When it comes to the digitization of processes and dematerialization of documents, electronic signatures are certainly one of the most “hot” and interesting topics. In the last period, we have all needed to find a way to carry out many of our activities digitally and remotely, both as companies and as private citizens.
Electronic signatures, from this point of view, have proven to be a tool of fundamental importance, precisely because they allow people to sign documents and contracts remotely and on the go, safely and quickly. From the point of view of companies, implementing an electronic signature solution means being able to offer their customers an easy-to-use signature method that ensures a full digital transaction and makes it possible to access the signature quickly.
But as it is well known, there are electronic signature solutions available that have different technological characteristics and which, also from the legal point of view, ensure a different evidentiary value: what are the elements that you must take into consideration when choosing the right electronic signature to implement in your business processes?
From handwritten signature to electronic signatures
The handwritten and analog signature, to which the law has always acknowledged the maximum value (except, of course, in specific cases of non-recognition or complaint of forgery), is characterized, in itself, by an extraordinary simplicity: just hold a pen and sign, even if sometimes we have to sign dozens and dozens of documents one after the other, with the result that often the last signature looks more like a series of hieroglyphics, rather than our name and surname. Nevertheless, the handwritten signature is one and only one.
By its nature, on the contrary, the digital world is extremely mobile and changeable: losing, damaging, or incurring modifications of a computer document, whether accidental or intentional, is unfortunately a very real risk. That’s why the legislator felt the need to strictly regulate this area, including the varied world of electronic signatures to protect the legal value of documents and contracts.
The different forms of electronic signatures
It is interesting and useful to note that Italy started to regulate this subject very early compared to the European Union, and it defined and regulated a very specific type of electronic signature–the digital signature. In fact, the digital signature has existed in our legal system since 1997, when the DPR 513 of 10 November defined for the first time its validity and technological characteristics, linking it inextricably to the techniques of asymmetric cryptography.
Subsequently, the evolution of the technological context and also of the European legal scenario have led the Italian legislator to consider other types of electronic signatures, so that today, these types of signatures are essentially consolidated:
- the simple electronic signature (SES), which represents the most basic type of signature, often formed by a pair of credentials (username + password) and sometimes strengthened by additional elements, such as an OTP solution (a one time password), to obtain a form of authentication of the signer;
- the advanced electronic signature (AES), which foresees some additional elements that makes it able to confer a higher level of security; these elements are identified by the DPCM of 22 February 2013: for example, whoever makes an AES solution available must identify the signer in advance, must inform him about the characteristics of the solution, acquire his informed consent to its use, and must have an assistance service and a liability policy to cover possible damages that may derive from an improper use of the AES. It’s worth remembering that art. 60 of this same decree imposes limitations on the use of this type of signature, specifying that it can only be used in the context of legal relations between the subject who must acquire the signature, and therefore makes the AES solution available, and the signatory;
- the qualified signature (QES), which in the Italian legal system generally coincides with the digital signature. The qualified signature foresees the intervention of a certified subject (known as CA, Certification Authority) that issues a qualified certificate of signature to the signer, always after having ascertained his identity. The certificates of signature have an expiration date and must be periodically renewed if you intend to continue to use them to affix valid signatures.
There are also two other possible electronic signature options, i.e. the signature that is authenticated by a notary or public officialand the signature based on SPID digital identity, for which specific guidelines have recently been issued (SPID is the Italian Public System for Digital Identity).
SES and AES solutions comply with the principle of technological neutrality: this means that signatures of this type can take on different characteristics and the providers that produce them can develop the solution they deem most suitable, as long as the minimum requirements identified by law are respected, especially in the case of AES. This makes SES and AES solutions extremely flexible, easy to integrate, and very simple to use for the end user.
On the contrary, the digital signature, as we have already mentioned, must be based not only on a qualified signature certificate, but also on the use of asymmetric cryptography. For these reasons, the digital signature is the one that has the highest value before the law and in certain cases its use, as we will see, is mandatory. For these same reasons, however, it is the solution that has the highest costs for the signer.
Choosing the right electronic signature: the elements to evaluate
Now that we have listed the main characteristics of the electronic signature solutions available today, it’s clear that they are not all the same, and that each one, by virtue of its own peculiarities, lends itself to different uses. Knowing how to distinguish the different types of electronic signatures is fundamental in order to choose the most suitable electronic signature for the specific use case. In order to narrow down the choice, the following general criteria can be a guide:
- the presence of specific regulatory provisions, related to particular types of documents and contracts
- the specific characteristics of our use case and the type of documents involved;
- the ultimate goal and the characteristics of our target users.
The presence of specific regulations
The first element to take into consideration when choosing the right electronic signature is undoubtedly the regulatory framework, to ensure that documents signed electronically are fully valid before the law. When we are faced with precise and stringent regulatory provisions, we can say that the choice is already made.
For example, there are some cases where the law prescribes the use of a qualified or digital signature, under penalty of invalidity of the signature and therefore of the act itself. Specifically, the Digital Administration Code (CAD) provides that all the acts listed in art. 1350 of the Civil Code, in paragraphs 1 to 12, must be signed with a qualified or digital signature.
Among these acts we find, by way of example: contracts for the purchase and sale of real estate; lease contracts lasting more than nine years; and acts for the division of real estate and other real property rights. In other cases, specific provisions have identified the mandatory use of digital signatures, as in the case of electronic invoices. In order to sign these documents, it is necessary for the signatory to contact a qualified provider to purchase a signature solution, which can then be used, of course, to sign other acts and documents, since it is always recognized.
The specifics of each use case
In other cases, the law allows for the alternative use of different electronic signature solutions. For example, there are acts that can be effectively signed either with an QES, or digital signature, or with an advanced electronic signature (AES). In such cases where the law makes it possible to evaluate different solutions, other elements come into play to guide our choice, such as ease of use and efficiency of the solution.
As we have seen, the digital signature must be activated by the signatory and represents an economic effort for the signatory. For this reason, we can’t take it for granted that everybody owns a digital signature. This is often the case only for those who need to use digital signatures in relation to their work or institutional activities, while those who do not use this type of signature regularly do not feel the need to do so.
That’s why, in cases when digital signatures and AES are considered equivalent by law, the solution may be to make an advanced signature solution available to your clients. In this way, you can capture signatures electronically even when the end user does not have a digital signature, ensuring the creation of valid electronic documents. The alternative would be to capture the signature in analog mode, but this would end up generating further expense and additional time.
The ultimate goal
This brings us to the importance of the end goal, that is, the purpose you want to achieve by implementing an electronic signature solution. One of the main benefits of electronic signatures is that they make it possible to achieve greater efficiency in your signing processes, eliminating time-consuming steps, and reducing intermediate steps, and reducing document exchanges to the minimum necessary.
For this reason, AES or, when possible, simple electronic signature solutions (perhaps reinforced by an OTP code) are the most suitable for reviewing these processes in digital mode and implementing, for example, digital onboarding processes.
By focusing on an AES or SES solution, each company can evaluate the technological solution that can be best integrated within its own processes and business systems. In addition, it can make a signature solution available to its users and customers, guiding the onboarding process and maintaining constant control, at all stages. This facilitates process monitoring activities and enables better interaction with end customers, while streamlining business processes.