What makes an e-Signature legal?
A technology must meet the following three requirements from the definition of an electronic signature in section 1 of the ECT Act to be a valid electronic signature:
- It must involve two sets of data.
- Those sets of data must be related to one another.
- The signatory must have intended the relationship between the sets of data to be their signature.
QuicklySign provides legally valid electronic signatures, because:
- It takes one set of data in the form of the signatory's typed, drawn, or uploaded signature or initials and relates it to another by embedding it in a set of data in the form of a PDF document that is required to be signed
- It also tracks the process from when you upload the document, the signatory signs the document, to when the signatory receives a copy of the signed document and gives you an audit trail that you can show to others (which proves that the signatory intended their typed signature or initials embedded in the document to be their signature)
- The signed document is verifiable by means of a signature certificate and cryptographic hash stored on QuicklySign.
A technology must also conform to three restrictions in terms of section 13(3) of the ECT Act to be a legally valid electronic signature:
- It must somehow identify the signatory of the signed set of data.
- It must show the signatory's approval of the signed set of data.
- The way it identifies the signatory must be reliable enough for the purposes of the signed set of data.
QuicklySign conforms to these restrictions, provided that you use it correctly.
- It verifies the signatory by sending a link to sign the document you want signed to their email address (and mobile number if chosen) - but, you need to make sure their email address belongs to them (called 'authentication'). In addition to email, you can also use a mobile one-time pin as an additional point of authentication.
- It shows their approval of the signed set of data by embedding their signature in it and sending you the signed document – but, you need to store the audit trail correctly (called 'records management'). Note that the integrity of the document and the audit trail can be verified online via a cryptographic hash.
- This way of identifying the signatory is reliable – but, you need to decide if it is reliable enough for signing your particular document.