With the rise of e-commerce, the use of security mechanisms in commercial transactions became a necessity. The most common security mechanism used today is the electronic signature.
The electronic signature guarantees the integrity, authenticity, confidentiality, and nonrepudiation of a document.
Integrity: Assures that the document has not been changed; it is the same as originally received
Authenticity: Identifies the person signing the document; ensures that they are who they claim to be
Confidentiality: Makes the document accessible only to authorized persons
Nonrepudiation: Guarantees that once the document is signed, the signatory cannot deny having done so
Thanks to the security guarantees offered to us by digital signatures, they have become a vital part of commercial document approval. This is especially true in the case of a companies’ most sensitive documents.
Electronic signatures are now so widely used that their definition, characteristics, and requirements are regulated at the national level in each country.
In general, electronic signatures can be understood as a group of data that serve to confirm the approval of a document by a signatory, as well as that person’s identity and the integrity of the information contained in the document.
The electronic signature is also called a “digital signature”, or “e-signature”. It is important to be careful when using these terms because their definitions and degrees of legal validity can differ greatly from country to country.
How Do Electronic Signatures Work?
Most electronic signatures are based on a system of data encryption and the use of electronic certificates.
As their name suggests, electronic certificates are used to certify the identity of a physical or legal entity. They are issued by Certification Authorities, neutral third-party entities trusted by both trading partners to verify the identity of each side in a commercial transaction.
Like electronic signatures, electronic certificates and Certification Authorities are regulated country-by-country.
Global Regulation of Electronic Signatures
As mentioned previously, each country regulates electronic signatures in their own way. One of the most important initiatives aimed at harmonizing electronic signatures across borders is the . It serves as a framework for the development of nation-level e-signature laws by UN member states and hopes to encourage cross-border trade.
The Model Law on Electronic Signatures (MLES) aims to enable and facilitate the use of electronic signatures by establishing criteria of technical reliability for the equivalence between electronic and hand-written signatures. Thus, the MLES may assist States in establishing a modern, harmonized and fair legislative framework to address effectively the legal treatment of electronic signatures and give certainty to their status.
Another initiative to homogenize the use of electronic signatures was taken up by the European Union. Electronic signatures in the region are governed by the Regulation (EU) N°910/2014 “on electronic identification and trust services for electronic transactions in the internal market” (eIDAS Regulation).
The purpose of the eIDAS Regulation is to guarantee security in electronic transactions and encourage cross-border commerce by basing e-signatures and digital certificates on a common standard. It distinguishes between different electronic signature types depending on the complexity of the security mechanisms used to create them. The three types are:
Defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign” (Art.3.10 eIDAS Regulation).
Advanced Electronic Signature
The Advanced Electronic Signature is the most frequently used since is offers a greater degree of security. It must comply with the following requisites:
Be uniquely linked to the signatory
Identify the signatory
Be created using mechanisms controlled exclusively by the signatory
Be linked to the signed e-document, making any change detectable
Qualified Electronic Signature
The Qualified Electronic Signature is the most sophisticated of the three and guarantees the highest level of security in electronic operations. It is defined as “an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures” (Art.3.12 eIDAS Regulation).
A qualified electronic signature has the same legal validity as a written signature.
The type of electronic signature used in each case will depend on the sensitivity of the transaction and whether regulation is in place that pertains to the transaction in question. EU Member States must comply with the relevant guidelines when exchanging documents whose e-signature is required.
Electronic Signatures in Latin America
Each Latin American country has its own electronic signature legislation in place. Multinationals operating throughout the region need to be aware of the pertinent legal and technical requirements to sign documents electronically.
The Mexican legislation distinguishes between the electronic signature and the “advanced” (or “trusted”) electronic signature. Under this law, the entity responsible for issuing electronic certificates is called a Certification Service Provider (PSC).
In Argentina, the term “digital signature” is predominant while in Colombia, the terms “electronic signature” and “digital signature” are interchangeable. In the latter case, the certification authorities are called Digital Certification Entities.
EDICOM is accredited as a Qualified Trust Service Provider in Europe, a Certification Service Provider (PSC) in Mexico, and a Digital Certification Entity by the Colombian ONAC.
EDICOMSignADoc applies different types of electronic signatures in line with the relevant technical and legal specifications. These requirements depend on document type and the country of origin/destination.
As an international Certification Authority, EDICOM logs and certifies all actions taken on documents in the EDICOMSignADoc platform with an “evidence report”.
Users can upload their electronic certificates to digitally sign documents in their name.
Signature with unrecognized certificate: the signatory uses an electronic certificate linked to their name to sign a document
Signature with recognized certificate: the signatory must have a recognized certificate
Signature with a secure device: beyond requiring a recognized certificate, the signatory must use a secure signature creation device
EDICOM, as an international Certification Authority, offers clients the highest security guarantees in line with the ISO 27001 and ISAE 3402.