24 September 2023

Digital Technology Guru

Digital Technology Guru Reviews

The Legal Validity and Security of Digital Signatures

3 min read
The Legal Validity and Security of Digital Signatures

In an interview with Help Net Security, Thorsten Hau, CEO at fidentity, discusses the misconceptions surrounding digital signatures and their legal validity. He emphasizes the importance of using certified providers that adhere to standards like eIDAS or ZertES to ensure forgery-proof security. Hau also highlights the balance between certification and user experience for seamless onboarding.

One common misconception about digital signatures is that they are neither secure nor legally valid. However, qualified electronic signatures that are based on solid identity verification and strict security standards are legally equivalent to handwritten signatures and can be used for any kind of contract. To drive adoption, Hau promotes the idea that electronic signing is much faster than any paper-based process once the onboarding and identification process is complete.

The current level of security provided digital signature platforms varies greatly, and the quality of signatures is often unclear to non-experts. Hau emphasizes the importance of signer identification and recommends using certified providers who can prove certification for eIDAS or ZertES. These providers should work with established trust service providers and accredited certification authorities to ensure that signature forgery and fraud are eliminated.

In heavily regulated industries like government, healthcare, and banking, organizations have responded to the legality concerns surrounding digital signatures in different ways. Hau categorizes them into three levels of maturity: denial, bleeding, and trusting. Denial refers to organizations that stick to outdated and costly paper processes. Bleeding organizations acknowledge the need for digitalization but struggle with the learning curve and invest heavily in bespoke solutions. Trusting organizations place their trust in competent and certified providers who offer identity-based signing and enable the elimination of paper-based processes.

For organizations in highly regulated industries that are hesitant to adopt digital signatures due to legality concerns, Hau advises two crucial aspects. Firstly, organizations should rely on service providers that are certified according to eIDAS or ZertES standards. Secondly, user experience should not be underestimated as it plays a significant role in the onboarding process. Providing an intuitive and seamless user experience enhances acceptance and boosts the conversion rate, enabling organizations to achieve their goals more effectively.

One major compliance challenge organizations face when implementing e-signatures is the accurate identification of the signer and the secure authorization of individual signatures. Hau emphasizes the importance of seamless integration between the identification process and the signing itself, preferably facilitated a single provider from end-to-end. By ensuring a comprehensive solution that covers the complete signing journey, organizations can guarantee a robust and secure digital signature process and avoid fines or sanctions.

Contrary to popular belief, the upfront costs of implementing a digital signature system can lead to a remarkable 10x reduction in expenses compared to traditional paper-based processes. This significant return on investment can be achieved even during the ramp-up period choosing the right provider.

The eSignature Directive in Europe has had a substantial impact on the legal recognition and usage of electronic signatures across member states. It has brought legal clarity and influenced anti-money laundering regulations. Banks and other financial service providers have benefited from the streamlined implementation of digital signatures, as they can fulfill AML regulations and have a contract in place without limitations on the services provided.

Help Net Security – Interview with Thorsten Hau, CEO at fidentity