WACOM esignature Solutions Compliance with European e-signature legislation

Similar documents
Economic and Social Council

1 ELECTRONIC COMMUNICATIONS IN CONTRACTUAL TRANSACTIONS 2 DRAFT TABLE OF CONTENTS 3 PART 1 4 GENERAL PROVISIONS

CHAPTER 308B ELECTRONIC TRANSACTIONS

NOTE ON THE EXECUTION OF A DOCUMENT USING AN ELECTRONIC SIGNATURE

General Framework of Electronic Voting and Implementation thereof at National Elections in Estonia

Electronic Document and Electronic Signature Act Published SG 34/6 April 2001, effective 7 October 2001, amended SG 112/29 December 2001, effective 5

SECURITY, ACCURACY, AND RELIABILITY OF TARRANT COUNTY S VOTING SYSTEM

( ) Page: 1/5 WORK PROGRAMME ON ELECTRONIC COMMERCE ELECTRONIC SIGNATURES. Communication from Argentina, Brazil and Paraguay

27 July 2017 Without prejudice TITLE [XX] DIGITAL TRADE

enotarization Frequently Asked Questions (FAQs) Background Paper

Subpart A General Provisions

NASS Resolution Reaffirming Support for the National Electronic Notarization Standards

10 October 2018 Without prejudice

A whitepaper prepared by Michalsons Attorneys concerning the benefits of using the impression

ARRANGEMENT OF SECTIONS PART I PRELIMINARY

Resolution adopted by the General Assembly. [on the report of the Sixth Committee (A/56/588 and Corr.1)]

OBJECTS AND REASONS

Estonian National Electoral Committee. E-Voting System. General Overview

NASS Support for the Revised National Electronic Notarization Standards

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

Declaration of Certification Practices Certificates of the General Council of Notaries

RULES OF TENNESSEE DEPARTMENT OF ENVIRONMENT AND CONSERVATION CHAPTER ELECTRONIC REPORTING TABLE OF CONTENTS

1. Electronic means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG-MRTD)

eidas-regulation - Electronic Identification and Trust Services for Electronic Transactions in the Internal Market

Colloquium organized by the Council of State of the Netherlands and ACA-Europe. An exploration of Technology and the Law. The Hague 14 May 2018

City of Toronto Election Services Internet Voting for Persons with Disabilities Demonstration Script December 2013

Presidential Decree No. 513 of 10 November 1997

Tentative Translation ELECTRONIC TRANSACTIONS ACT, B.E (2001) 1

OFFICIAL POLICY. Policy Statement

Relying Party Agreement. 1. Definitions

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR AUTHENTICATION

Zab Zab Application Privacy Policy Terms and Conditions

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

UNCITRAL Model Law on Electronic Commerce with Guide to Enactment 1996 With additional article 5 bis as adopted in 1998

TERMS OF USE FOR PUBLIC LAW CORPORATION CERTIFICATES OF SECURE APPLICATION

GATEKEEPER ABN-DSC SUBSCRIBER AGREEMENT INSTRUCTIONS

UNITED NATIONS COMMISSION ON INTERNATIONAL TRADE LAW (UNCITRAL) UNCITRAL Model Law on Electronic Commerce with Guide to Enactment 1996

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

IC Chapter 15. Ballot Card and Electronic Voting Systems; Additional Standards and Procedures for Approving System Changes

Class Unification of Law - Uniform Law (Rechtsvereinheitlichung) Summer term 2016

Archival Legislation in Singapore

Checklist. Industry Requirements for E-Bonding Solutions. Based on Surety Association of Canada Vendor Guidelines

General Assembly. United Nations A/CN.9/WG.I/WP.42/Add.1

TERMS AND CONDITIONS OF USE OF THE ELECTRONIC EXCHANGE SYSTEM. external experts in the context of EU funding programmes.

Statement on Security & Auditability

Information Technology (Amendment) Act, 2008

Electronic Administration in Iceland

Cross Border recognition of authentication methods/electronic signatures

Kane County Local Rule

Terms of Use. 1. Limited Use

ORGANISATION OF EASTERN CARIBBEAN STATES

Annex 1: Standard Contractual Clauses (processors)

Notes concerning the legal significance of SwissSign certificates

SUPPLIER DATA PROCESSING AGREEMENT

REGULATION ON THE APPROVAL AND IMPORTATION OF TELECOMMUNICATIONS EQUIPMENT CONNECTED TO PUBLIC TELECOMMUNICATIONS NETWORKS. Article 1 Definitions

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Trusted Logic Voting Systems with OASIS EML 4.0 (Election Markup Language)

DOCUMENTARY, VOICE IDENTIFICATION AND E-EVIDENCE -- FOUNDATIONAL REQUIREMENTS W. David Lee Superior Court Judges Fall Conference October 23-26, 2007

closer look at Rights & remedies

Conditions for Processing Banking Transactions via the Corporate Banking Portal and HBCI/FinTS Service

Checklist. Industry Requirements for E-Bonding Solutions. Based on Surety Association of Canada Vendor Guidelines. Version date: October 19, 2009

NOTICE 888 OF 2012 DEPARTMENT OF COMMUNICATIONS ELECTRONIC COMMUNICATIONS AND TRANSACTIONS AMENDMENT BILL, 2012

Ad-Hoc Query on assessment of authenticity of documents submitted by asylum seekers from Bangladesh. Requested by SK EMN NCP on 19 th November 2014

Secure Electronic Voting: New trends, new threats, new options. Dimitris Gritzalis

Attest Engagements 1389

Biometrics: primed for business use

ASEAN ELECTRONIC COMMERCE LEGISLATION COMPARISON TABLE (version dated 1 Dec 2000) MATRIX UNCITRAL Singapore Brunei Thailand Malaysia Philippines

Draft ETSI EN V2.0.6 ( )

DATA PROTECTION LAWS OF THE WORLD. South Korea

FINAL REPORT ON THE LAW OF INFORMATION TECHNOLOGY

Australia s accession to the UN Convention on the Use of Electronic Communications in International Contracts consultation paper

Digital Signature and DIN


E/ESCAP/PTA/IISG(2)/CRP.2

1) ICC ADR proceedings are flexible and party-controlled to the greatest extent possible.

MARYLAND Maryland MVA Real ID Act - Impact Analysis

Secure Electronic Voting: Capabilities and Limitations. Dimitris Gritzalis

Estonian eid Infrastructure ITAPA 2009 International Congress November 3, 2009 Bratislava

Direct Phone Number: Last Name: Title: Alliance Primary Contact (if different than authorized signatory contact): First Name:

EUROPEAN MODEL COMPANY ACT (EMCA) CHAPTER 3 REGISTRATION AND THE ROLE OF THE REGISTRAR

REVISOR PMM/NB A

Ad-Hoc Query on Implementation of Council Regulation 380/2008. Requested by FI EMN NCP on 10 th September 2009

Classification, Detection and Prosecution of Fraud on Mobile Networks

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]

HIPSSA SADC Model Law on Electronic Transactions & Electronic Commerce. Establishment of Harmonized Policies for the ICT Market in the ACP

The Economist Case Study: Blockchain-based Digital Voting System. Team UALR. Connor Young, Yanyan Li, and Hector Fernandez

NATIONAL REPORT - CZECH REPUBLIC - JUDr. Petr Lavický, Ph.D, Masaryk University

Conditions for Processing Banking Transactions via the Corporate Banking Portal

ELECTRONIC DATA INTERCHANGE (EDI) TRADING PARTNER AGREEMENT

OPT-IN AGREEMENT FOR GARDEN STATE MULTIPLE LISTING SERVICE, L.L.C. INTERNET DATA EXCHANGE PROGRAM

Class Unification of Law - Uniform Law (Rechtsvereinheitlichung) Summer term 2017

ANNEX. to the. Commission Delegated Regulation (EU) No.../...of XXX

UPDATE: Survey of Electronic and Digital Signature Legislative Initiatives in the United States

BIOMETRICS - WHY NOW?

SECURE REMOTE VOTER REGISTRATION

Going Paperless: Legal Requirements And Best Practices For Online Enrollment Agreements 1 April 11, 2013

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 7 July /06 LIMITE FAUXDOC 11 COMIX 589

INSTRUCTIONS FOR USE

HAWAI'I ELECTRONIC FILING & SERVICE RULES

Transcription:

WACOM esignature Solutions Compliance with European e-signature legislation 1. INTRODUCTION This white paper reviews the legal effectiveness of Wacom s esignature solutions in relation to European regulatory principles for electronic signatures. In the first part of this white paper, we frame the main questions of contractual validity and enforceability. We briefly summarise the Electronic Signature Directive s central definitions and scope. We further analyse the overall European contractual landscape from the perspective of validity and enforceability of electronic contracts by broadly outlining when electronic signatures are adequate and when qualified electronic signatures may be useful. In a second part, this white paper describes the main features from a legal point of view of Wacom`s esignature solutions. We review these key features in our analysis of the legally binding nature of Wacom`s esignature solutions signatures. We conclude that when correctly implemented, from a legal perspective, Wacom s esignature solutions meet or even exceed the requirements of an electronic signature as defined in Article 5.2 of the E-Signature Directive. Furthermore, adequate configuration of the technical and procedural safeguards of Wacom s esignature solutions can make it an excellent additional tool to increase the trustworthiness of a qualified electronic signature system in accordance with Article 5.1 of the E-Signature Directive. 2. CONTRACTUAL VALIDITY AND ENFORCEABILITY When dealing with electronic signatures in the context of contractual agreements, two main questions arise. The first question relates to the existence and validity of an electronically signed contract. The second relates to the probative value and enforceability of an electronically signed contract. The first question deals with the formal requirements to conclude a valid contract. A guiding principle in European contract law is the principle of consensualism, in the sense that contracts are effected by the mere consent of the parties. The principle is that the freely given and mutual consent of the parties involved is sufficient to establish a contract: no formal requirements such as a written document, registration or signatures are needed to enter into a valid contract. Contracts can be entered into verbally, in writing, electronically or even implicitly. There are certain exceptions to this rule in various jurisdictions. Such exceptions often include real estate contracts, public procurement contracts, consumer contracts and family law contracts such as wills. For such contracts, specific formalities need to be fulfilled in order to conclude a valid contract. While there are some exceptions, the vast majority of contracts can be entered into by the mere consent of the parties and no signature or other specific formalities are required to conclude a valid contract. When surveying the legal landscape, it is reasonable to estimate that the legal validity of the vast majority of contracts does not require specific formalities

The second question relates to the enforceability and the legal principles in obtaining proof of concluded agreements. The second question is important, as there is a difference between the existence of a valid contract and being able to enforce the contract by proving its existence and its contents. The legal rules regarding the evidentiary value and the enforceability of contracts vary by jurisdiction. In civil law countries, such as Belgium and France, which may serve as an example of the rules of evidence in existence in continental Europe, a distinction is made between unrestricted and restricted evidence. Commercial disputes, i.e. contracts between persons and businesses engaged in commerce, merchandising, trade, and sales, generally permit unrestricted evidence under such rules of evidence. This means that any type of writing, testimony, email or factual element is admissible and that it is at the court s discretion to evaluate their evidentiary value. In settings involving private persons, including consumers, a general rule in some jurisdictions is that a written act, namely a written document signed by the parties who undertake obligations in the act, must be provided above a certain amount. It is generally accepted that the rules of evidence may be deviated from by agreement between the parties. Parties can contractually agree which means of proof are required, or which evidential value is given to certain documents in the event of a dispute. For example, parties can agree that filling in a password or ticking a checkbox shall be considered as an electronic signature which meets the functional requirements of a handwritten signature. Even when restricted evidence is required (such as a signed act), the rules of evidence will generally ascribe at least some legal evidentiary value to unrestricted evidence (such as emails describing the content of the contract), whether as a legal rule or in practice. Taking into account the above, it is fair to say that in a majority of contractual dispute cases in Europe unrestricted evidence is admissible in a court proceeding. When unrestricted evidence is admissible, any type of writing, email, soft copy or electronic signature may be furnished to prove contractual obligations. Although the rules of evidence vary from jurisdiction to jurisdiction, in most cases unrestricted evidence (such as any type of writing, email or electronic signature) is admissible when proving the enforceability of a concluded contract. 3. CONTESTING HANDWRITTEN SIGNATURES It is important to note that paper-based handwritten signatures do not offer absolute enforceability, as they can often be contested in the context of a dispute. A paper-based handwritten signature can be challenged on the grounds that it is a forgery. In Belgium for example, contesting a signature leads to a reversal of the burden of proof. In such a case, a party may simply disavow a paper-based written signature on a contract. The burden of proof is then on the claimant, who must establish the existence and extent of the contract by proving the authenticity of the handwritten signature. The claimant must undertake a civil proceeding regarding document forgery, involving the investigation of a forensic expert, and which requires a judicial ruling based on a review of the evidence to prove the authenticity of the document. While handwritten signatures in most contracts may be challenged, there are some exceptions, including certified documents and notarised acts. As an example, legislation has recently been introduced in Belgium, as in other jurisdictions, to offer the possibility to certify a document through the signature of the lawyers of the contracting parties, which has the effect to reverse the burden of proof: it is then up to the defendant to prove that the certified document is a forgery. Paper-based handwritten signatures do not offer absolute enforceability and may be challenged. In most cases, depending on the applicable jurisdiction, it is up to the claimant, not the defendant, to prove the authenticity of the written document, unless for instance the document has been certified or is a notarised act. 4. THE E-SIGNATURE DIRECTIVE The European Directive on Electronic Signatures of 1999 harmonises the legal recognition of electronic signatures in Europe. It establishes a legal framework for electronic signatures and certain certification services on the internal market. The E-Signature Directive does not cover aspects related to the conclu-

sion and validity of contracts. It does ensure the legal effectiveness and admissibility as evidence in legal proceedings of electronic signatures. The E-Signature Directive makes a distinction between normal electronic signatures, advanced electronic signatures and qualified electronic signatures. 4.1 Electronic signatures The Directive provides for a very broad definition of an electronic signature without any explicit reference to a specific technology. An electronic signature is defined in the E-Signature Directive as data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. The Directive explains in its recital 8 that rapid technological development and the global character of the internet necessitate an approach which is open to various technologies and services capable of authenticating data electronically. The three criteria to qualify as an electronic signature are: the existence of a set of data, the set is linked to other data, and it authenticates these data. None of the criteria are further defined nor explained by the Directive, leaving room for broad interpretation. This means that every type of electronic authentication can be regarded as an electronic signature, as long as the authenticating data are attached to or associated logically with other electronic data. This may include a PIN code, a password, a scanned signature, symmetric and public key cryptography authentication methods and biometric authentication methods. The definition of an electronic signature in the Directive does not even exclude the typed name at the bottom of an email or the attachment of a scanned signature to a document. The Directive accepts every electronic authentication method as an electronic signature, whether it invokes legal effect or not, and whether the signatory approves the contents of the document or not. By taking this broad approach the Directive is able to cover every kind of authentication without having to tackle the existing legal differences between the European Member States legal systems. According to Article 5.2 of the E-Signature Directive, such an electronic signature may not be denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it is (i) in electronic form; (ii) not based upon a qualified certificate; (iii) not based upon a qualified certificate issued by an accredited certification service-provider; or (iv) not created by a secure signature-creation device. The effect of this article is that Member States may neither draft or maintain regulation nor endorse or authorize private rules with a view to condemning the use of an electronic authentication tool solely by virtue of its electronic format or non-qualified nature. Hence, this general acceptance rule of electronic signatures means that Member States may not draft legislation forbidding the use of electronic authentication tools for legal purposes solely on the grounds that they are in electronic form. The fact that such an electronic signature may not be denied legal effectiveness and admissibility as evidence based on certain technical characteristics, does not imply that it would receive the same legal effect as a handwritten signature. This will only be the case if provided for in specific laws. Neither does it affect national rules regarding the free consideration of evidence by the judge. 4.2 Advanced electronic signatures An advanced electronic signature as defined by the E-Signature Directive is an electronic signature which meets the following requirements: (i) it is uniquely linked to the signatory; (ii) it is capable of identifying the signatory; (iii) it is created using means that the signatory can maintain under his sole control; and (iv) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable. Contrary to some other existing legal instruments and guidelines (e.g. UNCITRAL model law on electronic signatures, US E-Sign Act) the Directive does not consider the approval of the contents by the signatory as an essential element of an electronic signature. The signatory s approval thus needs to be specified by other means, for example in the text of the signed document, or by referring to a signature policy which includes approval. Although the legal definition is being formulated in a technology neutral way, in practice, it refers mainly to electronic signatures based on digital signature technology or, in other words, making use of public key cryptography. It therefore seems that mainly public key cryptography systems meet the requirements of the

Directive s definition. In this sense, an advanced electronic signature is essentially a digital file containing a hash of the document obtained by encryption with the private key of the signatory. Other parties can verify the advanced electronic signature with the corresponding public key of the signatory. An accompanying digital certificate confirms the signatory as the owner of its public key. The E-Signature Directive does not confer to the advanced electronic signature a specific legal effectiveness different from a (normal) electronic signature. The Directive instead uses the concept of the advanced electronic signature, namely a signature using public key cryptography, to define qualified electronic signatures, which are advanced electronic signatures who satisfy certain specific legal criteria (as described below). The main difference between (normal) electronic signatures and advanced electronic signatures is that the technical security of a public key cryptography system is generally considered to be higher than certain legally accepted (normal) electronic signatures such as a PIN code. An advanced electronic signature must therefore be considered to be more trustworthy. Trustworthy systems generally confer more evidential weight. It should nonetheless be noted that from a legal standpoint, the particular technical method used may only be an element to be taken into account at the discretion of the courts when evaluating the overall evidentiary value in a particular case. In a particular case, the trustworthiness of a given public key signature may be questioned for instance, while in other circumstances courts may consider a PIN to provide sufficient evidence given the facts of the case. 4.3 Qualified electronic signature A qualified electronic signature is an advanced electronic signature based on a qualified certificate and which is created by a secure-signature-creation device. A core principle of the E-Signature Directive is that Member States are obliged to confer to certain types of electronic signatures the same legal effect as paper-based handwritten signatures (Article 5(1)). This guarantee applies to qualified electronic signatures who meet the criteria fulfilling some minimal technical security requirements: only advanced electronic signatures which are based on a qualified certificate and which are created by a secure signature creation device have this advantage. Member States must ensure that these types of electronic signature satisfy the legal requirement of a signature in relation to data in electronic form in the same way as a handwritten signature satisfies the requirement in relation to paper-based data. These signatures are also be admissible as evidence in legal proceedings. The conditions for meeting the technical minimum requirements can be found in the definition of an advanced electronic signature and in Annexes I, II and III to the Directive. In order to be qualified, an advanced electronic signature must be made on the basis of a qualified certificate. A certificate is an electronic confirmation which links the data for verifying the signature to a natural or legal person and which confirms the identity of the person. As described in Annex I of the Directive, a qualified certificate must contain specific mandatory information and must be issued by a qualified certification services provider. The E-Signature Directive contains in its Annex II requirements for such qualified certification services providers, which in practice means an accredited commercial certificate authority or a governmental certificate authority. Such a certificate authority then certifies the ownership of a public key by a named person or legal entity by issuing a digital certificate. The signature must also be created by a secure-signature- creation device. This implies that the configured software or hardware used to implement the data for creating the signature, complies with requirements relating to the trustworthiness of the data handled by the device as described in Annex III of the E-Signature Directive. This paper will review below how the legal requirements for qualified electronic signatures defined in the E- Signature Directive apply to Wacom`s esignature solution. If all requirements related to the qualified electronic signature are met, then such a digital signature file is automatically assimilated and legally presumed to be equivalent with a handwritten signature The use of an electronic signature or advanced electronic signature implies that such signature may not be denied legal effectiveness and admissibility as evidence in legal proceedings. A qualified electronic signature is automatically legally assimilated with a handwritten signature.

5. VALIDITY AND ENFORCEABILITY OF ELECTRONIC SIGNATURES We have noted above that the majority of contracts in Europe can be entered into by the mere consent of the parties and no signature or specific formalities are required to conclude a valid contract, although there are exceptions such as real estate contracts and public procurement contracts, which require a handwritten signature. Given the limited use of electronic signatures, it is premature to talk about solid case law in 2013 at national or EU level addressing the legal effect of electronic signatures. In only a few countries has the meaning and validity of an electronic signature been tackled directly in court. From these limited cases, we can infer that in most contractual dispute cases in Europe, the type of evidence admissible in court is unrestricted and any type of writing, email, soft copy or electronic signature may be used to prove contractual obligations, although rules of evidence vary from jurisdiction to jurisdiction and may require a handwritten signature in certain cases. Greece. In Greece, the Court of First Instance in Athens acknowledged recognition of a debt submitted to the other contractual party in the form of an electronic message (e-mail) as a legal act binding the debtor. In its ruling, the Greek court accepted that an e-mail address satisfies the legal functions of a signature (unique identification of the signer, unique link between the signatory and his e- mail address) and, thus, can be considered as the electronic equivalent of the handwritten signature. According to the Greek judge, the inherent security problems (e.g. risks of third party intrusions to the computer and e-mail system) that could possibly constitute a hindrance to the recognition of such equivalence should not be considered as a weakness of the e-mail (electronic signature) per se but rather as a risk that should normally be borne by the message recipient. Netherlands. By contrast, confronted with the same question the Dutch judge ruled that the e-mail message could not be granted any legal value because of the evident security risks of the e-mail communication (especially, within open systems). United Kingdom. In the same context, a UK Court confirmed by a ruling in obiter dictum that an electronic signature in a computer-generated facsimile would have satisfied the requirements of the Insolvency Act in terms of signing a proxy voting form. It has also been made clear in a ruling from the UK Appeals Court that the conclusion of whether or not a contract is binding does not only relate to the use of a (handwritten or electronic) signature but should primarily depend on the intention of the parties. In other words, all elements necessary to make a contract may well exist within e-mail exchanges, as they may not, depending on what the real intention of the parties was. Estonia. Concerning the value of documents used in or exchanged through court proceedings, there has also been a decision of the Tallinn Administrative District Court in Estonia ruling that digitally-signed documents must be considered equivalent to handwritten ones in court proceedings. Spain. The legal value of the electronic signature was explicitly pronounced in Spain where the Court of First Instance of Madrid ruled that an electronic contract between private parties was null and void on the grounds that it did not bear an electronic signature. Sweden. In Sweden, the Administrative Supreme Court ruled that an electronic signature does not suffice for an administrative legal act to be valid, insofar as the administrative law requires a handwritten signature. In other words, the Court affirmed the general rule of the Swedish electronic signatures law that an electronic signature can be regarded as the equivalent of a handwritten one, on condition that the legal requirement satisfied by the handwritten signature can also be satisfied by electronic means. By ruling thus, the Court did not go any further in determining what functional requirements the electronic signature should fulfil in order to have probative value. A normal electronic signature cannot in principle be denied legal effectiveness and admissibility as evidence in legal proceedings, although this does not imply that it is an equivalent alternative for a handwritten signature. As a result, the European legal landscape with regards to the two main questions of validity and enforceability may be broadly summarised as follows, depending on specific rules varying from jurisdiction to jurisdiction. (Normal) Electronic Signatures Qualified Electronic Signatures Validity Electronic signatures are sufficient Qualified electronic signatures may to conclude a valid contract be useful in a minority of cases in most cases. to conclude a valid contract. Enforceability Electronic signatures are admissible Qualified electronic signatures may as evidence in most court cases. be useful as evidence in a minority of court cases.

Our analysis shows that from the perspective of the intended use of electronic signatures as a means to create valid contracts and from an enforceability point of view, electronic signatures are often adequate and qualified electronic signatures may be useful in a minority of circumstances, unless they are required in exceptional circumstances. When surveying the legal landscape, it is therefore reasonable to broadly estimate based on our research: For 80% of contracts as an estimate, no signature requirements are imposed by law for validity or enforceability reasons. In the vast majority of cases, any kind of electronic signature can be used. As courts decide on the value of the evidence presented to them, the more trustworthy the technology used, the more trustworthy the signed document, the more evidential weight will generally be conferred. For 15% of contracts as an estimate, signature requirements are imposed by law for validity or enforceability reasons. Any kind of electronic signature can be used in the event of a signature requirement imposed by law. According to Article 5.2 of the E-Signature Directive, (normal) electronic signatures may not be denied legal effectiveness and admissibility as evidence in legal proceedings. The more trustworthy the used technology, the more trustworthy the signed document, but the risk remains that a judge does not trust the technology, and hence decides that the formal signature requirement has not been met. Using a qualified electronic signature will automatically lead to the fulfilment of the signature requirement. For 5% of contracts as an estimate, the use of a qualified electronic signature is explicitly required by law. In exceptional circumstances national laws may impose the use of qualified electronic signatures: local laws need to be checked in such circumstances for specific requirements, sometimes even additional requirements, such as a qualified electronic signature generated by an electronic identity card (eid) 6. DESCRIPTION OF WACOM S ESIGNATURE SOLUTION The esignature solution from Wacom which we tested consists of a software application (Wacom`s Sign Pro PDF software) and a signature pad (STU-500 series), combining aspects of handwritten and digital signatures. Wacom informs us its esignature solutions also work with other signature software vendors in a similar way. The Wacom STU signature pad and signature display is a special sensor panel with a superimposed display, as well as a signature stylus. When the user moves the stylus across the signature pad, the sensors record the position and state of the stylus in real time and store this electronic signature data in the software application. The signature panel s display allows visual inspection of the signature by the user and the relying party. The software application Wacom Sign Pro PDF in turn collects and stores a wide range of information, including: A full record of the pen movement with time, including its position, pressure and depending on the device being used, the pen angles. A cryptographic message digest, or hash, is calculated, namely a sequence of data of a fixed length which acts as a shortened reference to the original document, using the information identifying the document being signed. Contextual information about the signing event, including the name of the person, the date and time, and the data that identifies the computer system used. When the user signs on the signature pad, the signature data stream is encrypted and transferred in real time to the client PC without storage in the signature pad. The software application generates an image file of the signature as captured by the user s movement on the signature pad. Using steganography, which is a cryptographic technique for concealing data, the captured data, which includes the biometric, hash and contextual data, is used to modify the signature image without visually altering its appearance. The software application then appends the signature image file to the PDF document, giving the appearance of an inked signature on paper, while including the full forensic record within the image.

Immediately after the image file has been inserted, a hash is calculated for the entire document body and the image signature file. The document hash is encrypted with the user s private key, to which either a self-signed certificate is associated, or a certificate delivered by a certificate authority. The integrity of the document can be checked by recalculating the document hash and comparing it with the hash of the document at the time of signing. To obtain the original document hash, it must be retrieved from the image file, and decrypted using the signer s public key. Checking the document hash is carried out automatically by PDF viewers such as Adobe Reader. If the original hash is identical to the newly calculated hash then this is an indication that the document has not been changed since signing. Copying the signature image file into a different document would result in a different hash and the document would be marked as having been changed. The level of confidence in the authenticity of the hash therefore rests, similarly to other public key cryptography systems, on the trustworthiness of the signatory s public key and on the chain of trust placed by relying parties in the software and hardware systems used. It is important to note that the signatory s public key is linked to a certificate which can be either self-signed or certified by a certification authority. Additionally, the appended signature image file includes a forensic record containing the full biometric and contextual data of the signing, which can be retrieved in the context of a legal proceeding when ascertaining the authenticity of the signature through forensic analysis. The underlying mechanics of including a handwritten electronic signature from a Wacom signature pad into a document are equivalent to commonly used public key cryptography signing techniques, with the key addition of a visual signature image containing a full forensic record of the signing. 7. WACOM`S ESIGNATURE SOLUTIONS SATISFY THE EUROPEAN REQUIREMENTS OF ELECTRONIC SIGNATURES According to the definition of (normal) electronic signatures in the E-Signing Directive, data in electronic form must be attached to or logically associated with other electronic data and serve as a method of authentication. Based on the mechanics of the system described above, we can conclude with confidence that from a legal perspective, Wacom s esignature solution, if correctly implemented, meets the requirements of the electronic signature definition under European law. This means, according to Article 5.2 of the E-Signature Directive, that a signature captured with a Wacom esignature solution may, in principle, not be denied legal effectiveness and admissibility as evidence in legal proceedings solely based on the grounds of its technical specifications. This does not mean that such a signature automatically acquires the same legal validity as a paper-based handwritten signature, unless, depending on the actual implementation of the system, the Wacom esignature solution can legally be considered to be a qualified electronic signature. The Wacom esignature solution has three important additional features from a legal perspective to strengthen its enforceability as an electronic signature, compared to other commonly accepted electronic signatures such as a PIN code or a password or a scanned signature file. First, a handwritten signature alerts the signer that he or she is about to ascribe legal consequences to his or her actions. The act of placing a signature signals the intent to assume obligations in a way which may not be apparent from, for instance, entering a PIN code. This is an important component in contract formation, since contracts, as a principle, are entered into by the mutual consent of the parties. The act of signing helps in proving the willingness of the signatory to be bound by legal obligations and therefore deducing consent. Second, the unique visual nature of the signature serves the purpose of identifying the signatory and verifying the consent of the signatory with the content of the agreement under which the signature is placed. Third, in the event that the validity of the signature is challenged, the Wacom esignature system permits to conduct a forensic investigation by taking into account the full biometric and contextual data contained in the signature file. This may prove to be an additional advantage to prove the tie between the identity of a signatory and a signature, as additional biometric and contextual data, which includes how the signature was placed and the time of signing may be decisive in forensic investigations.

8. WACOM`S ESIGNATURE SOLUTIONS CAN BE CONFIGURED AS A QUALIFIED ELECTRONIC SIGNATURE SYSTEM A qualified electronic signature is automatically assimilated with a paper-based handwritten signature. As described above, the E-Signature Directive defines a qualified electronic signature as a public key cryptography signature, essentially a hash encrypted with the private key of the signatory, with the crucial additional requirements, first, that it must be based on a qualified certificate and, second, that it must be created by a secure-signature-creation device. The first requirement is using qualified certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Taking into account the legal requirements described in the E-Signature Directive and its aims, a certificate containing a public key and the identity of the owner delivered by an accredited commercial certificate authority or a governmental certificate authority, if correctly implemented, should fulfil the definition of a qualified certificate. Wacom`s esignature solutions can be configured for use with such qualified certificates. A signatory s public key using Wacom s esignature solution is linked to a certificate, which can be either self-signed or certified by a certification authority. If Wacom`s esignature solution is properly configured for use with qualified certificates linked to each signatory, then the first legal requirement of a qualified electronic signature system could be fulfilled. Second, a qualified electronic signature requires the use of a secure-signature-creation device. Such a device is defined in Annex III of the E-Signature Directive as a combination of hardware and software used to implement signature-creation-data (which means unique data, such as private keys) and which meets the following requirements: 1. The device must ensure, by appropriate technical and procedural means, at least that: a) generated signature-creation-data are unique and remain secret; b) signature-creation-data cannot with reasonable assurance be derived and the signature is protected against forgery using currently available technology; c) signature-creation-data can be reliably protected by the signatory against the use of others. 2. The device must not alter the data to be signed or prevent such data from being presented to the signatory prior to the signature process. These requirements will only be met by taking into account the entire hardware and software environment of which Wacom`s esignature system will form a part. Some components of the signing system will inevitably involve elements which are not part of Wacom`s esignature system, such as the computer hardware and operating system which runs the Wacom esignature software application. For instance, if Wacom`s esignature solution is configured for use with a private key from an accredited certificate authority stored on a smartcard, then the steps related to key generation and storage will occur outside the scope of the Wacom esignature system. To fulfil the legal requirements associated with qualified electronic signatures, the hardware and software systems used must ensure adequate levels of trustworthiness. The fulfilment of the legal requirements for secure-signature- creation devices described above depends on the technical and procedural aspects of Wacom`s esignature solution configuration as a crucial component within such a system. When adequately configured, a qualified electronic signature system using Wacom`s esignature solution a component can be used to create digital signatures which have the legal effectiveness of a paper-based handwritten signature. Based on the legal requirements for qualified certificates and secure-signature-creation devices, the proper configuration of the technical and procedural safeguards of Wacom`s esignature solutions makes it an excellent additional tool to increase the trustworthiness of a qualified electronic signature system. 9. ESIGNATURES LEGISLATION OVERVIEW AROUND THE WORLD Legislative initiatives enabling electronic signatures around the world have varying levels of flexibility towards electronic signatures. Certain jurisdictions have adopted enabling legislation regarding electronic signatures, while others have a more stringent regulatory approach. Broadly speaking, the legislative

situation in various countries may be categorized into three groups: Countries with a flexible approach towards the use of electronic signatures for legal transactions. In these countries, no specific technical requirements are being mandated when using electronic signatures for standard legal transactions. Still, for specific transactions and for specific sectors, additional technical criteria may be required. Countries with a less flexible approach towards the use of electronic signatures for legal transactions. For standard legal transactions no additional technical criteria are required but the use of specific electronic signature technology is often promoted by law (e.g. by introducing a presumption of conformity for specific electronic signature technology). Countries with a stringent approach towards the use of electronic signatures for legal transactions. Technology related to specific requirements need to be taken into account when using electronic signatures for standard legal transactions. Based on DLA Piper s comparative research in the various jurisdictions regarding electronic signatures, the flexibility of such legislation around the world can be summarised in the following illustration. Flexibility of esignature legislation around the world. DLA Piper UK LLP. Depending on the intended use of the Wacom esignature solution and its configuration, compliance with applicable laws when using electronic signatures should be assessed on a case by case basis, although such compliance is likely to be more straightforward in less stringent regulatory environments (green and yellow in the illustration above), depending on specific technical requirements in the jurisdiction concerned. 10. DRAFT TRUST SERVICES EUROPEAN REGULATION The upcoming Trust Services European regulation provides a new definition for electronic signatures. The current definition of the E-Signatures Directive states that an electronic signature means data in electronicform which are attached to or logically associated with other electronic data and which serve as a method of authentication. Under the Draft Trust Services Regulation, the emphasis moves away from authentication towards the intention of the signer. In the Draft Trust Services European Regulation, an electronic signature means data in electronic form which are attached to or logically associated with other electronic data and which are used by the signatory to sign. (Emphasis added). Since the act of placing a signature strongly indicates intent, it follows that the Wacom esignature system fits the definition of an electronic signature in the upcoming Trust Services European Regulation. Similarly, an advanced electronic signature is defined in the current E-Signature Directive as an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable. The requirements of this definition seems to mainly cover aspects of public key cryptography. In the upcoming Trust Services European Regulation, the definition emphasises additionally that the signatory must have a high level of confidence in his or her sole use of the signature creation data. An advanced electronic signature is defined as an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory;

(b) it is capable of identifying the signatory; (c) it is created using electronic signature creation data that the signatory can, with high level of confidence, use under his sole control; and (d) it is linked to the data to which it relates in such a way that any subsequent change in the data is detectable. (Emphasis added). Since systems that provide a high level of confidence in the sole use and control by the signatory are favoured by the definition, it can be argued that systems such as Wacom s esignature solution, based on both a handwritten signature of the signatory and on public key cryptography offer an additional advantage over other common systems based solely on public key cryptography, insofar that placing a handwritten signature may increase the confidence of the signatory in the usage of his or her signature creation data as opposed to other methods. We can conclude that under the upcoming Trust Services Regulation definitions, the legal compliance of Wacom`s esignature solution to the applicable electronic signature requirements is likely to remain equivalent or higher under the future Regulation. The upcoming Trust Services Regulation places a greater emphasis on the intent and control of the use of signature data by the signatory. The use of handwritten electronic signatures such as Wacom `s esignature solution is in line with such regulatory objectives. 11. CONCLUSION Wacom`s esignature solution (signature pads and displays from the STU and DTU series and Wacom Sign Pro PDF) combines three types of data to create secure handwritten electronic signatures, namely biometric data related to the handwritten signature, contextual data such as the system used and a cryptographic hash of the original document and the signature combined. The trustworthiness of public key cryptography signatures rests on the level of confidence by relying parties in the certificate tying a signatory s public key to his or her identity and on the chain of trust placed in the software and hardware systems used. Wacom`s esignature solution use of a signature image additionally serves both for the signatory and relying parties as a visual confirmation of the intent of the signatory to be bound by the content of contract in which it is inserted. Crucially, the signature image contains a full forensic record of the signature which may be used for investigative verification purposes. From a legal perspective, we can conclude with confidence that Wacom` s esignature solution meets or even exceeds the requirements of the electronic signature definition in the E-Signature Directive, if correctly implemented. This means that according to Article 5.2 of the Directive, it may not be denied legal effectiveness solely based on technical characteristics. According to the provisions of the E-Signature Directive, an electronic signature does not automatically acquire the same legal validity as a paper-based handwritten signature. However, from the perspective of the intended use of electronic signatures as a means to create valid contracts and from an enforceability point of view, electronic signatures are often adequate. As courts decide on the value of the evidence presented to them, the more trustworthy the technology used, the more trustworthy the signed document, the more evidential weight will generally be conferred. Wacom s esignature solution provides important evidentiary value by combining biometric, contextual and cryptographic data. Furthermore, adequate configuration of the technical and procedural safeguards of Wacom`s esignature solution can make it an excellent additional tool to increase the trustworthiness of a qualified electronic signature system. When adequately configured, a qualified electronic signature system using Wacom`s esignature solution as a component can be used to create digital signatures which have the legal effectiveness of a paper-based handwritten signature in accordance with Article 5.1 of the E-Signature Directive. Under the upcoming Trust Services Regulation, the legal compliance of Wacom`s esignature solution to the applicable electronic signature requirements is likely to remain equivalent or even higher.

ABOUT THE AUTHOR DLA Piper is a global law firm with 4,200 lawyers located in more than 30 countries throughout the Americas, Asia Pacific, Europe and the Middle East. DLA Piper s technology practice has deep industry sector experience that allow us to provide valuable practical advice and innovative solutions over and above our first- rate base of technical know-how. Our practice counts many of the world s largest high profile IT as clients. Professor dr. Patrick Van Eecke is Partner at DLA Piper s Brussels Office and head of the Internet law group. He is a specialist in e-commerce and e- government, digital signatures and PKI as well as data protection issues. Dr. Van Eecke advises both governments and enterprises on the legal compliant implementation of e-signature solutions and is experienced in drafting and negotiating PKI related legal documents, such as Certification Practice Statements, Certificate Policies, Signature Policies and Relying Party Agreements. He is extensively involved in diverse research and consulting projects for the European Commission, international bodies and several national governments, including the European Commission and the United Nations. Patrick has been named Belgium s leading lawyer and is ranked one of the world s top 20 IT lawyers in the Guide to the World s Leading Technology, Media & Telecommunications Lawyers. Patrick is also recommended by the Legal 500 and Chambers as one of the top legal advisors in Brussels. Patrick obtained his PhD at the University of Leuven having as subject The legal status of electronic signatures. He is teaching IT law at the University of Antwerp, at King s College and Queen Mary University in London, United Kingdom. He is the author of diverse legal articles and books on electronic commerce, computer crime, electronic signatures, electronic contracting and privacy and is a regular speaker on national and international conferences. This white paper contains data and information up- to-date and correct to the best of our knowledge at the time of preparation. The data and information comes from a variety of sources outside our direct control, therefore DLA Piper UK LLP cannot give any guarantees relating to the content of this white paper. Ultimate responsibility for all interpretations of, use of, data information and commentary in this report remains with you. DLA Piper UK LLP will not be liable for any interpretations or decisions made by you. DLA Piper UK LLP. Wacom Europe GmbH Europark Fichtenhain A9 47807 Krefeld Germany 2014 Wacom Company, Limited. All rights reserved. Wacom and the logo are trademarks and/or registered trademarks of Wacom Company, Ltd. All other company or product names are trademarks and/or registered trademarks of the respective company. Modifications and errors excepted.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback