TRUSTWORKS, COMPANYWORKS, ELECTRONIC SIGNATURES & THE LAW
New Zealand Companies Office and IRD standards on digital signatures
ConnectWorks Limited is the provider of the TrustWorks and CompanyWorks services. TrustWorks provides a better way to manage trusts, CompanyWorks a better way to manage companies. Both use electronic signature technology to enable online signing of documents. From time to time, customers ask what electronic signatures are, how they compare with handwritten signatures and whether they comply with legal requirements. In this document we answer these questions. The short answer is that:
- electronic signatures are the online equivalent of, and can take the place of, handwritten signatures; and
- our technology provides a robust and legally compliant means of signing documents electronically.
Let us explain.
The function of a signature
The main function of a traditional, handwritten signature is to provide attributable evidence of authentication.Authentication, in this context, comprises identification and approval:
- identification of the particular person signing the document; and
- that person's approval of the document's content (or sometimes a specific part of a document that the signatory is approving).
The nature of a signature makes it attributable to a particular person and, once affixed, it cannot be altered easily. This, in turn, operates to prevent the signatory from denying that he or she didn't sign the document. In a commercial context, this has been expressed as preventing a signatory from repudiating a transaction.
Modern technology enables signatories to perform equivalent functions by electronic means. In New Zealand, the Electronic Transactions Act 2002 (ETA) sought to facilitate the use of technology for processing transactions electronically. It did this by reducing uncertainty as to the legal effect of information in electronic form and by providing that certain paper-based legal requirements, including as to signatures, may be met by using electronic technology that is functionally equivalent to those legal requirements.
In a nutshell, the Act states that a legal requirement for a signature can be met by an electronic signature if certain requirements are met. "Legal requirements" for signatures are requirements in enactments (statutes and regulations) and an "electronic signature", in relation to information in electronic form, is "a method used to identify a person and to indicate that person’s approval of that information". The Act is technology-neutral in that it does not prescribe any particular method.
Although the electronic signature provisions in the ETA apply to situations where there is a "legal requirement for a signature" or a "legal requirement for a signature or a seal to be witnessed", the Act's provisions provide a helpful yardstick for electronic signatures in other situations. Our TrustWorks and CompanyWorks services enable you to sign electronically in both situations.
TrustWorks and CompanyWorks meet requirements in the Electronic Transactions Act
Legal requirements for signatures
Under the ETA, a legal requirement for a signature other than a witness’s signature is met by an electronic signature if the electronic signature:
- adequately identifies the signatory and adequately indicates the signatory’s approval of the information to which the signature relates; and
- is as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required.
Our approach to electronic signing enables you to identify the signatory and to indicate the signatory's approval of the relevant information. To understand why, we need to explain how the process works.
The key steps in our electronic signing process are as follows:
- When a document is published for signing it is first converted to PDF form. The document is locked and no person accessing the document to sign it is able tamper with it.
- The necessary signatories are identified and signing tasks are issued to them which enables the signing process to be tracked. Emails are sent to the identified signatories informing them there is a document to be signed. These emails contain a uniquely encoded link to the online document signing facilities and a separate unique code to be entered at the time of signing (this code is for signatories that are not yet known to us in the sense that they don’t have user accounts).
- Signatories already known to us because they are existing account holders log in to the service and then indicate their intent to sign the relevant document by declaring they have read the document and consent to its contents. To facilitate this, our service calculates a digest (hash code) of the document using a process akin to that stipulated by the PDF standard for the calculation of a digest for signing purposes. It then uses the user’s credentials to decrypt the signer’s digital certificate and uses that certificate to sign the digest. These signatories can add their own visual signature as well if they like but they don’t need to as the document is digitally signed. The chain of digest, signature and certificate are then converted to a form that can be printed so that the printed characters can be copied and independently verified along with a re-calculation of the digest. Our service then appends to the document a visual representation of the signing operation that includes the signatory’s name, email address, IP address, date of signature and the printable version of the digest, signature and certificate.
- Signatories not yet known to us commence the signing process by clicking on the encoded link in the email. They are then prompted to enter the separate code (this ties the email with the link) and our service verifies the association. The signatory then enters his or her signature through a touch-screen or mouse and our service associates a digitized version of this signature with the document. It also records along with the document the signatory’s name, email address and IP address.
- If a person wishes to upload a scan of her hand-signed signature page(s), she can do that and the uploaded PDF scan will be attached to the PDF in our service. She will still, however, be signing the document electronically.
- identifies the signatories in the sense envisaged by the Act, through their email addresses, names, IP addresses and either their existing user accounts with us or their visual signatures; and
- indicates the signatories’ approval of the information to which their signatures relate because they are being asked to review and approve the contents of a document in essentially the same way they would be asked to sign a document in the physical world, the only material difference being that they are using an electronic rather than a physical signature.
Our electronic signatures are highly reliable across all use cases that our products handle and in certain respects are more reliable than their physical world counterparts: documents to be signed are locked, signatories are identified by more than mere signature alone and the signing processes that culminate in the creation of an electronic signature are auditable.
Legal requirements for signatures or seals to be witnessed
A legal requirement for a signature or a seal to be witnessed is met by means of a witness’ electronic signature if:
- in the case of the witnessing of a signature, the signature to be witnessed is an electronic signature that complies with the requirements for electronic signatures (i.e., adequate identification of the signatory and of the signatory’s approval of the information to which the signature relates, with the electronic signature being as reliable as appropriate in the circumstances); and
- in the case of the witnessing of a signature or a seal, the electronic signature of the witness (i) adequately identifies the witness and adequately indicates that the signature or seal has been witnessed; and (ii) is as reliable as is appropriate given the purpose for which, and the circumstances in which, the witness’ signature is required.
Our services meet these requirements relating to:
- identification of the witness (the witness is asked to type in his or her full name, occupation, location and email address and to sign electronically through a touch screen or mouse);
- indication that the signature or seal has been witnessed (for example, in the usual case of a signature, the witness is asked to check a box stating that he or she has witnessed the signatory signing the document and that the details provided are true and correct); and
- reliability (the process is functionally equivalent to what a witness does in a paper-based setting).
Note that, when you’re faced with a “legal requirement” for a signature or seal to be witnessed, the Act says it is met by means of a witness’ electronic signature if the signature that is being witnessed is a compliant “electronic signature”. In this context, a “wet signature” (i.e., a scrawl in the physical world) cannot be witnessed with an electronic signature of the witness. Our products will not allow a wet signature to be witnessed electronically.
Consent to receiving electronic signatures
The Act states that:
- a legal requirement for a signature that relates to information "legally required" to be given to a person is met by means of an electronic signature only if that person consents to receiving the electronic signature; and
- a legal requirement for a signature or seal to be witnessed, if that signature or seal relates to information "legally required"" to be given to a person, is met by means of a witness’ electronic signature only if that person consents to receiving the witness’ electronic signature
A key point here is that consent can be inferred from conduct. You don't always need to obtain express consent.
Presumption of reliability
The Act also contains a presumption about the reliability of electronic signatures. It states that an electronic signature is presumed to be "as reliable as is appropriate" if four conditions are met:
- the means of creating the electronic signature is linked to the signatory and to no other person; and
- the means of creating the electronic signature was under the control of the signatory and of no other person; and
- any alteration to the electronic signature made after the time of signing is detectable; and
- where the purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable.
For the reasons outlined above, we believe our services tick all these boxes.
If you have any remaining questions about how our services work and comply with legal requirements, please don’t hesitate to ask. We’re here to help.