Electronic Signatures: Can We Finally Stop Sending PDFs?

We’re sure everyone has circulated PDFs for signing by email at one time or another. Each signatory prints out the document, signs it, scans it to a new PDF file and sends it to the next signatory by email again. In our experience this approach is very common, for example, with documentation for large financing arrangements.

Is it finally time to consign these PDF circulations to history and move on to fully electronic signatures?

Electronic Signatures Already Mainstream

Sale and purchase agreements and other transaction documents are already commonly signed electronically. In some circles, electronic signatures have become so commonplace that people may forget to make sure in advance that all of the parties involved accept the method.  Even though the parties to a transaction are legally free to agree on matters without traditional hand-written signatures, it is important to make sure the that the procedures and requirements of each party are taken into account.

Using electronic signatures makes it possible to sign hundreds of pages of documentation through a single email link. The signatory is typically emailed a link that they use to send their electronic signature. The process can be designed to require strong identification.

Electronic signatures save time, effort and money, particularly when the parties are not in the same place. The pandemic has increased pressure to adopt electronic signatures, as people have had to avoid face-to-face contact.

Electronic Contracts Assumed Valid

The legal status and legal effect of electronic signatures are based on both EU-level regulation and national legislation.

The EU’s eIDAS Regulation (No 910/2014) provides that the legal effect of electronic signatures should not be denied on the grounds that the signature is electronic. The regulation is directly applicable law in Finland.

The general act concerning contracts in Finland is the Contracts Act (in Finnish, laki varallisuusoikeudellisista oikeustoimista). The Contracts Act provides that a contract does not have to be signed by the parties by hand to be valid, as long as the parties otherwise unanimously commit to the agreement and its contents.

Unless there are statutory formal requirements for a contract, the parties are free to enter into the contract orally, in writing or electronically.

Three Kinds of Electronic Signature

It is worth keeping in mind that there are three levels of electronic signature.

The highest level of verification is provided by a qualified electronic signature, which is legally binding without any further evidence. This highest level of verification is only provided in Finland by the Digital and Population Data Services Agency.

The second highest level of authentication is an electronic signature verified by strong identification. Strong identification systems include, for example, Finnish online banking codes and mobile IDs.

The third and weakest level of authentication is a signature verified by weak identification, which uses, for example, an email address or password.

Security of Electronic Signatures

There are a number of common doubts expressed concerning electronic signatures, for example, that they are unreliable, involve technical uncertainties or might be invalid in a dispute.

To date, we have not come across any situations in which electronic signatures would later have been revealed to have been abused. Using strong identification raises the reliability of electronic signatures well above that of, for example, circulated PDFs. At least the identity of the signatory is authenticated more strongly than the that of the person sending the PDF attachment.

Potential data security risks and attempts at tampering can be mitigated through technological means and additional settings, such as by using numerous auditing chains or identification requirements.

When using the qualified electronic signature method, the signatory cannot deny having made their signature or allege that the document would have been altered later. Unless there are formal requirements for a contract set in law, the parties are free to enter into the contract orally, in writing or electronically. As a rule, an electronic signature is as binding in a dispute as an oral agreement or a hand-written signature.

Based on the eIDAS Regulation, the authentication provided by the Digital and Population Data Services Agency has the same status as a hand-written signature and must be accepted in other EU member states as such.

Is Now the Time?

What about circulating PDFs by email then?

No one will force you to stop, but PDFs are not without risks either—and the risks may be even larger than those of electronic signatures.

With PDFs, the actual identity of the signatory is often not authenticated at all. If the signatory is off in the countryside, for example, how can you be sure that they were actually the one who signed the document?

The idea that circulating scanned PDFs would be a more secure option than electronic signatures is nothing more than a myth based on ingrained habit.