Electronic signatures, not as perfect as it seems?
Published on 3rd Oct 2022
Using apps instead of pens & printers for signing contracts offers many advantages. Platforms such as Docusign/Adobe Sign makes signing contracts as easy as reading and sending e-mails on your phone. It saves trees, saves time compiling documents and, hopefully, chasing people for signatures. It can furthermore add security encryption to the document protecting its authenticity.
Dutch (lower) case law however shows that improper use of electronic signatures can have adverse consequences. This article gives you an insight on the potential risks when using electronic signatures.
What is an electronic signature?
In the EU the rules for recognition of electronic signatures are set out in the European eIDAS Regulation (Regulation (EU) No 910/2014) (eIDAS). The eIDAS identifies three types of electronic signatures:
1. simple electronic signature (SES);
2. advanced electronic signature (AES); and
3. qualified electronic signature (QES).
A SES needs to be data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign documents (such as a scan of a signature in a Word document).
An AES must be uniquely linked to the signatory, capable of identifying the signatory, created using an electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control and linked to the data signed thereby in such a way that any subsequent change in the data is detectable.
A QES is an AES created by a qualified electronic signature creation device, which is based on a qualified certificate for electronic signatures. Providers of these certificates (so called Trusted Third Parties) are mandatorily listed and recognised in all member states.
Pursuant to EIDAS, a QES has the same legal effect as a handwritten signature in all EU member states. For SES and AES, EIDAS leaves room for member states to determine the value of such signature (with the minimum requirement that such signature may not be totally ignored).
How does Dutch legislation deal with electronic signatures?
Following from EIDAS, under Dutch law, QES has the same effect as a handwritten signature. For SES/AES Dutch law uses an open norm with regard to the recognition of those electronic signatures. In short, AES/SES have the same legal effect as QES if the method of signing is sufficiently reliable given the purpose for which the electronic signature is used and taking all relevant circumstances into account.
Whether an electronic signature is considered "sufficiently reliable" is ultimately to be decided on by the courts. If it is sufficiently reliable, the SES/AES will be treated the same as QES (and wet ink signatures). This means that such electronically signed document will qualify as a private deed (onderhandse akte) that has conclusive evidentiary value (dwingende bewijskracht).
If a court concludes that the SES/AES is insufficiently reliable, it can have the following consequences:
1. The document will only have nonbinding evidentiary value (vrije bewijskracht). This means that additional evidence may be needed to proof (i) the authenticity of the relevant signatures and/or (ii) the will of the signatory to be bound to the contract. It will not always be easy to provide such evidence.
2. If a signature is also a formal requirement for a legal act (such as the purchase agreement for a house), the legal act could be void or voidable.
The following examples are derived from case law and illustrate what can go wrong.
• In 2018 a Docusign signature on a services agreement (overeenkomst van opdracht) was deemed insufficiently reliable because, among others, signatures did not match the signature on the ID (depends on the electronic signing requirements).
• In 2019 a factoring company entered into a factoring agreement using electronic signatures and transferred an amount to a real estate company in exchange for the purchase of a specific receivable. The debtor of the invoice contested the invoice and the factor filed a claim against the real estate company. The directors of the company stated that they were not aware of any transaction with the factoring company.
The onboarding process included checking the trade register, verifying the e-mail addresses of contact persons, receiving copies of identity documents and bank cards, including IP addresses and email addresses at signing and a phone call with the two (deemed) directors. The Dutch court ruled that the electronic signature on the factoring agreement was insufficiently reliable because the verification process used by the factoring company was not sufficient. The additional evidence the factoring company provided was not sufficient and the court only awarded the claim for repayment of principal amount (excluding fees, penalties and costs) (increased with interest) on the basis of undue payment.
In appeal (2022), the court of appeal ruled, that it could not be established that the electronic signatures on the contract originated from the directors. According to the court of appeal this does not differ from the situation that a wet-ink signature would have been falsely placed. The question whether the electronic signatures was sufficiently reliable is, according to the court of appeal, not relevant yet. The court case is still pending and parties have been granted another opportunity to provide further evidence on how the factoring company mitigated the risk that someone other than the directors would have been able to provide the electronic signatures, also taking into account whether the directors themselves could have mitigated the risk of fraud.
• In 2019 the Dutch Supreme Court ruled that if persons are required to sign in a certain specific capacity, such as a doctor or a psychiatrist, these persons need to sign documents themselves and if electronically use at least AES or QES because of the importance of such documents. In this case the stamp used to sign the relevant document was not sufficient. In this case, the relevant party was allowed to deliver counter evidence to proof that the relevant person indeed signed the relevant document.
• In 2020 an SES (including SMS code verification) on a surety (borgtocht) was not deemed sufficiently reliable because there was too much risk of identity fraud given the limited safeguards the process provided.
• In 2022 an SES on a credit agreement and the relating surety did not meet the requirements. The document was signed using Adobe Sign and in addition a verification by phone (sms code) was used. The lender acquired UBO statements and copies a copy of a passport. The court ruled however that although research was done, this related more to the company and not the surety and therefore the electronic signature of the surety was insufficiently reliable.
Conclusion
Dutch case law has shown that using SES is not without risk and that adding some information (phone number or IP address), a SMS code or pdf copies of IDs does not always sufficiently 'upgrade' a SES given the purpose for which it is used. Especially for documents that may materially affect the counterparty, especially in circumstances that such counterparty is further away from the main transaction (e.g. in the context of a suretyship or third party security (by natural persons) the (lower) courts have proved to carefully scrutinise the reliability of the e-signature used.
Altogether, electronic signatures seem like the perfect solution for an efficient signing process, but always consider what type of electronic signature you are using and for what purpose. QES or wet ink still gives most comfort. If you need legal advice in relation to this topic, contact one of our specialists.
