Zoe Chan So Yuen FCIS FCS, LLM, Solicitor, reviews relevant e-signature legislation and guidelines in Hong Kong and around the world, and brings readers up to date with best practice  recommendations on the use of e-signatures.

As increasing numbers of organisations are looking to digital solutions to improve their document control processes, readers of this journal, in their capacity as in-house legal counsels and company secretaries, may well have been quizzed by management about the enforceability of electronic signatures (e-signatures). This article reviews the compliance aspects of the use of e-signatures in Hong Kong and globally, and looks at how e-signatures can reduce risk and strengthen enforceability of signed records.

E-signature legislation and practice notes

Mobile devices – including mobile telephones, PDAs, laptops and notebook computers – are now used for a wide range of e-business transactions executed daily, and digital signatures have become increasingly important for the rapid development of mobile telephone commerce and social media transactions (m-commerce). This increasing use of digital signatures in m-commerce will require mobile digital signature sophistication to be integrated into the mobile devices to enable users’ identification and authentication in their contractual transactions. Many countries adopt a two-tier regulatory regime governing electronic signatures, including minimalist and prescriptive laws. The minimalist approach accepts all, or most, electronic signatures on a technology-neutral basis, while prescriptive laws dictate specific technical methods to electronically sign a document.

UK law

English law has long been a popular choice for international parties entering into Hong Kong commercial contracts. The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and the Practice Note issued by the City of London Law Society provide the latest rules and guidance for the execution of documents using e-signatures. E-signatures can be used by companies incorporated under the UK Companies Act 2006 (UKCA). For example, if the minutes of directors’ or general meetings, or written resolutions, are signed by one of the company's authorised persons by an e-signature, those records will have been sufficiently authenticated. An e-signature is different from the concept of 'virtual execution’ or 'virtual signing’ of a legal document as stated in Mercury Tax Group v HMRC [2008] EWHC 2721. Virtual execution of Hong Kong contracts cannot be relied on with certainty as the Mercury case has never been tested in a Hong Kong court. The UK Electronic Communications Act broadly allows e-signatures to take a wide range of forms, including an authorised person signing by:

1. typing his/her name into the document
2. using a stylus on a touchscreen device, and
3. applying unique digital coding to a document as a form of identification (collectively known as 'digital signatures’).

US law

In practice, not all e-signatures and their contractual risk management rules are treated equally around the globe. The governing laws relating to e-signatures in the US are contained in the Electronic Signatures in Global and National Commerce Act and the Uniform Electronic Transactions Act.

HK law

In Hong Kong, The Electronic Transactions Ordinance (Cap 553) provides legal frameworks for electronic records and e-signatures. Most government services advocate the use of digital certificates issued by certification authorities which facilitate efficiency and service delivery of commercial transactions. On the other hand, commercial and banking services in Hong Kong use various forms of e-signatures, including digital signatures supported by digital certificates issued by certification authorities.

European Union (EU) and Brexit

The EU Regulation No 910/2014 on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market, go further than the UK regulations to define the concepts of 'electronic seals’ and 'qualified electronic seals’. But these definitions have no linkage with the concept of a 'common seal’ as set out in Section 44(1)(a) of the UKCA. Again, Hong Kong has no judicial interpretation of this. In practice, courts and business communities have widely recognised the use of e-signatures in Europe. But it is a matter for each country to enact its national laws and recognise any local forms of e-signatures. Brexit will create uncertainty regarding the effectiveness of English law to govern e-contracts in Hong Kong. For example, the EU rules require member states to respect a choice of law, regardless of whether the contracting parties are EU-domiciled or whether the chosen law is that of a member state. Will EU countries, post Brexit, uphold the e-signature law in UK and Hong Kong? Given the uncertainties arising from Brexit, it is highly recommended for organisations to seek local professional advice to confirm whether an electronically signed document can be relied on in any jurisdiction outside the UK.

Common pitfalls and ways to avoid them

With the rapid spread of information communications technology (ICT) around the globe, e-signature laws in overseas jurisdictions may be in conflict with existing electronic contracts regulations in Hong Kong. Compliance professionals are recommended to formulate corporate 'best practice' policies for the use of e-signatures. Since individual parties can always agree what will be an acceptable form of signature, they should appreciate the benefits of having good degree of flexibility in developing their contracting processes. A recent survey published by the Journal of Experimental Social Psychology revealed that e-signatures do not carry the same weight as the traditional pen-on-paper version. 'A person's unique handwritten signature is a symbolic extension of the self – that is a profound bond for one's honesty’ the journal states. E-signatures may not always be effective in preventing dishonesty which is one of the essential purposes of a handwritten signature. As illustrated in the 'Get the FAQs’ table above, the use of digital signatures can have drawbacks and possible loopholes for fraud. Firstly, from the perspective of information security enforcement, digital signers need to rely on computer equipment, tools and software that may or may not be trusted to perform as requested. Secondly, handwritten signatures have an original that is distinguishable from copies while digital signatures do not. In some cases, handwritten experts need to be summoned to testify the authenticity of the handwritten signatories in legal documents. This is because certain handwritten signatures can hardly be copied. But the digital signature copies produced by a stolen key are completely authentic. Practical IT and contractual strategies for using e-signatures will be required on a case-by-case basis.

Defined e-contract policy and e-document control solutions

Businesses and compliance professionals can determine their own e-document control policies, specifying what type of documents and e-signatures they will use. All in all, they are recommended to take into account the reliability, risks, simplicity and accessibility of the type they choose to adopt. It may be possible to have multiple originals of a document in both electronic and hard copy form. For good contractual risk management, the contracting parties should agree in advance on what steps are to be taken before the e-document is circulated and executed, for example, ensuring witness availability, the extent of authority checks to be undertaken and engaging with potential counterparties as to their acceptance or otherwise with the use of e-signatures. E-signatures validly authenticate documents. The courts can rely on the similar test for a wet-ink signature to authenticate an e-signature on case-by-case basis. With the widespread adoption of ICT, sophisticated digital signature services will emerge allowing stronger authentication, clearer and consistent intent tracking, a detailed audit trail and customisable e-disclosure and consent to create digital signatures that make it not only legal, but also legally defensible. Zoe Chan So Yuen FCIS FCS, LLM Solicitor

SIDEBAR