Editorial

Latest trends in the UK e-signing market

Richard Oliphant assesses the latest trends, technology and regulatory developments in the UK e-signing market.

Posted 25 January 2023 by Matt Stanley


Blending electronic and digital signatures

UK enterprises are increasingly aware that doing business in a global economy requires both electronic and digital signatures. Electronic signatures – even when coupled with two-factor authentication (2FA) such as a passcode sent to the signatory’s mobile phone – will not suffice for valid execution in every use case.

e-signature

The distinction between electronic and digital signatures is confusing so let’s start with a short tutorial:

The standard product sold by leading e-signing platforms such as DocuSign, Adobe Acrobat Sign and Dropbox Sign is an electronic signature under UK law. If 2FA is added, it provides more certainty that the signatory is who they claim to be; but it is still an electronic signature and does not meet the higher threshold for digital signatures.

There are two types of digital signature under UK (and EU) law: advanced electronic signatures (AES) and qualified electronic signatures (QES). 

Digital signatures are a subset of electronic signatures. They require more robust authentication of the signatory and rely on e-signing platforms using public key cryptography. A trust service provider (TSP) verifies the signatory’s identity and issues a digital certificate confirming the signatory’s name and binding their identity to a pair of cryptographic keys. The signatory uses their private key to create the digital signature on the platform which can be verified by the recipient using the corresponding public key. 

The leading e-signing platforms (and their network of TSPs) now offer both AES and QES.  

Platforms have typically downplayed the value of digital signatures to UK customers. Sales teams have been incentivised to promote electronic signatures as a universal substitute for wet ink signatures. And explaining the legal and technical characteristics of digital signatures is undeniably harder than selling electronic signatures. 

But this approach fails to take account of the fact that UK enterprises habitually enter into cross-border transactions with overseas parties. They need certainty that transaction documents will be recognised and enforceable not only in the UK but in every relevant jurisdiction. This is not achievable with electronic signatures. It requires judicious use of electronic and digital signatures, together with an e-signing policy that considers the governing law and the jurisdiction of the parties.

QES is the gold standard and has the equivalent legal standing of a wet ink signature in the UK and EU. It is therefore an essential requirement for every UK enterprise that transacts across international borders.

Digital identity revolution

In June 2022, the government published its new UK digital ID and attributes trust framework (UK Trust Framework). DCMS has begun beta testing and it is intended that the UK Trust Framework will regulate how digital IDs (and other attributes) can be deployed in the UK as an alternative to physical forms of ID such as passports. Digital IDs will be used and reused for online transactions and interactions (e.g. for remote customer onboarding by banks).

The UK Trust Framework is still embryonic – but certified identity service providers (IDSPs) including DigidentityOnfido and OneID already use identification document validation technology (IDVT) to carry out digital right to work and DBS checks on behalf of UK employers. 

I expect certified IDSPs to play a pivotal role in identity verification on e-signing platforms. Platforms will partner with IDSPs to integrate IDVT with their standard electronic signature products as a more robust alternative to 2FA. The transition will be seamless for platforms like Yoti which has been certified as an IDSP in its own right. Digidentity is a qualified trust service provider (QTSP) under EU law for QES and is also certified under the UK Trust Framework. Digidentity is integrated with Adobe Acrobat Sign. Its dual status as a certified IDSP and QTSP should create exciting new opportunities for using its IDVT for remote customer onboarding under the UK Money Laundering Regulations 2017, and enable digital execution with QES.

Witnessing deeds on e-signing platforms

Witnessing deeds on e-signing platforms has always been more complex than e-signing simple contracts. However, the COVID-19 pandemic triggered a marked increase in the use of platforms to e-sign (and witness) deeds.

In 2020, HM Land Registry (HMLR) modified its practice guidance to accept documents (and deeds) that have been signed electronically provided certain requirements are met. These requirements include 2FA of witnesses. 

DocuSign is the favoured platform among law firms and conveyancers. It has made engineering changes to enable signing and witnessing of deeds in accordance with HMLR’s practice guidance for “conveyancer-certified electronic signatures” (CCES). Other platforms including Adobe Acrobat Sign and Yoti can also satisfy the prescribed workflow for CCES.

Whilst the platforms have made changes to accommodate CCES and simplify the execution of deeds, witnessing still presents a practical challenge. Both the Law Commission and the Law Society of England and Wales take the view that a witness must be physically present when the signatory signs a deed on a platform and then attest the signature. 

This is a striking example of how the law sometimes lags behind technology. One might argue that the witnessing formality is redundant on platforms as the metadata in the digital audit trail conclusively proves that the signatory signed the document (or deed). But if the witnessing formality is to be retained, I would urge the UK government to exercise its powers under section 8 of the Electronic Communications Act 2000 to modify the current law and permit video witnessing of deeds. DocuSign has an integration with Zoom and can already accommodate video witnessing. I expect other platforms to follow suit by integrating with cloud-based video conferencing services such as Microsoft Teams and Google Hangouts.

Insisting on physical presence of witnesses when signatories execute deeds on platforms is an anachronism in 2023, and legal reform is long overdue.

QES in UK real estate transactions

HMLR is in the vanguard of the push for digital transformation in public sector services. It was commendably quick to react to the pandemic and introduce CCES. It has now set its sights on QES which, the Deputy Chief Land Registrar, Mike Harlow, has identified as “the right long-term component of [our] digital future. They have added security and the digital nature of the resultant document will enable joined-up and automated processing elsewhere in the transaction”.

HMLR is currently accepting electronic dispositions signed with QES under a pilot scheme involving a small number of conveyancers. One advantage of QES over CCES (and wet ink signatures and Mercury signatures) is that the electronic disposition does not need to be witnessed and attested.

North of the border, Registers of Scotland (RoS) have also introduced QES. From 1 October 2022, electronic documents signed with QES may be entered in the Register of Deeds in the Books of Council and Session.

I welcome the steps taken by HMLR and RoS to adopt QES as a tool to modernise conveyancing and land registration practice. But I have concerns: DocuSign’s ascendancy in the legal sector means it is likely to dominate the market for QES in real estate transactions too. Any monopoly is undesirable, but especially in this use case. The successful adoption of QES is dependent on innovation and competition amongst QTSPs (and not platforms). 

To realise the full potential of QES, HMLR and RoS must ensure there is interoperability between QTSPs and multiple e-signing platforms. This is theoretically possible if the QTSPs and platforms interoperate using the protocols specified in ETSI TS 119 432.

Future changes to UK e-signature law

The Data Protection and Digital Information Bill was laid before parliament in July 2022. The second reading was due in September but was cancelled. The Bill is now on hold due to concerns that the proposed post-Brexit reform of the UK’s data protection regime might jeopardise the UK’s EU adequacy status

Amid the clamour over UK GDPR, it was easy to overlook the Bill’s changes to the UK eIDAS Regulations, which underpin UK e-signature law. These changes are far-reaching and controversial. It remains to be seen whether they are retained in the Bill when it returns to parliament for its next reading.

Richard Oliphant specialises in electronic and digital signature law and practice, and in digital identity schemes. He advises private and public sector clients.