Advanced electronic signatures (AdvESs) were provided for in the ECT Act (2002), which defines two types of signatures – electronic, and advanced electronic, says Maeson Maherry, LAWtrust.
An electronic signature (ES) enables you to link an act of acceptance (signing) with a data message, which leaves it wide open to interpretation as to what constitutes acceptance, and what can be proven to have evidentiary weight or be considered binding in a court of law.
An advanced electronic signature (AdvES) is a technology-enabled signature. It is based on a digital certificate that is issued by a party accredited under the ECT Act. This makes an AdvES valid and lawful – it is assumed to have evidentiary weight, and, should a case go to court, the onus would move away from the party that has signed using an AdvES. It’s a powerful legal tool because legal process assumes it is correct.
While both types of electronic signatures are valid, an ES can be more flexible – although if you use one you would still have to prove that it is a signature and that it has retained its integrity (i.e. hasn’t been forged or tampered with).
An AdvES has conditions associated in that it must come from an accredited authority. It is assumed to be valid and binding.
Both types of signature may use a digital certificate. For an AdvES to be valid, however, the accredited authority issuing the signature has to verify the identity of the signer face–to-face before giving them signature capability. This verification can be delegated to a company to streamline the process, but once the original identification process is completed, you don’t need an extra witness signature because you’ve always got a high assurance signature built in.
In order for an AdvES to be presumed valid, its security needs to be maintained. This means the private signing key must be protected by strong authentication (not just a password) and may not distributed in plain text via email, for example, or on an unprotected USB flash drive where it may be copy and pasted.
AdvESs are required in some cases (as opposed to optional). When you are signing in an official capacity, legal best practice is that you should sign with an AdvES, if you sign as a commissioner of oaths, notary public, or director of a company, for example.
Banks and financial services organisations are adopting electronic signing with digital certificates for customer onboarding processes, governments are using them for evidence and fraud management purposes, and companies across a number of sectors are using them for electronic contracting and approvals. It’s becoming a competitive differentiator as it enables more secure, more efficient business.
Users don’t necessarily need to have a smart card or authentication token either, LAWtrust has been very successful in binding existing strong authentication solutions to server hosted signature keys so that companies can re-use technology they’ve already invested in while coming out with a high-assurance AdvES.
