Legal considerations of eSignatures in the UK

Just as the US passed the ESIGN Act in 2000 to ensure eSignatures carry the same legal weight as traditional signatures, the UK passed a similar law in that same year. Called the Electronic Communications Act, it ensures that eSignatures carry full legal status. More recently, as of 2016, the UK is bound by the EU’s eIDAS regulations, which provide a consistent legal framework for eSignatures that applies across the European Union.

The UK legal model governing eSignatures

The UK operates a tiered legal model, in which Qualified Electronic Signatures carry full legal weight. However, Non-Qualified Electronic Signatures can still be submitted in court; they just need additional documentation and evidence to back it up. The UK’s Common Law system is based on the following principles:

1. If something isn’t expressly prohibited by law, it should be assumed to be legal.
2. Laws don’t necessarily need to be written formally
3. Judicial decisions are always binding

There are limited provisions that contracts imply under the common law system so it’s crucial to delineate at a high resolution of detail within the contract the terms governing the relationships among parties in a contract. Because of this, contracts tend to be lengthier in the UK than they are in countries governed by civil law. In the UK, wet signatures and eSignatures hold equal legal weight; all that’s required is that willing individuals provide their verbal, electronic, or written consent. Since July 2016, the UK has been bound by EU law, the eIDAS regulation, which ensures standard eSignature regulations throughout all of Europe. Even more recently, in September 2019, the Law Commission published a report on eSignature legality in England and Wales. The paper upheld the existing law that eSignatures are valid for legally-binding contracts and provide sufficient authentication.

What does EU law say about eSignatures?

The law that governs eSignature legality across the EU is called eIDAS, or by its full name, “EU Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.” Because eIDAS is binding at the EU level, it doesn’t require legislation at the country level. Thus, it replaced the UK’s Electronic Communications Act 2000, and emerged from EU Directive 1999/93/EC. According to a statement by the eIDAS, it “enhances and expands the acquis of the Directive.” eIDAS solidifies previous supportive measures in favor of eSignatures in Article 25.1, stating that the eSignature "shall not be denied legal effect and admissibility in legal proceeding solely on the ground that it is an electronic form or that it does not meet the requirements for qualified signature.” In other words, an eSignature cannot be dismissed in a court of law simply because it was signed electronically. In addition, eIDAS delineated two new categories of electronic signatures: Advanced and Qualified. According to Article 26, an Advanced eSignature must meet the following criteria: a. it is uniquely linked to the signatory; b. it is capable of identifying the signatory; c. It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and d. It is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. Qualified signatures are differentiated in that they require a higher level of ID verification, often with a device that uses public-key infrastructure (PKI). PKI uses a cryptographic technology of public keys and private keys to ensure authentication and prevent fabricated signatures. Despite these advantages, Qualified Certificates are not commonly used in the UK because unlike many countries in the EU, the UK does not issue standard ID cards for its citizens. Therefore, there is no standard way of authenticating their legitimacy. Despite their relative rarity in the UK, there are certain circumstances that necessitate Qualified signatures. For example, the Registrars of Scotland (ROS) use them for digitally conveyancing property contracts, and in Scotland, eSignatures can be used for special types of property transactions. Even though eIDAS replace the Electronic Communication Act 2000, UK common law and contract-specific regulations such as the Consumer Credit Act 1974 can affect how eSignatures are used in particular cases. This common law element, which regulates contract validity, is unique to the UK. For instance, it holds that verbal contracts are legally binding, but must demonstrate additional legal elements such as intent to sign and acceptance of an offer.

The bottom line: Both eIDAS and UK common law regulate eSignatures

Like many countries, the UK is bound by both multi-country/international regulations surrounding eSignature legality, and the specifics of its own national laws. Companies, particularly those with an international presence, should be aware of the different legal considerations when it comes to UK laws surrounding eSignatures.