Not every e-signature is equally appropriate

Their success also depends on the user experience they deliver to their customers, partners and employees and on how they address the challenges of digital compliance in these times of uncertainty, rapid changes, and great expectations..

E-signatures tailored to the company needs and customer expectations

Companies use various types of e-signatures. If until recently they were keen on using signature capture pads to avoid having to deal with paper originals, the coronavirus crisis has made it clear that remote signing is the future of digital business. In practice, remote signing allows signers to sign documents on any device or in any browser since their electronic identity is safely stored on a remote device for creating e-signatures and protected with a powerful multi-factor authentication system. Organizations continue to use their digital certificates normally kept on the users’ PCs or smart cards. To sign a document, the user also requires a designated digital signature component.

The prerequisite for a good user experience is to enable signers to stick to the e-identity solutions that have already installed and use their preferred e-signature method. In practice, this means that signers are allowed to combine different eID means and e-signature types, as long as these comply with the regulatory requirements.

Winning customer trust through compliance

To ensure the compliance of the signed document, the signer must provide satisfactory identification. The range of available eID means is based on the expected identity authentication assurance levels, which in turn depend on the assessed risk of identity fraud and the risk of irregularities in the identification procedures that might occur during signing. In the event that contract partners might suffer legal consequences, economic damage or reputation loss as a result of e-signature issues, a higher level of identification seems reasonable. In certain cases, higher restrictions are imposed by the legislation.

Companies can modify and amend the set of criteria they use to assess the level of risk provided that all key factors have been taken into account and that the same criteria are used to assess the risk of all the processes where identification is required. At Mikrocop we help companies assess their risk level that considers their core business activity, operational processes, stakeholders, type of document and user profile and, once the assurance level is determined, enable the signers in InDoc EDGE to use only appropriate e-signatures.

Big differences among e-signatures

The Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) sets out the regulatory framework for electronic signatures, distinguishing between low, medium and high identity assurance levels. A process that calls for a high level of assurance will require a qualified electronic signature as the only type of signature that replaces a handwritten signature. Other types of e-signatures cannot be used in administrative and judicial proceedings.

E-signing should be considered in the context of comprehensive digital document lifecycle management, which begins when a digital document is created or captured and normally ends with the expiry of its retention period, disposition from e-storage , and destruction. Much like internal rules, which determine the capture and storage of digital material, an e-signature, which meets the required identity assurance level, is essential in proving the validity of an electronically signed document.

Want to know more? Contact us!

Ivo Vasev is the Product Owner of Mikrocop's InDoc EDGE information management platform. Through his endeavors at the intersection of different business areas and IT, he searches for answers to the challenges of digital transformation, focusing extensively on the customer experience and new ways to help companies realize their digital potential.