Insights + Resources

May 11, 2022

Electronic Signing | How to Validly Use Cloud Based Platforms

Introduction

While data and privacy concerns slowed the initial widespread adoption of e-signatures, attitudes have drastically changed towards e-signing and electronic execution of documents during COVID-19. In this article, we discuss the use of cloud-based e-signing platforms to execute documents, and how to overcome the practical challenges that may arise when using these platforms.

This article looks at:

  • Which services are best suited to commercial use?
  • What are the practical challenges of cloud-based platforms?
  • How does witnessing work with respect to cloud-based platforms?

1. Cloud-Based Platforms for Commercial Use

The Corporations Amendment (Meetings and Documents) Act 2021 (Cth) (Corporations Amendment Act) and the Electronic Transactions Act 1999 (Cth) (Commonwealth ETA) set out the rules regarding electronic signatures in Australia. Under both the Corporations Amendment Act and the Commonwealth ETA, e-signing is permissible where, in essence, the method of e-signing:

  • identifies the person;
  • indicates the person’s intention to be bound; and
  • is reliable and proven.

In this regard, using any of the major cloud-based signing platforms (such as DocuSign, Hello Sign or Adobe Sign) should enable these legal requirements to be met. These platforms rely on a process which uses the person’s nominated email address and digital signature, and has technological features to create a high degree of trust in authenticity, including certificate issuance, a time-stamping service, key management, hash signing and the revocation check needed for long term validation.

‘Certificate issuance’ refers to the digital certificate issued to bind a digital signature to an entity, while ‘key management’ refers to the management of encrypted and decrypted data through the use of encryption keys. A digital certificate provides the highest level of assurance of a signer’s identity. ‘Certificate revocation’ is a process that distinguishes invalid and untrusted certificates from valid trusted ones.

In effect, when you click “sign” on a document, a unique digital fingerprint (otherwise known as a ‘hash’) of the document is created. The hash is encrypted using the signer’s private key. The encrypted hash and the signer’s public key are then combined into a digital signature, which is appended to the document.

The signatory’s IP address and the date and time of signing is automatically downloaded into a PDF audit trail of information that is shared with other parties and may be adduced as evidence in Court proceedings should the authenticity of the document be challenged.

2. Cloud-Based Platforms: Overcoming Practical Challenges

One challenge of using cloud-based platforms is the risk that another person may have access to a signatory’s email account at the relevant time and may apply the digital signature on their behalf. To address this, parties may wish to adopt the following methods in conjunction with the use of a cloud-based signing platform:

  • Advising signing parties of how the process will work by email including that applying their digital signature and clicking ‘finish’ (or similar) will constitute their representation, confirmation, authorisation and undertaking to each of the other parties that:
    • They approve the documents that they have been provided access to;
    • They authorise the dating and release of the signed document, by which they are then bound, to all other parties;
    • Each signed, dated document shared with the other parties will constitute an electronic original; and
    • They authorise that the particulars of their execution may be documented in an audit trail in the knowledge that this will be stored and may be used in connection with a dispute;
  • Use of business email addresses, where available;
  • Use of a mobile SMS authentication code sent to the signatory’s phone under their own control to allow them to access the documents for e-signing

3. Addressing Witnesses in The Cloud

Another potential challenge that arises with respect to using cloud-based platforms is that it can be used for remote witnessing. Although we recommended witnessing in the same physical space where possible, witnessing can validly occur over an audio-video conference, and potentially hosted through cloud-based platforms.

Pursuant to Part 2B s 14G of the Electronic Transactions Act 2000 No 8 (Cth), the witness convenes an audio-visual conference with the signatory and attests to the faithful e-signing of the document. An audio-visual conference can be held over any preferred, secure online platform such as Zoom, Microsoft Teams or Skype.

Concluding Remarks

When used properly, a cloud-based e-signing method satisfies the identification, intention and appropriateness requirements of relevant laws.

When choosing a cloud-based e-signature platform that is right for your business, consider:

  • Is the identity of the signer assured, i.e., identifies the person, indicates the person’s intention to be bound, and is reliable and proven?
  • Is there a way to tamper with the document contents after signing?
  • Is it legally admissible and in compliance with relevant Commonwealth, State and Territory regulations?

We recommend that parties adopt a cloud-based e-signing method that is intermediated by a trusted law firm acting for one of the parties. If you require corporate legal advice with respect to e-signing and electronic execution requirements in Australia, please contact us below. We can quickly assess your situations and make immediate and cost-effective recommendations.

 

+      +      +

Close Btn Created with Sketch.

RECEIVE FREE NEWS + EXCLUSIVE INSIGHTS

Straight to your inbox on legal and business developments set to disrupt and transform.