About Electronic Signatures
On this page we deal with what an electronic signature is for something and how it works:
What is an electronic signature and how does it work?
An electronic signature works in the same way and is as binding as a signature made with pen and paper, but it is in many ways even more secure and even more effective.
Simply explained, one has much more information about the signing process and the signing itself with an electronic signature than with a signature on a piece of paper.
During the signing process, a number of data points are stored, such as the sender's email address, the date/time of dispatch, the recipient's email address, the date/time of when they open the agreement/offer they have received by mail, the IP address of the recipient, as well as the acceptance environment from which the recipient has confirmed the agreement, such as browser type, version and more. If the user signs with BankID, the name and date of birth of the signer is also confirmed. All this information is stored as part of the signed document and is aggregated to make digital contracts legally binding in the same way as a signature made with pen and paper.
In DealBuilder, there are several different ways to sign electronically and you can choose whether to sign with a keystroke (simple but legally binding e-signing), signing with the mouse pointer or with a finger signing on the screen, or signing with BankID. Simply explained, you get all the signing options available in DealBuilder and you choose the method that best suits your business.
DealBuilder's solution
— Built on PADes (PDF Advanced Electronic Signatures), which is an open international technical standard for e-signing solutions and PDFs, approved under the eIDAS (for Europe) regulations, as well as ESIGN and UETA (for the United States).
“The signed document is self-supporting and contains all the necessary information about signers, certificates, times of the signings and the steps of the signing process.
— The signatures are timestamped with a qualified timestamping service and stored directly in the PDFs to enable time persistence through Long Term Validation (LTV). This allows the agreements, at any time in the future, despite technological and other advances, to be validated to confirm that the signatures were valid at the time they were signed.
— Viewing and validating a signed PDF document — is performed with a regular PDF reader where an online revocation check with a mathematical checksum/hash function, guarantees that the contents and signatures are valid at all times and that the contents have not changed after the document was signed.
— All customer data and contracts are encrypted over TLS/SSL
This is what a DealBuilder contract looks like
The first part is the contract itself. Part 2 is a signing page that contains all the necessary information about signers, the timing of the signings, and the steps of the signing process. If the document was signed with BankID, documentation for this would also appear in the log. If attachments had been uploaded to the contract then these attachments would also have become part of the signed PDF.
The example in Figure 1 below shows a contract or offer setup in DealBuilder, but the document being signed could just as well have been an uploaded PDF which in theory could be anything (an agreement, an offer, an employment contract, board minutes, a financial statement, or the like). In DealBuilder, you can sign any type of document and you choose which signing method you want to use per document.
The regulatory framework for electronic signatures
In Norway, electronic signatures are regulated through what is called the Electronic Trust Services Act (full name: Act on the Implementation of the EU Regulation on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market), and is a Norwegian law implementing EU Regulation 910/2014, also known as The eIDAS Regulation (Electronic Identification and Trust Services Regulation), in Norwegian law.
In other countries they have similar arrangements where, for example, in the United States it is regulated through ESIGNAct and the Uniform Electronic Transactions Act (UETA Act).
Common to all is that they have regulated that digital signatures are as legally binding and have the same status as handwritten signatures.
The basic legal principles supporting the use of electronic signatures are not defined by eIDAS, the eSignature Act, or other similar bodies. The legal principles are contained in the Law of Contracts, where an offer to conclude an agreement followed by acceptance of it constitutes a binding agreement. In the absence of legal requirements specifying the contract form, type of signature or authentication method, a contract can be concluded in several ways, including on paper, in oral form, by email or chat, a handshake, or with an electronic signature.
The eIDAS Regulation and similar bodies are pieces of legislation regulating the use of electronic signatures, but it does not prescribe their use per se, nor does it have any impact on contract law. The regulations, such as eIDAS, state:
This Regulation does not affect national law or European Union law relating to the conclusion and validity of agreements or other legal or procedural obligations relating to form.
In fact, a basic electronic signature is sufficient and indeed legally valid for the vast majority of transactions, B2B, B2C, and between private individuals. To remove any doubt in this regard, eIDAS explicitly states this basic principle:
An electronic signature shall not be denied legal effect and permission as evidence in legal proceedings only on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures.