How to validate the electronic signature?

Have you received an electronically signed document and need to know if it is valid? Many companies face this situation daily, and it means that you need to have a thorough understanding of how to validate the electronic signature and the mechanisms used to make them legally valid.This post describes how to validate electronic signatures and whether or not they are legal, what the validity of electronic signatures is based on, what types of signatures there are and what Lleida.net does to validate such signatures.

What is the legal basis for the validity of electronic signatures?

Legally, the validity of electronic signatures is based on several standards:

  • Regulation (EU) No 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. It is the so-called eIDAS Regulation that governs electronic signatures, their types and their validity. Article 25 of this regulation states that
    1. An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.
    2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.
    3. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.

A new system governing the legal effects of electronic documents that are used to support public, administrative, and private documents, establishing that their value and effectiveness must be determined under the applicable law, according to their nature.

Is the electronic signature valid beyond the European Union?

Along with European and Spanish regulations, it should be noted that there are national laws on electronic signatures in several other countries.

Many companies that have gone international need to sign documents with customers, suppliers or partners in countries located in non-EU countries. For example, in the United States, there are two critical regulations concerning electronic signatures: Electronic Signatures in Global and National Commerce Act (“E-SIGN Act”) and The Uniform Electronic Transactions Act (UETA); in South Africa, they have the South African Common Law and Electronic Communications and Transactions Act, 2002 No. 25 of 2002 and in Argentina the Digital Signature Law No. 25.506.

It is important in every single scenario to analyse where the electronic signature is to be used and what requirements it must meet to be considered valid.

What types of electronic signatures do exist?

Before validating the electronic signature, it is essential to know the existing types and the degree of security provided by each type. Based on the Regulation of the eIDAS Regulation, there are three types of electronic signature, namely

  • Simple electronic signature, defined in eIDAS Regulation, Article 3 as an electronic signature, refers to data in electronic form, which is logically associated with other data and used by the signatory to sign.
  • Advanced electronic signature meets the requirements set out in article 26 of the Regulation and offered by Lleida.net. The conditions that an electronic signature must meet to be considered advanced are as follows
    • It is uniquely linked to the signatory;
    • It is capable of identifying the signatory;
    • Have been created using electronic signature creation data that the signatory can use, with a high level of confidence, under their sole control
    • It is linked to the data signed so that any subsequent change in the data is detectable.
  • Qualified electronic signature. Qualified electronic signature is an advanced electronic signature created by a qualified signature creation device based on a qualified certificate for electronic signatures.

Why is it important to know whether an electronic signature is valid?

For example, if you come to an agreement with a client, a supplier or an employee, you can use the electronic signature, but if it does not meet the legal requirements for validity, the document may not be binding upon the signatories, nor may it be used as evidence in legal proceedings.

Therefore, knowing whether an electronic signature is valid helps to:

  • To have certainty that the signatory is whom they claim to be.
  • Check that the signature has not been tampered with.
  • Ensure that the signed document is valid, generates obligations for the signatories and may be used as evidence in legal proceedings.
  • Avoid crimes and scams such as identity fraud.

How to validate the electronic signature?

To validate the electronic signature, it is necessary to check three elements:

  • The identity of signatories, i.e. that the signatories are whom they say they are and that they are not using another person’s identity.
  • The signed document remains unaltered and has not been tampered with since it was signed.
  • When and where the document has been signed.

All of the elements are analysed in detail next:

  • Time-stamp To validate an electronic form, you must check that it has a timestamp. The timestamp or time stamping is a mechanism that guarantees the integrity of the electronic signature and of the signed document and that it has been signed at a given time, and it is not possible to modify it since the specific date and time of the signature have been recorded. The time stamp is the core element to determine whether a document has been altered after signature, thus making it easier to use the electronically signed document as evidence in legal proceedings. For example, the time stamp is used to find out who and when signed a specific company document. The timestamp is provided by a trusted service provider, which is a neutral third party that guarantees the security of the transaction.
  • Location. It is essential to know the location from where a document is electronically signed to make the signature valid. For example, it is particularly relevant for carriers or couriers who are constantly on the move and must sign delivery or collection notes.
  • Identity of signatories. The identity of signatories is guaranteed in several ways:
    • Using a one-time password known as OTP sent to the signatory by email to the address provided by the signatory or to their mobile phone via SMS, thus ensuring that the signatory is the right person.
    • Face recognition by video is another way of authenticating the signatory’s identity. Pictures of the signatory’s identity document (ID photo and other data) are taken, and the data is compared with the person’s video image.
    • Besides, biometric identification can be used so that the identity of the signatory is unambiguous. Biometric identification uses personal traits such as the iris of the eye, fingerprints, voice, facial features, or the hand’s shape to verify the signatory’s identity and be sure of who they are.

How does Lleida.net validate the electronic signature?

The electronic signature service offered by Lleida.net compiles a series of information to validate the signature, in particular,

  • To guarantee the identity of the signatories at the time of signing, electronic evidence of the whole process is collected. Thus, the emails and IPs involved, the document signed, the time and place of each signature, the attachments to the document, etc. are known.
  • The electronic evidence of the signature process is in a PDF that can be downloaded; it is timestamped to prevent the document from being modified. Any documents uploaded to the cloud during the signature process (receipts, payslips, ID cards, etc.) will be safeguarded by Lleida.net for five years.

As a result of the foregoing, the electronic signature service provided by Lleida.net is that of an advanced electronic signature, since the requirements we have seen in the eIDAS Regulation are met:

  • It is uniquely linked to the signer.
  • They are created in such a way that the signatory maintains control.
  • They are linked to the document so that if a modification occurs after the signature, it can be easily detected.

Therefore, validating the electronic signature is a process that requires a thorough knowledge of the regulations and the requirements that the signature must meet to provide trust and security to the signatories. Thus is essential to have the experience and expertise of an electronic signature provider with an understanding of the legislation in force regarding the type of signature and the location in which it is signed

2 thoughts on “How to validate the electronic signature?”

  1. Not surprisingly, this article mentions nothing in regards to an electronic signature by telephone. i am not aware that such a signature is valid and, after searching through the internet, i can find no information in regards to this form of electronic signature. i need a definitive answer as to whether this is legally binding or, just someone’s attempt to cover for their mistake, that sounds more likely to me…

    Reply
    • Dear Catbert,
      When referring to signing by telephone, we understand that you are referring to sending an OTP to the mobile phone, as a two-factor authentication system, about the document to be signed, which has been sent by other means.
      Lleida.net’s OTP signature is considered an advanced signature according to article 26 of the eIDAS Regulation.
      Thanks

      Reply

Leave a Comment