Legal Enforceability of eSign
- The foremost priority when it comes to evaluating electronic signatures is enforceability - can you rely on eSigned documents in court and in regulatory audits?
- In this post, we give you an easy framework to evaluate the ease of enforcement of different eSign types.
In our previous post we discussed a Matrix of Validity - an easy-to-decipher table charting which mode of eSigning is legally valid for which type of document. What the validity matrix essentially tells us is that the question of validity is a binary question. A particular signing type is either valid or invalid for a particular type of document. But the question of validity has a very narrow and limited utility when it comes to actually going digital with paperwork. As per the validity matrix, most documents can be validly signed through any type of electronic execution.
Enforceability on the other hand is a question of “how easy” it is to “prove” a document in Court or before a regulator. Therefore, ease of enforcement is a spectrum.
But how do we judge the ease of enforcement of a particular signing type? It depends on the ability of an electronic mode of execution to meet the end goals of the signing process. The better a particular mode of execution is at meeting such end goals, the easier it would be to enforce it in a Court of law or before a regulator.
Therefore, unlike validity - which is a simple yes/no matrix - the question of enforcement needs to be visualized as a spectrum - a Spectrum of Enforcement.
In this article, based on their technical capabilities, we will map out 4 of the most commonly used eSign types - virtual signatures, secure virtual signatures, digital signatures (DSC tokens) and electronic signatures (Aadhaar eSign) on the spectrum of enforcement.
After that we will also take a look at the legal presumptions in favour of eSigns under the Evidence Act which make them the easiest signing type to enforce in a Court of law.
1. Standard Virtual Signatures
Standard virtual signatures are nothing but a visual electronic replication of your wet-ink signature. All you need to affix a virtual sign is the electronic agreement and a service provider which lets you affix virtual signatures on an electronic document. Users can either draw their signature electronically or choose from a computer generated template of their name. You may have signed this way sometimes when you receive a courier.
Standard Virtual Signatures are on somewhat shaky ground when it comes to enforcement. Here’s why:
2. Secure Virtual Signatures
We saw how virtual signatures are similar to wet-ink signatures, but applied to an electronic medium. But we also saw how virtual signatures can be hard to enforce. That's where a concept known as "Secure Virtual Signature" comes in. It solves for this gap by adding additional layers of authentication.
Some examples of added layers of authentication provided by Secure Virtual Signatures:
1) OTP authentication system
Signers can be asked to enter an OTP sent to their registered phone number/ email address before they can sign the document. Since the OTP is being sent to a unique parameter exclusive to the signer - an element of identity is added to the process.
2) Face Capture
With a Face Capture layer - signers are required to undergo a live face capture before they can sign the document. The face capture feature establishes beyond doubt the identity of the person who has affixed his Secure Virtual Signature to the document.
3) Geo-location capture
With Geo-location capture, the signer’s GPS coordinates are captured at the moment of signing. This is useful in cases where electronic signing is happening at a fixed location like a bank branch or the signer’s home.
4) Backing each virtual sign with a neutral digital signature
A virtual sign - no matter how secure, does not operate on the asymmetric crypto and hash systems that a digital signature operates on. This opens the virtually signed document to risk of undetected tampering. This glaring loophole can be circumvented if the technology platform affixing the virtual sign also affixes a neutral digital signature on the document. This digital signature won’t act as a “signature of a party” but as a security procedure that safeguards the integrity of the document.
If all the above layers are in force, it becomes very hard for a signer to repudiate a “Secure Virtual Signature”. To successfully do that they would need to do ALL of the following:
(i) Prove that the OTP authentication on their phone number was not done by them
(ii) Prove that they did not perform the act of selecting or inscribing the virtual signature
(iii) Prove that the geo-location captured does not actually reflect their location at the time of signing the document
(iv) Prove that it was not their face in the face capture
These additional security features put Secure Virtual Signatures in a very good position when it comes to enforcement.
3. Electronic Signatures (including Digital Signatures)
Aadhaar eSign, and DSC tokens form the crème de la crème of electronic signing methods - not only because they are legally valid for the most number of use cases, but also because they are the easiest to enforce.
We have already seen how the underlying combination of asymmetric cryptographic systems and hash functions behind digital signatures and electronic signatures helps in:
- Linking the identity of the signer irrefutably to the document
- Making it computationally impossible to tamper the digitally signed document without parties being alerted
There is no other signature type that meets the end goals of the signing process better than electronic signatures.
Authentication, check. Integrity, check. Non-repudiation, check.
THE FINAL SPECTRUM OF ENFORCEMENT
So, based on the above analysis, the final spectrum of enforceability of common electronic signing types looks like this:
The above spectrum is a handy tool to assess enforceability of a particular electronic execution type you are evaluating as you make the transition to digital documentation.
You can assess the location of each signing type on the spectrum against other key factors like: - Likelihood of the need of enforcement arising
- Regulatory/Audit requirements
- Internal compliance
Note: To see how we plotted other modes of execution on the spectrum, please refer to chapter 7 of our Laws of eSign book.
EVIDENCE ACT PROVISIONS IN FAVOUR OF ESIGNS
We saw how electronic signatures, or eSigns, best meet the end goals of the signing process, hence making them the most easily enforceable form of executing a document. But do our laws also recognise this inherent superiority of electronic signatures over other methods of execution? The short (and sweet) answer is YES.
The Evidence Act creates several presumptions in favour of the validity of eSigns. These presumptions - when combined with the solid technical architecture of eSigns - make enforceability even easier. In this chapter we will look at what these legal presumptions in favour of eSigns are.
The Indian Evidence Act, 1872 lays down the rules governing admissibility of evidence in India. The Indian Evidence Act carves out several presumptions that make eSign much easier to enforce compared to other electronic execution methods. Let us take a look at what these presumptions are.
1. Section 47A
As per Section 47A of the Indian Evidence Act 1872, the opinion of the Certifying Authority (a highly regulated entity which issues electronic signature certificates) is a relevant fact for the Court to make an opinion as to the electronic signature of any person. Certifying Authorities maintain full transactional logs to assist and certify any transactions carried out through them for adjudication purposes. Therefore, in the unlikely event that an electronic signature is ever questioned in Court, there is a standing help in the form of a regulated neutral entity that can vouch for it.
Additionally, the signature certificate, its properties and details such as the name of the signer etc. can be viewed by anyone in the PDF reader itself.
2. Section 67A
Section 67A states that if a signer uses a secure electronic signature to execute a document then it will be presumed that such eSign belonged to the signer herself and not to any other person. This means that for non secure eSigns, the affixture of the electronic signature must be proven to have been done by the signer. But for secure electronic signatures - this burden of proof is not required. Therefore, someone who has signed using a secure electronic signature later cannot refute his signature. This Section is the legal recognition of the ability of eSigns to meet the “authentication” goal of the signing process.
Aadhaar eSign, DSC Tokens and PAN eSign qualify as secure electronic signatures under the Evidence Act and the IT Act.
Note: For an analysis on why Aadhaar eSign, DSC Tokens and PAN eSign qualify as secure electronic signatures, please refer to chapter 8 of our Laws of eSign book.
3. Section 85A
Section 85A says that an agreement which has been executed using electronic signatures will be presumed to have been concluded between the parties and attained finality. Section 85A thus lends certainty as to the finality of the terms and conditions agreed between parties to the agreement.
4. Section 85B
Before we get into Section 85B, we need to discuss a new term - secure electronic records.
Any electronic document that has been electronically signed using Aadhaar eSign, DSC Tokens and PAN eSign is a secure electronic record.
Note: For an analysis on why an electronic record signed using Aadhaar eSign, DSC Tokens and PAN eSign qualify as secure electronic records, please refer to chapter 8 of our Laws of eSign book.
So what does Section 85B say?
Clause (1) states that in proceedings involving a secure electronic record, it will be presumed that the secure electronic record has not been altered since the time it was executed by a secure digital signature. The ability of Section 3 Digital Signatures and Schedule II eSigns to ensure integrity of the signed document is not just technologically assured, but now it is also legally recognised.
Clause (2) of Section 85B states that wherever there is a secure electronic signature, the Court will presume that it was affixed by the signer with the intention of signing or approving the electronic record.
The effect of Section 85B(2) is that no party to an agreement, in case they use a secure electronic signature to execute the document, can later claim that they did not know what they were signing. Intention of the signer to approve the contents of the signed document is legally presumed, by virtue of this section. This section reinforces the ability of secure electronic signatures to meet the end goals of the signing process, especially “integrity” and “non-repudiation”.
5. Section 85C
Section 85C states that the details mentioned in the Electronic Signature Certificate, such as name of the signer, email ID and time of signing will be presumed to be true. This helps in establishing the identity of the person who signed the document.
6. Section 90A
Section 90A applies to electronic records that are five or more years old. If such electronic records contain an electronic signature, then the Court will presume that it was affixed by the person whose electronic signature it purports, or appears, to be. Section 90A is similar to Section 67A of the Evidence Act, to the extent that the identity of the signer is presumed and need not be proven.