UK Government to Increase Electronic Execution of Documents with Electronic Signatures

OneSpan Team,

In 2019, the UK Law Commission published a report entitled Electronic Execution of Documents. The report confirmed that electronic signatures can replace handwritten signatures for most business transactions and legal processes. More importantly, however, the report recognized that uncertainties regarding legal validity have hindered adoption and use of electronic signatures. The Law Commission recommended that a working group be established to address this issue in hopes of increasing adoption of electronic documents by publishing best practices and proposing legal, policy, and technical reforms.

An Industry Working Group (IWG) was then assembled in 2021 under the direction of the Ministry of Justice. The IWG just published an interim report on 1 February 2022, saying:

“The group’s clear view is that electronic signatures can and should be used today on a wide scale, and that members of society should have confidence in doing so.”

The work of the Industry Working Group is genuinely exciting and essential to modernizing business in the UK. Yet, after two decades, the government needs to help jump-start adoption to make the electronic execution of documents the norm across the UK. In support of this effort, this blog summarizes the highlights from this valuable 100-page report with my thoughts on their best practices guidance and recommendations.

Why Has Adoption of UK Electronic Signature Lagged?

The report begins with an update on the current landscape, including the eIDAS regulation (Electronic Identification and Trust Services), and sets out the three forms of e-signature: 

  • Simple Electronic Signature (SES): This is the most basic e-signature. It is the equivalent of a handwritten signature in electronic form on an electronic document, but SES doesn’t have most of the identification and security elements needed to verify the identity of the person signing.
  • Advanced Electronic Signature (AES): An Advanced Electronic Signature is more secure than a Simple Electronic Signature because it links the signer’s identity to the signed document and includes higher identity proofing requirements.
  • Qualified Electronic Signature (QES): A Qualified Electronic Signature, being the most secure, requires the e-signature be accompanied by a Qualified Certificate which is a digital certificate issued by a Qualified Trust Service Provider (QTSP).

As explained on page 44 of the IWG’s interim report:

“The decision as to which form of electronic signature is suitable for any given document will depend principally on the evidential weight appropriate for the transaction in question. This, in turn, will depend on two main factors:

  1. What is the value of the transaction relative to the financial means of each party? [...]
  2. What is the significance of the transaction to each party? [...]”

In reality, QES adoption has been lethargic no matter what the use case. Meeting the technical requirements may be part of standard business practice for a large law firm, but not for a small business or consumer seeking to easily execute a digital agreement securely. The IWG notes that the perception of onerous technical requirements may play a role in low adoption of AES and QES, although technology is available to “reduce friction in the signature process and, ultimately, increase convenience to users.”
As explained on page 29 of the report:

“There are many different types of Certificate that can be used in various process elements e.g. for websites (SSL), Sealing, Timestamping, Encrypting, Identity tokens, etc. According to differing uses, the regulating Certificate Authority inspects and audits certificate issuers in respect of the intended (and permitted) use. Stronger forms of certificate use are associated with a person’s identity, which enables the signing of documents using them. The intent is to generate a secure and unbreakable ‘Chain of Trust’ from issuing party down through users to third parties who may act on the completed documents.”

The good news is, in our own experience at OneSpan, we are seeing a higher rate of SES and AES use among UK businesses, in particular financial services and insurance. MotoNovo Finance is one such example. Headquartered in Cardiff, this auto finance company automated their customer agreement processes using e-signature. Today, 80% of their loan agreements are electronically signed and the company has seen a clear improvement in compliance and auditability. MotoNovo is now one of the fastest growing auto finance companies in the UK.

Considering the realities of the world we live in, we expect UK electronic signature adoption to accelerate quickly – especially in the wake of the coronavirus pandemic.

UK Electronic Signature Best Practices

The report outlines several best practices, including:

  • When e-signing a document, all parties should agree early on that it will be e-signed and which of the three forms of eIDAS e-signature will be used.   
  • When it comes to the e-signature platform, the IWG is vendor neutral. It does recommend using a vendor’s solution that “provides a minimum set of security/safety/functionality with a strong audit trail that demonstrates an intention to sign by the signatories.” We agree with the IWG that organisations should look for esign software that includes the “ability of signing parties to download/retain executed documents. In particular, storage, so-called ‘shelf life’ of documents and their audit trail details should be clearly identified by the signing platform to enable informed choice by signatories.” [Learn more about vendor-independent audit trails, signature verification, and document portability from OneSpan here.]
  • Parties should consider whether additional evidence to record that the signer is approving the document is necessary and/or appropriate for their workflow.
  • To address vulnerable populations, multiple signing methods should be made available so these groups can adopt a method of signing that suits their needs.
  • In support of the ongoing work by the UK Government’s Department for Digital, Culture, Media and Sport’s (DCMS) to launch the UK Digital Identity and Attributes Trust Framework, the IWG states, it “will facilitate the use of electronic signatures in future” and notes that “authentication should be easier for those with secure digital identities.” At the same time, the report appropriately mentions that have a secure digital identity should not be essential. The IWG states that “digital identities should be made available as a matter of priority to all members of society who wish to have one. This will facilitate the uptake of electronic signing, particularly QES, and help modernise the approach to execution of documents in general.”  [OneSpan provides additional information about digital identity and authentication here.] 

The Future is Here: Shift to Video-based eSigning

The role of electronic signature is evolving as the needs of consumers and the business community change. On page 40 of the report, the IWG explains that:

“Increasingly eSignatures will be just one element of a fully automated remote or AI-assisted  digital sales and service process. Some platforms offer a variety of collaboration and sharing tools   that allow the operator to interact with the customer, exchange and capture documentation, as well as screen sharing, file sharing, document sharing and co-browsing, identity capture and verification (via documents, biometrics, intimate knowledge, etc.), certificate issuing for one-time  or future identity authentication (tokens, biometrics, multi-factor authentication), and video recording, culminating in transaction sealing, sharing and archiving, all as part of a near seamless process.”

At OneSpan, we strongly agree. In today's remote world, the human element is more important than ever before. For complex and high value agreements, consumers tend to turn to the channels where they can get human help. Through our OneSpan Sign Virtual Room, we help deliver a secure and interactive experience for mediated agreements. Built-in e-signature, web-enabled videoconferencing, and rich collaboration features help you engage and transact with customers as humanly as possible.

Government as the Early Adopter of the UK Electronic Signature

The UK Government can play an important role to drive widespread adoption of digital signatures and the electronic execution of documents.
To support ongoing digital transformation efforts, government departments themselves need to replace wet ink signatures with the use of electronic signatures for digital agreements and secure transactions. Departments should digitize more signing processes and use cases with “third parties, whether providers of goods or services to government or the public.” As explained on page 6 of the report:

“Government should also ensure that as many official documents as possible, which the public may have to execute, can be executed electronically (examples include Lasting Powers of Attorney and wills). The IWG considers that the Government acting as an “early adopter” will “encourage the widest possible use of electronic signatures within society, ultimately saving costs and time, and demonstrating that this jurisdiction is fully embracing digital capabilities.”

Additionally, regulators and policymakers will need to remove existing barriers to adoption.  An example cited in the report is the Office of the Public Guardian, which “helps people in England and Wales to stay in control of decisions about their health and finance and make important decisions for others who cannot decide for themselves.” At the moment, the Office does not accept electronic signatures for Lasting Powers of Attorney.

UK Electronic Signatures in Business and Cross-border Transactions

The next phase of the IWG’s work is focused on acceptance and challenges in the use of e-signatures in cross-border transactions, and how to leverage them to reduce the risk of fraud. As it pertains to cross-border transactions, it is moving forward and has executed Digital Economy Agreements (DEAs) with several nations: Japan, Australia and New Zealand, and Singapore (signed February 25). Pages 11 and 12 of the report provide more detail, explaining that:

“The UK currently occupies an advanced position in its readiness to embrace new technology, as demonstrated (as a single example) by the Digital Trade Deal announced between the UK and Singapore on 9 December 2021. This is said to be the first digitally-focused trade agreement ever signed by a European nation. It includes a commitment to digitise more trade administration documents, permit electronic signatures, electronic contracts and electronic invoicing processes, and work towards mutual recognition of electronic authentication and signatures.”

The UK government (gov.uk) has indicated that it “will be pursuing advanced digital chapters in negotiations with Israel, Canada and Mexico this year.” A component of DEAs is the acceptance of electronic versions of trade documents such as bills of laden and invoices. This is a space worth paying attention to.

Further Information on UK Electronic Signature Law

The United Kingdom has legally recognized e-signatures since 2002, with the passage of the Electronic Signatures Regulations, established after the European Union Directive in 1999. The EU Directive was replaced by the eIDAS Regulation in 2014 by EU member states. Post Brexit, eIDAS will remain part of the UK domestic law to provide the legal framework for the use of electronic signatures.

“Using the latest authentication techniques, it’s not just as good as the old pen and ink method, in many ways the new techniques can be better and more secure. ‘There’s every reason to adopt these methods. Both the legal and technical frameworks already exist and there is no reason to wait.’
-Lord Justice Colin Birss, Deputy Head of Civil Justice

To learn more about English laws governing esignature, electronic signature legal requirements, legal effect, admissibility, esignature case law examples, electronic transactions regulations, the Electronic Communications Act, and more, see our guide to eSignature Legality in the United Kingdom.

UK eSign Legality
Legality Guide

eSignature Legality in the UK

Are e-signatures legal, admissible, and enforceable in the United Kingdom? Yes.
 

Learn More

Clear Definitions Explaining Technical eSignature Concepts

Finally, I recommend you bookmark the IWG’s interim report as it is also a valuable resource for anyone trying to better understand technical concepts related to esignature, such as:

  • The QES signature creation device (meaning a smart card or HSM - Hardware Security Module)
  • PKI
  • Biometric signing
  • Authentication, including 2FA and OTP
  • Video witnessing
  • The ISO standard PAdES
  • And more

*Disclaimer: The information contained in this guide is for information purposes only, provided as is as of the date of publication and should not be relied upon as legal advice or to determine how the law applies to your business or organization. It is recommended that you seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. OneSpan does not accept liability for the contents of these materials or for third parties materials.

The OneSpan Team is dedicated to delivering the best content to help you secure tomorrow's potential. From blogs to white papers, ebooks, webinars, and more, our content will help you make informed decisions related to cybersecurity and digital agreements.