Even though administrative digitalisation has experienced notable growth in recent years, most of us still have questions about electronic signatures on documents and the legal implications of using electronic signature software.
In an effort to clear up any confusion, we’re answering the most commonly searched for questions about signing digitally. Our digital transformation experts explain everything you need to know below. 👇
Does an electronic signature have the same legal validity as a handwritten signature in Europe?
The electronic signature is completely legal, not only in the European Union but in many countries around the world. The legal validity of the electronic signature for Europe is laid out in the eIDAS Regulation.
Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market, also known as eIDAS, recognises electronic signatures as legally valid in Europe and lays out a common framework for electronic signatures in the EU.
The Regulation is applicable in all Member States and is aimed at strengthening the internal market through the standardisation of guidelines and processes.
All of Docuten’s digital signature solutions comply with the eIDAS Regulation.
Is signing digitally legally valid for labour inspections and the tax authority in Spain?
YES, TOTALLY VALID.
Provided that the signature solution used complies with the eIDAS Regulation.
The tax authority or any other type of public body must be aware of the electronic signature on documents and take it into account when making any type of documentary assessment.
If my company has a company certificate, can I say that I have a digital signature solution?
NO, IT’S NOT EQUIVALENT.
Having a company certificate is not synonymous with having a digital signature solution. A digital certificate is a certification or electronic document issued by a Certification Authority (like the FNMT in Spain) that links a person with a public key and confirms his or her identity.
A digital certificate can be used to carry out various online procedures, including signing a document with a digital signature.
However, having a company certificate does not extend to the entire company. For example, can this certificate be used by all employees to sign a document with a digital signature? The answer is no. A wider digital signature solution is much more comprehensive and allows for different use cases, including the aforementioned.
Do I need a qualified certificate to sign a document with an electronic signature?
NO, IT’S NOT STRICTLY NECESSARY.
Having a qualified certificate enables you to sign a document with a qualified electronic signature, but there are other types of digital signatures that can be used with full legal guarantees.
The eIDAS Regulation outlines various types of signatures, including the advanced electronic signature, that is also a legally binding electronic signature.
Docuten has two types of advanced electronic signatures and both comply with the legal requirements established in Article 26. These are:
- Biometric signature: a solution that allows signing documents on any mobile device (tablet, smartphone) as if it were a handwritten signature, and holds full legal validity.
- Signature with OTP: a digital signature done by sending a one-time password (OTP) with temporary validity to the signatory via SMS or by email.
What does a biometric signature need to be considered legal and secure?
The biometric signature is a type of digital signature that meets the legal requirements outlined by Article 26 of the eIDAS Regulation for advanced electronic signature.
With a biometric signature you can digitally sign a document by signing on a mobile device (tablet, smartphone) as if you would a handwritten signature.
It has full legal guarantees when the signed document is sent with the biometric information encrypted in the document itself, as is done through Docuten. This guarantees the inalterability of the document since it cannot be modified after signing.
What biometric information is collected?
The strokes of a biometric signature are composed of velocity in X, velocity in Y, acceleration in X, acceleration in Y, angular accelerations, pressure variation, pseudo-pressure, number of strokes, order of strokes, stroke durations, etc.
This type of signature cannot be reproduced, since the biometric data is extremely complex, unique to each person and difficult to control.
Biometric information is encrypted and stored using the ISO 19794-7 standard to facilitate future interoperability of the data with forensic verification tools (Docuten also has its own forensic verification tool).
In the same way that biometric information can be used to identify the signatory, we ensure that the information is not accessible or can be used in any other way. In the world of biometrics, it is just as important to ensure the privacy of the data as it is to be able to identify a signatory.
Only under judicial request and authorisation would it be possible to decrypt the biometric information included in a digitally signed document. The private decryption key is safeguarded by a Qualified Provider that issues independent certificates.
Is it necessary for a digital signature to appear on all the pages of a document?
NO, IT’S NOT NECESSARY.
Signing a document on every page is customary, but is not required by law in Spain.
The act of signing all the pages of a physical document has become customary. This is done to confirm and safeguard the integrity of each of the pages. However, it is not required by law.
Documents signed with an electronic signature do not need to have the signature on all pages. Signing online contracts, labor documents, commercial agreements and other documentation has never been so easy.
With electronic signature on documents, the data recorded during the process (and in the evidence), a document’s integrity is guaranteed. This is sufficient to validate the digital signature.
How is a document electronically signed and the signature made visible when relying on an electronic signature company like Docuten?
To display the signatures on a document, Docuten adds a final page that shows the signatures. Also, a text is recorded on each of the pages indicating the Secure Verification Code (SVC) and the URL to verify the signatures.
The integrity of the document and the identification of the signatory is shown:
- With an added page to the document to show the visible signatures, in addition to digitally signing the document for each signature introduced.
- We also incorporate in the left margin of all the original pages of the document a text with the SVC to verify it and the URL you can access for verification.
And what if it has already been signed?
In the event that the document has already been signed, the procedure is not the same since it would compromise the integrity of the document and any previous signatures would be invalidated. Therefore, we do not add the final page with the signatures or the Secure Verification Code (SVC) and the URL for verification.
What happens? The signatures are gathered, just not made visible.
It is important to note that legally nothing changes at all. The document remains wholly legal, since there is no regulatory obligation to make electronic signatures visible.