Tips for Securely Signing Digital Documents

As digital transformation and remote work have increased the need for digital communications and transactions, individuals, teams and organizations have increasingly relied on digital document signing. Digital document signing provides a validated identity of signers building trust between parties, adds security to digital and online document communications and transactions, and creates an audit trail, eliminating the need for handwritten signatures. But it’s a rapidly advancing technology, and the laws and regulations in many countries are still evolving to provide the legal equivalence for digital document signing versus old paper methods. When it comes to how to electronically sign documents, we’ve prepared a guide so you can take advantage of this technology while retaining the legal validity of your electronic transactions.

It is estimated that the size of the global e-signature market reached US$2.8 billion in 2020, a figure that is expected to reach US$14.1 billion by 2026. There is no doubt that this accounts for the growing global adoption of this technology. In this context, an increasing number of companies around the world, from banks and insurance companies to government agencies, are using electronic signatures to digitize their internal and external agreement processes. Although the benefits of e-signatures have been known for years, recently, limited access to face-to-face channels (e.g. in branch offices) and the rise of remote work have accelerated the adoption of e-signatures by more companies.

First of all, when entering into any contract, the principles of party autonomy, freedom of contract and freedom of form must always be taken into account, which recognize the power of the contracting parties to self-regulate the terms and conditions of the contract, including, for example, the forms in which a contract is executed. This means that, regardless of whether the parties are located in two different countries, their willingness to accept the use of the electronic signature is sufficient for it to produce legal effects in the contract or in any other related document.

Depending on your country, an electronic signature can include anything from a photocopy of a handwritten signature, to a typed or drawn signature, to clicking the “I accept” button. These types of signatures can be easily added to most electronic documents, including Word documents and PDFs. But they can also be easily copied or spoofed, leading to legal uncertainty in the event of a dispute. However, there is an option for even more security: digital signatures. Digital signatures are electronic signatures that use Public Key Infrastructure (PKI) technology to ensure that a document cannot be changed without invalidating the signature. By choosing digital signatures, companies benefit from a document signing solution that provides authentication of the signer, data integrity surrounding the document, and auditability.

In Colombia, electronic signatures (including certificate-based digital signatures) are often used in business and commerce for settlement processes. This ranges from B2E (business-to-employee), B2B (business-to-business) and B2C (business-to-consumer) document-based processes. However, there are some circumstances where a traditional signature is still required. This includes notarizations and certain negotiable instruments, such as bank checks, which require a handwritten («wet ink») signature.

In Brazil, there are three types of electronic signatures: simple, advanced and qualified signature, the latter being the most secure of all. It is worth noting that Brazilian law only applies to interactions between individuals or legal entities and government bodies (except for legal proceedings), as well as interactions between different public entities and within certain public entities. In other words, these rules do not apply to strictly personal relationships.

How to legally sign a document electronically

Legal requirements for document signing vary by region and country. Some countries have minimalist laws that allow e-signatures to be enforceable in virtually every case, with very few exceptions. Other countries have prescriptive laws in which there are specific rules about how you can create and sign agreements online. Finally, some countries have a combination of both minimalist and prescriptive laws. In the United States, requirements for a legally signed electronic document are found in the federal E-Sign Act or state implementations of the Uniform Electronic Transactions Act (UETA), and in Europe it’s the eIDAS Regulation.

According to law in countries such as Colombia, both electronic signatures and certificate-based digital signatures have the same applicability as handwritten signatures. However, a digital signature is generally considered more secure because it is backed by a digital certificate uniquely associated with an individual and has a higher level of security with respect to identity. That said, electronic signatures are widely used and there are no documents for which the law requires the use of personal digital certificates.

An electronic signature (or e-signature) could include typing your name, clicking a checkbox or adding an image of your signature. In some countries, these basic signatures are legally valid, depending on the agreement of the parties to the signature. In the event of a dispute, however, it is often up to the signer to prove that the signature is valid.

«The security of the digital signature makes this proof easier to establish. A digital signature is an encrypted hash of a message that can be decrypted by anyone who has a copy of your public key, so your signature cannot be copied onto other documents. It also includes the verified identity of the signer. Thus, the best way to electronically sign a document will depend on what level of security and legal requirements you need to meet,» says Dean Coclin, Business Development Senior Director at DigiCert.

Digital signatures are created using a digital certificate that includes the verified identity information of the signer. Certificate Authorities (CAs), like DigiCert, validate the identity of the signer before they issue the digital certificate to the signer. After the digital signature is applied to a document, if any aspect of that document is tampered with, the signature will be broken or invalidated. The signature reassures the receiver that the integrity of the document is still intact, while embedding information about the signer and the time of signature.

«The most secure way to sign a document is through a trustworthy cloud-based solution that safeguards the signer’s private keys and safely performs encryption and decryption of documents,» adds Dean Coclin.

Simplify with document signing software

Document signing services can support remote identity proofing to easily register large signing groups and have the workflows to automate diverse signing needs and large volumes of signatures or documents, without additional hardware investment by an enterprise. Organizations can deploy secure, legally binding digital document signing anywhere, any time and on any device with document signing service.

As the global leader in PKI, DigiCert has developed Document Signing Manager, an easy all-in-one solution for secure digital document signing. By using Document Signing Manager, you can rollout faster using a trusted digital signature solution that offers a signing solution for your use case, no matter where you are in the world.

Document Signing Manager enables digital signatures that are compliant with stringent global standards, including EU eIDAS (Qualified and Advanced), Swiss ZertES (Qualified and Regulated), and the technical requirements of the Adobe Approved Trust List (AATL). Plus, as a cloud solution, there is no need to invest in hardware.