The world is moving toward greater levels of digitisation, and organisations are increasingly implementing electronic and automated solutions in an effort to reduce paper-based processes. The signatory process is one of the last barriers toward the implementation of end-to-end digital systems, and as such is a significant contributor toward reduced organisational efficiency.
However, many organisations remain concerned about the legalities of such electronic signature solutions. Understanding the legal aspects and how to select an electronic signature solution that complies with the relevant legislation is essential in escaping from paperbound processes and leveraging improved efficiency and cost effectiveness.
What is an ‘electronic signature’?
According to the Electronic Communications and Transactions (ECT) Act of 2012, an electronic signature is any data attached to or logically associated with other data, which is intended to be a signature and has a relationship with the that data. This relationship can be any number of things, including a data signature residing in the same file, or data residing in a different file to which the original document points.
David Luyt, Associate at Michalsons adds, “This may seem overly complicated, however, the important aspects here are the intent, and the relationship between the document and the ‘signature.’ Basically, an electronic signature is a piece of data attached to an electronically transmitted document as verification of the sender’s identity and his or her intent to sign the document.”
The legal aspects
“South African Common Law has in the past made allowances for a variety of different formats to be recognised as ‘signatures,’ including X’s, thumbprints and other markings that explicitly demonstrate intent and consent. Common Law implies that a document must have the name or mark of the person signing, the person signing must have applied it themselves, and the person signing must have intended to sign the document. This paves the way for electronic signatures to be recognised as legally binding and enforceable,” says Luyt.
The ECT Act specifically makes allowances for the legality of electronic signatures, and in fact the Supreme Court recently recognised an email signature as a valid electronic signature. This is because it meets the two most important criteria – there is an association or relationship between the document and the signature, and the person intended it to be a signature.
The majority of documents signed in South Africa do not legally require a signature – this is more of a custom and process requirement to verify that parties are who they say they are. An electronic signature is capable of fulfilling these requirements perhaps better than paper-based solutions, as the electronic signature process creates a tamper-evident audit trail that clearly identifies any areas of risk or suspicion. However, there are also certain specific transactions that require an advanced electronic signature in order to be legally enforceable, including suretyships and other transactions. If signed electronically, these need to make use of a specific certification authority endorsed by the South African Department of Communications and other authentication methods.
Selecting an electronic signature solution
“The ECT Act recognises a variety of digital formats as an ‘electronic signature’ as long as they comply with the criteria of intention and relationship to the document. When looking for a legally compliant electronic signature solution, organisations should select a strong brand with a good reputation in the market. This is essential to ensure that both users and customers will trust that the signatures delivered by the solution are valid. Organisations should also feel confident that their provider follows industry best practices. Furthermore, electronic signature solutions are often delivered as a cloud-based service, meaning the provider is tasked with handling and managing part of an organisation’s data. The service provider therefore needs to comply with legislation such as the Protection of Personal Information (POPI) Act and ensure reasonable security and limited processing of sensitive personal information,” concludes Rose.