receive an Audit Trail which guarantees the authenticity of the document.

Are eSignatures legally valid?

Documents which have been signed online are legally valid in many jurisdictions. Our eSignatures comply with the governing regulations in the United Kingdom, EU member states, and the United States. In the EU, eSignatures are governed by Regulation (EU) No. 910/2014 of The Europe Parliament and the Council of the European Union. The regulation came into force in July 2016 and is directly applicable and legally binding on each member state. In the United Kingdom, eSignatures are regulated by the Electronic Communications Act (2000) and, within the United States, eSignatures are governed by the Electronic Signature in Global and National Commerce Act (2000) and the Uniform Electronic Transactions Act (1999).

Has the United Kingdom leaving the European Union affected the legality of eSignatures?

It has not. In the first instance, all European legislation continues to be in effect following the United Kingdom’s exit from the European Union.?? It would only cease to be in effect through a subsequent act of parliament. This position is laid out in the European Union (Withdrawal) Act (2018). In the event that the Regulation (EU) No. 910/2014 were repealed, the United Kingdom’s Electronic Communications Act (2000) would still be in effect ensuring the ongoing legal compliance and validity of eSignatures.

How is the legal validity and integrity of eSignatures ensured?

Sign&Send’s eSignatures meet the requirements set out in the Regulation (EU) No.910/2014. These requirements state that an eSignature should be: 1) uniquely linked to the signatory; 2) capable of identifying the signatory; 3) created using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control, and; 4) linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
As soon as your client signs any document you have sent them, you (as the person who sent the document) will receive a signed copy of the document as well as an Audit Trail. The Audit Trail provides documentary evidence which demonstrates that the requirements established in the Regulation (EU) No.910/2014 have been fulfilled.

The Audit Trail includes a record of:

  • the email address (both sender and signer);
  • the IP address of the signer;
  • the name of the document that was signed;
  • the precise time and location that the document was signed;
  • the registered events relating to your document, that is, a precise record of when the email was delivered, opened, and attached document opened.

The integrity and authenticity of the document and audit trail is guaranteed by an official time stamp. An official time stamp is a certification provided by a trusted third party, a Time Stamping Authority (TSA), which is independent of both the sender and signer of the document. The time stamp serves to guarantee that none of the data associated with your signed document has been modified in any way since the document was signed.

What is a Time Stamping Authority and how does it work?

A Time Stamping Authority (TSA) is a certification service provider that acts as an independent trusted third party to provide official time stamps. The purpose of a time stamp is to guarantee the integrity of the audit trail and signed document by certifying that no modifications were made to the document (from the moment that it was signed and sent). When your client has signed and sent their document, Sign&Send’s eSignature service sends the Time Stamping Authority a hash value that represents the data of the signed document. The Time Stamping Authority then returns a different hash for all the data associated with the document; this includes the time stamp certificate. Any changes made to the document following this are interpreted as a modification to the data. This will invalidate the time stamp certification which serves to demonstrate that the document has been modified after the time it was signed. The official time stamp helps guarantee the integrity and authenticity of all electronically signed documents.

Are eSignatures complaint with the General Data Protection Regulation (GDPR) and other Data Protection Legislation?

Yes. During the eSignature process your client’s explicit consent is requested to capture the necessary data to ensure that the eSignature meets the necessary legal requirements outlined in Regulation (EU) No.910/2014. Such data includes forename, surname, geolocation, biometric data, etc. It is not possible for your client to complete an eSignature without providing their express consent for this data to be collected. This ensures that Sign&Send’s eSignatures comply with the General Data Protection Regulation (GDPR) which requires the client to give their consent by way of a ‘clear affirmative action’ that ‘signifies agreement to the processing of personal data relating to him or her’ (Article 4.11; Article 6.1(a)). Such requirements represent an extension of the Directive 97/66/EC (processing of personal data and the protection of the privacy in the telecommunications sector) and Directive 95/46/EC (protection of individuals with regard to the processing of personal data and on the free movement of such data).

Are eSignatures safe and secure?

Yes. The eSignature process uses the same level of security as online banking and all data processes adopt Hypertext Transfer Protocol Secure (HTTPS) protocols which ensure point-to-point data encryption. Data is hosted on SAS70 Type II facilities which have obtained the ISO271001 certification. The security, integrity, and authenticity of the document are maintained through the Audit Trail and the document’s timestamp.