Digital signatures and identities, the future is here!
By Bruce McGregor, Director - PDMS
The next step in signing technologies
With each day that passes the world is becoming more ‘digital’ and as an organisation focusing on digital transformation, we at PDMS have an in-depth understanding of the opportunities this can present.
Being ‘digital’ creates inherent opportunities for businesses including time savings, reducing/removing manual paperwork processes, delivering greater efficiencies, cost savings, sales and overall competitive advantage.
As the digital services world evolves, the ability to complete or sign documents digitally has become more important. There are a number of business considerations to align with important levels of electronic signing all surrounding the usual ‘who’, ‘what’ and ‘why’:
- Is the ‘signing entity’ who they say they are? - a ‘trusted identity’
- Can the signature and associated identity be validated?
- Does the signing model provide legal assurance?
Fortunately, various types or levels of electronic signing and document assurance technologies exist which allow organisations to select the type of electronic signature that aligns with their business requirements, driven by their ‘business case’.
When contemplating if electronic signing might be acceptable for a business, various factors need to be considered and from a number of perspectives including:
- The customer or receiving organisation
- The organisation
- The industry
- The industry regulator
- Any overarching international regulator
These factors also need to be aligned with national, and to those organisations who transact globally, international regulation, legislation and guidelines.
So, it’s useful at this stage to look a little further into some of the main types of electronic signing, their associated digital identity and the wider international legal regulation and acceptance.
Different types of electronic signatures and different levels of signing
A basic form of an ‘eSignature’ is something that most people will have heard of or already used. It is a replacement for traditional ‘wet ink’ signature used on paper documents and removes the need to print, sign and re-scan a document in order to produce a ‘signed’ electronic copy. It can comprise of, for example, anything from a scanned hand-written signature, checking a T&C’s box, entering initials, or ‘typing your name into a box’.
However, while they can meet requirements, there are issues with basic eSignatures including:
- There is no way to verify the true identity of the signatory
- Low accountability/legal assurance
- No international or cross-border acceptance
- No ability to validate if a signed document has been tampered with
As a result of these issues, industries and their regulators are increasingly requiring higher levels of assurance than basic eSignatures can provide.
The next level of electronic signatures Advanced Electronic Signatures (AES) and Qualified Electronic Signatures (QES) address these issues and come with other considerable advantages as they:
- Prove who signed what, and when
- Provide a trusted identity of the signatory that is visually validated
- They provide tamper evident documents
- Contain the date/time the signature was applied
- Are recognised by international legislation (for example eIDAS)
Both AES and QES provide digital assurances about the authenticity of the identity of the signatory through the involvement of a trusted third-party, a Certificate Authority (CA). The CA functions in a similar way to a notary by verifying identification and providing digital certificates used by a Digital Signing Service (DSS). So, it’s more than just electronic signing, it’s the in-built identity within AES and QES that is key here as well.
Legal acceptance globally
While basic eSignatures can be legally binding in many countries, it can be arduous to prove with a great deal of variation by country or state and there is: no identity; no ability to easily validate and no automatic international cross-border acceptance as there is for advanced and qualified signature levels, which align with international regulations.
The electronic IDentification, Authentication and trust Services (eIDAS) legislation states that all organisations delivering public digital services in an EU member state must recognise electronic identification from all other member states. It mandates international cross-border trust and presents an opportunity for European business and individuals who want to transact digitally. eIDAS has led to global understanding through recognised principles, is seen as a ‘gold standard’ and is based on the European Telecommunications Standards Institute (ETSI) standard which ‘provides members with an open and inclusive environment to support the timely development, ratification and testing of globally applicable standards for ICT-enabled systems, applications and services across all sectors of industry and society’.
Most digitally signed documents are transacted in Adobe.PDF format, which comes under the technical framework of the Adobe Approved Trust List (AATL) which mirrors eIDAS regulations. The AATL is an industry program that globally allows millions of users to use electronic signatures that are trusted and can be validated whenever the digitally signed document is opened in Adobe® Acrobat® or Reader® software.
The result of alignment with regulation (eIDAS or equivalent), through either AES or QES electronic signatures, delivers international cross-border trust, assuring the acceptance of global digital business documents/transactions.
Digital identity - an opportunity for the Isle of Man?
Recently, with our partners GlobalSign (a globally recognised Qualified Trust Service Provider), we held a thought leadership workshop with key leaders from a selection of local businesses and government, where we explored both the use of electronic signatures and digital identity in the Isle of Man.
A local example of the requirement for electronic signing and digital certification for the IOM Ship Registry (IOMSR) was presented to delegates:
As a flag state international ship registry, the IOMSR exercise regulatory control over vessels and seafarers that are ‘flagged’ within the IOM registry. The IOMSR operates under the international regulatory guidance of the International Maritime Organisation (IMO). The IMO’s main role is to create a regulatory framework for the shipping industry and they have, as a regulator, provided formal guidelines for the use of electronic signatures and/or certificates.
As a leading international ship registry, IOMSR considered their business case, organisation and stakeholder demand, the need to continue to maintain and grow their globally recognised status and, of course, the regulatory landscape from the IMO down. The decision was made that further digital transformation was needed by implementing electronic signatures and digital certificates. This was achieved through the approval of their approach with the IMO and via the effective implementation of PDMS’ Digital Signing Service, in this case providing AES as part of new digital certificates provisioned through our MARIS ship registry software solution.
This example demonstrated the benefit of having the perspective of international regulatory guidance, national regulation, government engagement and the strategic business case. This new digital service launched to IOMSR clients in February and delivers a significant move for an Isle of Man organisation in providing a fully digitised global business service where assurance, global recognition and acceptance are all built-in.
The attendees then applied their thinking to other industries and organisations based in the Isle of Man, which then triggered further thoughts around digital identity, related services and benefits for the Isle of Man, whether through government, industries or individual businesses.
Clearly, the importance of electronic signing and identity validation will continue to increase and eventually become commonplace. Incidentally, on the same day we were hosting the Isle of Man focused electronic signing thought leadership event, at the same time the World Economic Forum Annual Meeting in Davos, McKinsey&Company unveiled their new report called ‘Digital Identification: A key to inclusive growth.’
This report reveals the huge opportunities for countries and businesses who embrace digital processes with digital identification, outlining that almost 1bn people in the world currently lack a recognised form of identification. A further 3.3bn people are unable to use their identification in today’s digital world. Electronic signing and identity would help reach previously unreachable people. The report also suggests that if countries start accepting digital identity it could unlock between 3% - 13% of GDP by 2030. In Isle of Man terms, for example, this could increase GDP from £4.88bn (IOM GDP in 2016/17) to between £5.03bn and £5.51bn.
At PDMS, we believe that the world of electronic signing and identity presents a huge opportunity for Isle of Man businesses and government alike whether to streamline their processes, improve digital security or increase revenue. By being an early adopter of electronic signing and importantly identity, this would ensure the Isle of Man is not only in the leading pack of jurisdictions but crucially does not get ‘left behind’ – the time is now!
To learn more about digital identity please reach out to Bruce McGregor
More information about the service can be found here