Electronic Signatures
An electronic signature is meant as a replacement for the traditional handwritten signature. It's in the form of electronic data and is associated with other data in electronic form, such as a document.
The benefits are many and one of them is speed. By removing physical logistics, doing business is made much easier, especially internationally.
Saving costs is perhaps the biggest factor. Postage, printing and paper are now a thing of the past. And by automating the validation and archiving of signed documents, a lot of time and can be saved.
A brief explanation about what electronic signatures and their benefits are
What does legally valid mean. And which laws and regulations should you consider.
Higher does not equal better. Pick the right tier that matches your needs.
Electronic signatures in South Africa are approved under The Electronic Communications and Transactions Act (ECTA) instituted in 2002. Any company operating in the South African market can use eSignatures as a signing method.
ECTA is the equivalent of eIDAS in Europe and the ESIGN act in the United States.
Electronic signatures are legally valid thanks to ECTA. But what does this mean? Just like traditional signatures, they can now be used as evidence in a courtroom.
But that does not mean they are holy. Both electronic and traditional signatures can be disputed. In that case, it is up to you to prove that the person has really signed.
It is therefore extremely important to record and secure the process of creating the electronic signature.
ECTA describes electronic signatures without mentioning specific technologies. This is deliberately done to leave room for innovation. The flip side of this is that there may be confusion due to different interpretations. Our advice is to look carefully at the regulations yourself when in doubt.
"Data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign"
Simply entering a check mark, your name or 'agreed' on a website can already be an electronic signature. This doesn't have to look like your handwritten scribble in any way.
The big advantage is that this is very accessible for the signatory.
The disadvantage is that this type of signature is easy to dispute. It is quite possible that another person has completed the form. So the risk is high.
For this tier, the identity of the signatory must be uniquely linked to the signature.
This can be done by basing the signature on data that only the signatory has at his/her disposal. For example, access to a specific device, phone number or bank account. But other methods are also possible.
Another requirement is that the signature and the associated data are protected against future changes.
In practice, the same proven techniques are used to achieve this, such as encryption and digital signatures.
The final requirement is an audit and accreditation by the South African Accreditation Authority.
| Standard | Advanced | CM Sign | |
|---|---|---|---|
| Standard | Advanced | CM Sign | |
Legally valid |
Yes |
Yes |
Yes |
Connected to other data |
Yes |
Yes |
Yes |
Uniquely connected to the signatory |
Optional |
Required |
Yes |
Identification of signatory |
Optional |
Required |
Yes |
Two-factor Authentication (2FA) ¹ |
Optional |
Required |
Yes |
Detection of changes² |
Optional |
Required |
Yes |
Secured with a certificate³ |
Optional |
Required |
Yes |
Accredited for Advanced eSignatures |
Optional |
Required |
No |
The risk of fraud is drastically reduced if, during a login session, the user not only has to enter his username and password (something he knows) but also needs something he "has" - like his cell phone - to complete the login session. This second factor of authentication can, for example, be a One Time Password or verification via the Authenticator app.
PDF documents are hard to adjust for the average person. However, it could be possible that someone changes your signed documents. For example, by adjusting the terms of a contract. Thanks to a digital certificate, every modification to the original document can be traced. Simply put, the digital signature of the certificate no longer matches the document as soon as it is adjusted. Thanks to cryptographic calculations that only work in one direction, this cannot be forged.
Certificates are issued by special Certificate Authorities (CA). Certificates can expire and be withdrawn, making it possible to validate the validity of documents even after a long time. According to eIDAS, a certificate is not required for an advanced electronic signature, but in practice this is almost always used. This is because a certificate is the most common way to meet the other requirements of an advanced electronic signature.
Check out CM Sign to start with eSigning today. Or contact us for more information.
CM SignContact usSelect a region to show relevant information. This may change the language.
+27 (21) 180 2560
