COVID has also prompted organisations to focus attention on their businesses’ wider digital strategy. As a result, those of us working in-house, for example, may now find ourselves also tasked with advising on the implementation of an electronic signature (e-signature) technology solution within our client organisation.
U got the look
The term ‘e-signature’ can describe a broad range of concepts: from a digital scan of a traditional wet-ink signature, or a typed name on an electronic document, to more sophisticated digital signature technologies that contain security and identification functionality designed to give the same legal standing as handwritten signatures.
The type of e-signature methodology an organisation should introduce will depend on a range of factors, and it may be the case that different types of signatures are more appropriate in different contexts.
Nothing compares 2U
The law governing e-signatures in Ireland is contained in the Electronic Commerce Act 2000 (ECA) and EU Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS).
The ECA first established a legal basis in Ireland for e-signatures by confirming the validity of information existing solely in electronic form. In 2016, eIDAS became effective, with the aim of facilitating electronic transactions between EU citizens by, among other things, improving the accountability of ‘trust service providers’ that offer e-signature technology solutions.
Both the ECA and eIDAS distinguish between different types of e-signatures, and the types identified are similar in some instances, but not identical. There is a wealth of recent legal commentary describing in detail the characteristics and requirements of each type of signature.
In summary, the ECA makes a distinction between: (1) a simple ‘electronic signature’, (2) an ‘advanced electronic signature’, and (3) an ‘advanced electronic signature, based on a qualified certificate’ (AESQC).
The ECA provides that, where a signature to a document is required to be witnessed or where a seal is required to be affixed to a document, using an AESQC in the manner prescribed in the ECA will satisfy those requirements.
eIDAS also recognises three levels of electronic signature, namely: (1) a simple ‘electronic signature’, (2) an ‘advanced electronic signature’, and (3) a ‘qualified electronic signature’ (QES).
In its recent practice note (E-Signatures, Electronic Contracts and Certain Other Electronic Transactions), the Law Society’s Business Law Committee explains that an AESQC under the ECA goes beyond the definition of an ‘advanced electronic signature’ under the ECA, but not quite as far as a QES under eIDAS.
Having two key pieces of legislation with similar – but not identical – concepts and requirements means that the Irish legal framework is not clear-cut, and I believe there is a degree of ambiguity about the relationship between the two statutes and what standard of signature is required for certain types of documents in Ireland.
Diamonds and pearls
When asked to advise on what e-signature methodology should be implemented, there are a number of things that solicitors may need to consider.
What is the purpose of its introduction?
An organisation may implement e-signatures for a specific project (for example, where the organisation needs to implement a contract variation with a large volume of customers) or for use in the context of specific contracts (for example, where the organisation enters into repeated identical contracts, such as confidentiality agreements, and the organisation uses its own template for these).
Its introduction may also have been prompted to address a short-term requirement (for example, limited on-site availability of authorised signatories due to COVID-19, or limited access to printing and scanning facilities when working remotely).
Or it may be the case that the entire organisation has decided, for efficiency reasons, to move fully to the use of e-signatures for all signing requirements. The wider the potential use-case for the e-signature technology, the more important it is that appropriate procedures are put in place governing its use, and that the organisation is aware of its limitations.
Can e-signatures legally be used?
While international acceptance of e-signatures is growing, there are some jurisdictions where they are not accepted or where acceptance is limited. When acting for an organisation that enters into cross-border contracts, local legal advice on the legality of e-signatures should be procured.
Similarly, certain public bodies in Ireland have requirements or restrictions when it comes to using and accepting e-signatures. It is also important to ensure at the outset that any registry (for example, the Companies Registration Authority or the Property Registration Authority of Ireland) to which the document must be submitted does not contain a restriction on the use of e-signatures, or that the constitutional documents of the signing entity do not preclude or curtail their use.
Type of document?
There are few statutory restrictions governing most types of contracts in Ireland, and simple e-signatures will largely suffice. However, there are some exceptions.
As mentioned above, certain Irish registries mandate wet-ink originals in documents that are to be filed. Similarly, certain documents creating, acquiring or disposing an interest in real property must be signed using a wet-ink signature.
Additionally, under the Companies Acts, deeds must be executed by Irish companies under seal. While there is provision in the ECA and eIDAS for an ‘electronic seal’, it is unclear whether the electronic seal defined in those statutes would equate to, or meet the requirements of, a Companies Acts company seal. In any event there are few service providers in the market offering e-sealing technology.
The alternative process commonly followed to enable electronic execution of deeds by a company is to have these signed under a power of attorney granted to a natural person. If using this process, the constitution of the relevant company should be consulted to check any conditionality on granting a power of attorney.
Furthermore, in its practice note (referred to above), the Business Law Committee confirms that such attorney signatures would need to be witnessed, and that it remains best practice that such witnessing be conducted in people’s physical presence.
This requirement obviates the benefits of e-signatures to some extent, so if a company frequently engages in the execution of deeds, or has a large volume of property-related transactions, e-signatures may not be as advantageous to it.
What type of signature is required?
As mentioned above, e-signatures range from the very rudimentary to the ‘gold standard’ provided by the QES under eIDAS. While the ECA indicates that an AESQC may be required for signatures required to be witnessed, or where a seal is required to be affixed to a document, eIDAS does not mandate the use of a QES for any given type of document.
Rather, organisations may opt for a QES to provide added security where it engages in high-value contracts, or to reduce the requirement for additional validation where its signing authority is likely to be the subject of a ‘due execution’ legal opinion, as a QES removes the requirement to produce additional evidence to verify the authenticity of the signature if this were disputed.
In practical terms, the cost of obtaining a QES may prove prohibitive for many organisations and, to date, its use has been limited.
Ensuring consent of the contracting parties?
Under the ECA, counterparty acceptance of e-signatures is required. There is no prescribed format for this, so consent may be evidenced by exchange of emails, or even by course of dealing.
However, best practice would be to ensure that consent is formally documented by including an express clause in the relevant contract acknowledging all parties’ consent to the use of electronic signatures and, where necessary, to virtual exchange and completion.
If the consent or the exchange/delivery process is agreed more informally (for example, by email exchange), appropriate records should be retained as evidence.
Where will the electronic contracts be stored?
The ECA clarifies that an electronic original must be retained and stored securely and be capable of production during the period for which it is required. This means that the hard-copy contracts registry traditionally maintained and stored by organisations in, for instance, fire-proof safes, should be replicated in electronic format, so that electronic originals are centrally and securely stored in an electronic depository.
Ideally, this depository would be maintained by the organisation’s legal department. Processes should be in place to ensure that those working in the business pass on all electronic contracts to the legal department for safekeeping, and that they do not rely on less secure retention methods (for example, having the electronic copy saved as an attachment to an email).
Who will the e-signatures be used by?
E-signatures will typically be produced for those with corporate signing authority, for instance the directors of the company. However, often authority is delegated to other authorised signatories for certain categories of contracts for logistical reasons (for instance, allowing HR managers to sign employment contracts on behalf of the company).
It is important that there is clarity within the organisation as to who can legally bind the company, and that authority has been appropriately delegated to such authorised signatories in the manner prescribed by the company’s constitution.
Cost and choice of provider?
The last – but by no means least – factor to consider is what e-signature provider to select? Given the broad legal definition of ‘electronic signature’, it is not strictly necessary to introduce dedicated software in order to sign electronically, and simply typing one’s name or applying an image of a signature to an execution version of a document would suffice in many circumstances.
However, many e-signature products contain security features that are appealing, for instance, time stamping and multi-factor authentication of signatories. There are a range of commercial off-the-shelf (COTS) packages on the market, readily found from an online search, that are easy to implement and use.
With COTS, there is little flexibility to implement bespoke requirements or to negotiate a different pricing model, but the types of e-signature available will suit most cases. Many providers operate an economies-of-scale type model, so if one area of an organisation is looking at employing this software, the use-case in other areas should be considered, to leverage off reduced costs from higher volumes.
It may also be the case that some of the organisation’s existing technology service providers (for email, case management, etc) may offer their own e-signature add-ons, so it would be worth speaking to these first, as these may prove more competitive, and their product may align better with the organisation’s technical framework.
It is vital that the organisation’s IT department is involved in discussions with the potential provider from the outset to ensure the proposed product meets the organisation’s security standards and can be integrated into existing systems without causing technical difficulties.
Little red corvette
There is no doubt that, when managed correctly, implementing e-signatures within an organisation can result in many benefits. Their use can improve efficiencies, facilitate prompt turnaround, and reduce the logistical burden on the legal department.
If an organisation has not yet taken steps to implement such measures, it would be a worthwhile exercise for its in-house counsel to develop an e-signature business case.
As well as helping the business to advance its digital strategy, it will also enhance the in-house counsel’s ability to continue to provide effective and efficient legal support in the new and different working world in which we find ourselves.