'Simple' electronic signatures
Reply to Thread
Hello. I am trying to work out if the 'fill and sign' tool within Adobe Software fulfils the criteria of a 'simple' electronic signature, as defined in the joint HRA/MHRA econsent statement issued recently (which is the same, I think) as the UK government 'electronic Signature Trust Services Guide, 2016', or indeed if the 'fill and sign' function fulfils the criteria of an electronic signature at all, whether it is simple or advanced. Any thoughts welcomed please.
Hi, I'm also interested to read some feedback on this. Kind regards,
I would like to add a sub-question: We're looking into applying digital signatures with adobe acrobat reading on study related documents. While reading some articles and documentation I'm confused to what extent we can use "self-signed digital ID" as opposed to using an ID from a certificate authority i.e. why wouldn't it be wise to use self-signed digital IDs?
Olga Stoll, DIGIT Committee Member
According to the documents mentioned in the first question, a “simple signature” would also include, for example, a tick box plus declaration, typewritten or scanned signatures. According to European “eIDAS” regulation the “simple” e-Signature is defined as “data in electronic form which are attached to or logically associated with other electronic data and which is used by the signatory to sign.” Without detailed analysis and without guarantee, it seems that the “fill and sign” functionality constitutes a simple e-signature.
The second question cannot be answered comprehensively because more information would be needed (e.g. what is meant be “study related documents”?). It really depends on what you want to sign and for what purpose.
The purpose of any signature is authentication and approval. No electronic or digital signature (simple, advanced, qualified) allows you to know if the person signing was allowed to sign that type of document at that point in time.
In general, self-signed IDs represent a low trust level. In case of dispute, you will have to prove the authenticity of that signature. In case of advanced e-signature the burden of proof switches to the other party. A qualified e-signature has the highest trust level, is non-reputable and equals a handwritten signature.
Having said that, at least the following should be considered and will determine which solution fits for you:
1) Do you want to sign (How reasonable is it to sign them?) or do you have to sign these documents? (Is signature needed according to legal requirement, predicate rule or your business process?)
2) Are there any technical questions that you need to consider? (For example, if you decide for a digital (certificate-based) signature, keep in mind that there are different types of certificates with diverse legal liability / trust level)
3) Are people applying this signature trained before applying it (training concept) and allowed to sign (e.g. power of attorny)
4) How long do you need to store/archive the signed document? (digital signatures are valid for approximately 2-5 years. For longer periods you might want to consider a process to periodically renew the signature or develop a concept for long-term preservation)
5) Do you have to collect signature internally or also from external companies?
Thanks for adding a response. We did indeed determine that the fill and sign method was equivalent of a 'simple' esignature. In addition, the process we implemented introduced the requirement for simple, advanced or qualified signatures according to the type (and purpose) of document (e.g internal or regulatory document) that was to be signed.