Webtrends Tracking Code
 
UK Home >  Legal Info About... >  Email >  Electronic signatures - FAQs

Electronic Signatures – FAQs

This article is based on UK law. It was last updated April 2005. A Hong Kong version is also available.

1. What is the difference between a manual signature and an electronic one?

Manual signatures can cover a wide range of types of signature, including typewritten signatures, handwritten signatures and stamps.

Electronic signatures include all types of electronic signature such as a printed name, an email address a digital signature or a scanned signature.

The legislation dealing with this area includesthe Electronic Communications Act 2000 which provides a broad definition of an "electronic signature" as follows:

"anything in electronic form which is:

(a) incorporated into or otherwise logically associated with any electronic communication or electronic data; and

(b) purports to be so incorporated or associated for the purpose of being used in establishing the authenticity of a communication or data, the integrity of the communication or data, or both."

If the signature is accompanied by a statement confirming that it is a valid means of authenticity, then it is likely that the document may be admissible in court as evidence.

2. Are there different types of electronic signature?

The Electronic Signatures Regulations 2002 defines two types of electronic signature as follows:

1. Basic Electronic Signatures: these are broadly defined and include all types of electronic signature.

Paragraph 2 of the Regulation defines them as "data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication."

2. Advanced Electronic Signatures: these are an advanced form of electronic signature which meets the following requirements:

1. it is "uniquely linked to the signatory;

2. capable of identifying the signatory;

3. created using means that the signatory can maintain under his sole control; and

4. linked to the data to which it relates in such a manner that any subsequent change of that data is detectable. "

This definition envisages the use of a personal digital certificate issued by a certification service provider ("CSP"). A digital signature backed by a qualified certificate from an accredited certification authority provides the most enhanced form of certainty to a recipient in relation to data integrity and authenticity of the sender.

3. Is there a difference between an electronic signature and a digitised one?

Yes, there is a difference between an electronic signature and a digitised one.

An electronic signature can include a printed name, an e-mail address, and a scanned signature. On the other hand, a digital signature itself is a unique numerical value based on the entire written document that is being signed.

For the purposes of both EU and UK law only a digital signature is admissible as evidence in court.

4. What about documents which can only be executed in writing are advanced electronic signatures of equal effect?

Traditionally, certain documents have always been required to be executed in writing, for example assignments of copyright under the Copyright Designs and Patents Act 1988 and certain transactions in relation to land.

However the position adopted by the UK Government is that the phrase "writing" is to be definedas being is wide enough to cover electronic signatures. This means that there is no need for there to be any new legislation to deal with this point.

5. What are Certification Service Providers (CSPs) and are they regulated by the government?

A "CSP" is a company that issues qualified certificates sometimes known as digital certificates. These certificates bind your public key to your identity and the CSP will vouch for its authenticity. CSPs are self-regulating and the UK's industry-led approval process, called "tscheme" was set up by the Alliance for Electronic Business in May 2000.

If an organisation meets tScheme's requirements it can refer to itself as being "t-Scheme accredited". Verisign, a US company is one of the largest CSPs operating today, other operators include Chambersign and Trustwise.

The Electronic Communications Act 2000 placed the Secretary of State under a duty to establish and maintain a register of approved certification service providers. It was decided that this would only be implemented if self-regulation proved ineffective.

The Regulations make it clear that a CSP is liable in damages in respect of any loss suffered by a person relying on his certificate.

6. Can I file company documents electronically?

The Companies House (Electronic Communications) Order 2000 came into force on 22 December 2000. The rules enable companies to use the Internet in their communications with Companies House, their shareholders and auditors. The Order amends the Companies Act 1985 to allow companies to send and receive certain documents electronically, as an alternative to the post.

7. How secure will my data with a CSP?

Personal data may only be obtained directly from the data subject who is the individual person requesting the qualified certificate or if it is obtained indirectly, only with his or her explicit consent.

Personal data must only be processed insofar as it is absolutely necessary for the issuing and maintaining of the certificate or if the data subject has explicitly agreed other purposes than for the purpose for which consent has been given.

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.