Digital Signatures

The Law and Best Practices For compliance

Disclaimer: ARX is not a law firm and does not provide legal advice.We make no warranty, express or implied, concerning anyinterpretation of laws and regulations or its reliability as presentedhere or of the content on websites cited in this presentation.

Electronic/Digital Signature Legislation

Electronic vs. Digital Signatures

Electronic signatures:

Legally defined as an electronic sound, symbol (e.g., a graphic representation of a person in JPEG file), or process, attached to or logically associated with a record, and executed or adopted by a person with the intent to sign the record.

Some of the solutions that fit this legal definition can be very problematic with regards to maintaining integrity and security, and especially a good business policy or practice.

Digital signatures :

Digital signatures, often referred to as advanced or standard electronic signatures, provide the highest form of signature and content integrity as well as universal acceptance.

Digital signatures help organizations sustain signer authenticity, accountability, data integrity, and non-repudiation (a signer cannot later deny their participation in a transaction they signed) of electronic documents and forms.

US/EU Federal and State Statutes

Legislation

Uniform Electronic Transactions Act (“UETA”) – 1999

Electronic Signatures in Global and National Commerce Act (“E-Sign”) –

2000

EU Directive for Electronic Signatures – 1999

These Acts give legal force and effect to electronic or

digital signatures.

Uniform Electronic Transactions Act (UETA)

UETA http://www.law.upenn.edu/bll/archives/ulc/fnact99/1990s/ueta99.htm

SECTION 7. LEGAL RECOGNITION OF ELECTRONIC RECORDS,

ELECTRONIC SIGNATURES, AND ELECTRONIC CONTRACTS.

(a) A record or signature may not be denied legal effect or

enforceability solely because it is in electronic form;

(b) A contract may not be denied legal effect or enforceability solely

because an electronic record was used in its formation;

(c) If a law requires a record to be in writing, an electronic record

satisfies the law;

(d) If a law requires a signature, an electronic signature satisfies the

law.

E-Sign Act

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE

ACT (aka E-Sign) at: http://frwebgate.access.gpo.gov/cgi-

bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106

Mirrors various provisions of UETA (which preceded it)

section a) says electronic signatures and documents are legal;

section b) this act does not override other acts that may mandate use

of paper-based transactions;

section c) “Consents” outlines what the parties must agree, and

declare they agree(d), to use of electronic signatures/contracts

between them; important in B2C and B2B scenarios.

State Compliance with UETA

46 US States (+ DC, Puerto Rico, and the Virgin Islands) have

adopted UETA. http://www.ncsl.org/programs/lis/CIP/ueta-statutes.htm

Georgia; Illinois; New York; Washington have other statutes pertaining

to electronic transactions(GA: Ga. Code Ann., § 10-12-1; IL: 5 ILCS 175/1-101; NY: NY CLS State Technology § 301

et seq.; WA: http://apps.leg.wa.gov/RCW/default.aspx?cite=19.34)

The US Federal Act, E-Sign, governs if disputes cannot be

settled at the state level.

Note: US courts seem to be so routinely admitting electronic signatures

due to the E-Sign Act that it is unnecessary for them to write a written

opinion actually going through the analysis under the statute. In a sense,

the statute is doing its job by obviating the need for any court to think

twice about whether an electronic signature could be admissible

(assuming it met all the other rules of evidentiary procedure).

EU Directive for Electronic/Digital Signatures

Directive 1999/93/EC Of the European Parliament and of the

Council of 13 December 1999 on a community framework for

electronic signatures:

The directive indicates standard digital signatures are required,

without explicitly saying so (wanting to appear technology neutral).

All EU Member States have adopted this directive with local

legislation, as of 2003.

EU Member States are not allowed to add additional requirements to

those in the directive.

EU VAT Directive 2001: Council directive 2001/115/EC:

Directive for electronic invoices calls for electronic signatures as

defined by the 1999 directive for electronic signatures.

Legal Summary

US and EU law accept electronic and digital signatures but state

nothing of specific technology choices.

US law allows for a broad definition of electronic signature.

EU law narrows the definition and implies that digital signatures

should be used.

Regulations in specific industries tend to lean toward digital

signatures.

The courts are concerned with:

Admissible evidence

Was a policy/procedure followed consistently in the

execution of routine business?

Best Practices for Digital Signature Deployment

A legally enforceable digitally signed record should have:

Admissible evidence: Attached to signed information

Uniquely linked to the signer

Capable of identifying the signer

Been created using means signer maintains under his/her control

Verifiable by anyone at anytime

Anyone at anytime should easily be able to detect changes to signed information

Organizational policy: Digital signing should be part of a standard automated organizational

policy/process

There should be a clear audit track

When are Digital Signatures Needed?

Audit and regulatory requirements

Particular to industry/geography

Acceptance

Inside and outside the organization

Verification

Now and in the archive

When proof of identity, intent, and integrity is needed

CoSign Digital Signature Compliance

CoSign creates legally enforceable digital signatures in accordance with UETA, 15 U.S.C. 7001 (E-Sign) and EU Directives 1999/93/EC and 2001/115/EC

The Cosign digital signature solution, when implemented with a proper organizational policy, can comply with:

FDA Title 21 CFR Part 11 (Life Sciences)

HIPAA (Healthcare)

Most states’ PE boards (Engineering)

Sarbanes Oxley

EU VAT Directive

SAFE BioPharma Association

United States Department of Agriculture (USDA)

About CoSign

The CoSign digital signature solution

automates your signature-based approvals

compliantly and affordably, allowing you to

cut costs and expedite business processes.

For more information, please contact

John Marchioni, VP Business Development

johnmarc@arx.com

Tel: (415) 839 8161

www.arx.com