“Simple” electronic signature, certified electronic signature, and scanned signature in contracts

la-firma-electrónica-simple-firma-electronica-certificada-y-firma-escaneada-en-los-contratos-mario-fernandez-abogados-ecuador

The COVID-19 pandemic has forced companies to adapt to the digital age through the use of Information Technologies (TIC’s) to guarantee the continuity of their operations, such as contract signing. The electronic signature has gained particular importance as a useful tool to avoid the parties’  physical concurrence when entering a contract. Also, it streamlines the process and improves document management.

Some people may confuse the electronic signature with the handwritten signature scanned and embedded in an electronic document; also, the electronic signature certified by an accredited local entity should not be confused with one that does not have said certification. 

This article analyzes the “simple” electronic signature, the certified electronic signature, and the scanned signature to differentiate them and determine the contract’s legal effects.

For the analysis, we assume a  contract between private parties that is not subject to any solemnity.

  1. “Simple” electronic signature and certified electronic signature

The electronic signature is regulated by the Law of Electronic Commerce, Signatures and Data Messages (hereinafter, “LCE”). It defines it as: “[…] the data in electronic form consigned in a data message, attached or logically associated with it, and that can be used to identify the owner of the signature with the data message, and indicate that the owner of the signature approves and acknowledges the information contained in the data message. “[1]

According to article 15 of the LCE, the electronic signature must meet the following requirements for its validity:

” a) Be individual and be linked exclusively to its owner;

b) That allows to verify the authorship and identity of the signatory unequivocally, through technical verification devices established by this law and its regulations;

c) That its method of creation and verification is reliable, safe and unalterable for the purpose for which the message was generated or communicated;

d ) That at the time of the creation of the electronic signature, the data with which it is created is under the exclusive control of the signatory, and,

e) That the signature is controlled by the person to whom it belongs. “[2]

The electronic signature has the same validity and  legal effects recognized in a handwritten signature (or physical signature).

The LCE does not use the denomination digital signature and electronic signature like in other countries to differentiate the electronic signature certified by an accredited entity before the competent authority in Ecuador (hereinafter, “Certified Electronic Signature”) from that electronic signature that does not have said certification (hereinafter, “Simple Electronic Signature”). The LCE calls both “electronic signature ”.

The electronic signature certificate is not a requirement for the validity of the electronic signature. According to the LCE, said certificate simply consists of “ […] a message that certifies the link of an electronic signature with a specific person, through a verification process that confirms their identity.”[3] and it is used mainly to “[…] certify the identity of the owner of an electronic signature […]”[4]

Consequently, the Simple Electronic Signature and the Certified Electronic Signature are valid. The difference between one and the other is in the presumption of legitimacy that the law grants to the Certified Electronic Signature when it is presented as evidence in a legal process:

“Art. 53.- Presumption. – When an electronic signature certified by an accredited information certification entity is presented as evidence, it will be presumed that it meets the requirements determined by law, and that consequently, the electronic signature data has not been altered since its issuance and that it belongs to the signatory ”. [5] (highlighted out of text)

It should be noted that the parties can agree to the use of electronic signatures generated through tools such as DocuSign, AdobeSign, among others. They do not necessarily have a local certification but are useful; they are within reach of any person, national or foreign, and expedite business.

When electronic signatures have a certificate issued and accredited by a foreign entity, it is possible to revalidate it[6] before an accredited Ecuadorian entity[7], with the same value as a local certificate. Notwithstanding this, the parties may agree to the use of electronic signatures and certificates that are not accredited. That agreement will be legally valid[8].

In short, if the Simple Electronic Signature meets the requirements provided for in the law, and its use is agreed between the parties, it can be used to sign contracts and it cannot be deprived of legal effects because it does not have a local electronic signature certificate. However, it will not enjoy the presumption of legitimacy that the LCE grants to the Certified Electronic Signature.

  1. Scanned Signatures

The Scanned Signature is only a facsimile of an original handwritten signature (hereinafter “Scanned Signature”). All a person has to do is scan their handwritten signature or that of a third party contained in a physical document to generate it and incorporate it into an electronic document.

The Scanned Signature is not regulated in the LCE, but it can be valid as long as the parties acknowledge such validity and it is part of a data message [9](eg in a document attached to an email). This is due to the principle of autonomy of the will and in view of the fact that data messages and documents incorporated by reference have the same legal value as written documents, as provided by law. In order to guarantee the validity of the Scanned Signature, it is important to observe the provisions of the LCE when sending, receiving and keeping the data message that contains the signed contract.

In conclusion, the Scanned Signature produces binding effects, provided that: (i) the parties so agree; (ii) the signed document is part of a data message and (iii) it is possible to access said data message, for later consultation. However, since this type of signature is not generated through a system that guarantees its authenticity, authorship and integrity, it cannot be considered an electronic signature.

[1] Ecuador, Law of Electronic Commerce, Signatures and Data Messages, Official Register Supplement 557, April 17, 2002, Art. 13.

[2] Ibidem, Art. 15.

[3] Ibidem, Art. 20.

[4] Ibidem, Art. 21.

[5] Ibidem, Art. 53.

[6] Ibidem, First General Provision.

[7] Ecuador, Regulation to the Electronic Commerce Law, Signatures and Data Messages, Official Registry 735, December 31, 2002, Art. 16.

[8] Ecuador, Electronic Commerce Law, Signatures and Data Messages, Official Registry Supplement 557, April 17, 2002, Art. 28.

[9] According to the Electronic Commerce Law, a data message “[…] It is all information created, generated, processed, sent, received, communicated or filed by electronic means, which can be exchanged by any medium. The following electronic documents, electronic records, electronic mail, web services, telegram, telex, fax and electronic data exchange will be considered as data messages, without this enumeration limiting its definition. “

Mario Fernández García
Asociado en CorralRosales
mfernadez@corralrosales.com