Many companies have already digitized a large share of their processes without media discontinuities. However, this is often the case only until something needs to be signed by hand. At this point, the document is printed and circulated for manual signatures. Afterwards, the document is scanned again and archived, and the original document is also stored in paper form. Every day, the relevant authorized signatories need to sign stacks of documents. Let’s be honest: manual signatures take a lot of time and increase paper consumption considerably.
Get rid of inefficient and costly paper-based processes and look into using online signatures at your company. By digitizing your signatures, you not only speed up your processes and free up more resources for customer support, you also save a lot of money. Give your employees more time for what is really important at your company.
There are many online signature providers
If you really want to exhaust the potential offered by online signatures, you need to plan well. When introducing them, you need to consider legal, technical, and organizational aspects. Digital signatures can streamline many business processes, since they eliminate previously existing media disruptions entirely. However the market for appropriate applications is difficult to navigate for many people.
To shed some light on the matter, we have summarized the most important topics for you in the following short guide. Here’s a spoiler: it is often not possible to complete the first phases of a technical system implementation without involving an electronic signature expert at all.
5 questions that will help you find the right online signature provider
Question 1) What are my company’s requirements for online signatures?
- Information: Before you begin evaluating different providers, you should first internally establish which use cases digital signatures need to cover at your company. Consider economic efficiency as well when doing so.
- Action: Evaluate the exact business requirements involved in your fully integrated digital process (end-to-end or e2e process). Also check which scenarios are suitable for pilot runs and how your company can switch entirely to digital signatures step by step (roadmap).
Question 2) Which signature do I need for the application scenarios I have identified?
- Information: The eIDAS Regulation has made it possible for us to have a uniform, legally valid guideline for digital remote signatures in the European Economic Area. As a result, it has been possible to sign digitally since 2016, and these signatures have the same probative force as handwritten signatures. This is possible because trust service providers (TSPs) ensure the authentication of the contract partner and protect the integrity (immutability) of the signed document using a certificate. A distinction is made between three different types of signature: standard, advanced, and qualified.
Are you wondering when to use which signature? That is a great question, and we strongly recommend you seek consultation from a lawyer and consider liability risks. If necessary, d.velop AG can put you in contact with a specialist. Here are three facts that are generally important:
- Standard electronic signatures have no added security value for companies and are subject to free judicial consideration of evidence (§ 286 of the Civil Process Order).
- Advanced electronic signatures are also subject to free judicial consideration (§ 286 of the Civil Process Order), but they ensure documents’ integrity using certificates.
- Only qualified electronic signatures (QESs) replace statutory written form (§ 126 and 126a of the German Civil Code) and can therefore be equated with handwritten signatures.
CAUTION: Many providers advertise that the signature procedures they offer fulfill the requirements of the eIDAS regulation. However, they neither go into detail nor make it possible to verify whether their procedures fulfill the requirements of qualified electronic signatures. (SOURCE: Philipp Kühn; Formerfordernisse in der IT-Beschaffung im regulierten Bereich und die elektronische Signatur (published at https://online.otto-schmidt.de/db/dokument?id=cr.2017.12.i.0834.01.a) Only a few signature providers offer qualified signatures as standard products (pursuant to the eIDAS Regulation) in addition to standard and advanced signatures.
- Action: Sort out the legal requirements for the signatures you need, and consider possible liability risks together with your lawyer. Check which signature types providers offer as standard products, and identify any relevant service expenditure and project costs. How can you do that? By asking the provider which TSPs it collaborates with and whether contracts can be passed through in this case or need to be negotiated separately with the TSP. Find out whether qualified signatures are implemented/introduced as part of a project.
Question 3) Which technical solution is suitable for my company, and how high are the implementation costs (hardware-based solution vs. remote signature)?
- Information: There are hardware-based solutions and solutions that work using “remote signatures.” Many providers on the market offer legally binding digital signatures in combination with hardware components pursuant to eIDAS. In this case, the required signature certificates are stored on local hardware (e.g., a local signature server, a signature card that requires a signature reader, or a USB stick). That means online signatures can be performed only in conjunction with this hardware component.
For the first time, the eIDAS regulation is making it possible to initiate a online signature remotely without a signature card and card reader. In this new procedure, the user’s private signature key is stored on an extremely secure server (hardware security module) of the TSP. The one-time identification of persons during the set-up process takes place simply and flexibly using methods that include VideoIdent, NID (new identity card), GiroIdent, or even PostIdent.
- Action: Based on your e2e process, determine which technical solution is best suited for your company, and evaluate the possibilities for integrating it into your existing systems. Do you want a stand-alone solution, or do you want to integrate it into existing applications? Find out what standard solutions offer and where additional expenses are incurred depending on the service. Also question who is responsible for operation and note where and how your data is stored so that, in case of doubt, it does not end up on American servers owing to a lack of knowledge.
- TIP: If you want to get to know the medium of digital signatures, a stand-alone approach may well be a good idea for targeted application scenarios. This allows selected employees to gain experience and give feedback, even in early stages of implementation The users are picked up right where they are and involved in the implementation process from the very beginning. They quickly recognize the digital solution’s added value and that it is easy to use, and their communication creates acceptance for the digital change in your company.
Question 4) Which range of functions do the different signature providers offer? Which features are especially important for my company?
- Information: The functions contained in providers’ solutions vary greatly. Always keep an eye on end-to-end processes without media disruptions. The following features are among the ones you need to consider for your specific application case:
- Which file formats can be signed using the solution?
- In which languages is the solution available?
- What are the steps in the signing process?
- Which options do I have for signing documents?
- Which management options are available?
- How is the solution administered?
- Can users use the solution intuitively?
- Can I share a document from the solution with third parties and obtain signatures?
- Do the signatures offered comply with the eIDAS Regulation?
- Which integration options exist? Is there a REST interface (API)?
- Which standard interfaces are available for the solution?
- Can I perform mobile signatures using my iPad or cell phone?
- Which other features are available, and which ones are planned?
Action: Take a closer look at the provider’s scope of functions. Identify and evaluate the differences for your company! Find a way to compare the solutions.
Question 5) Which costs are incurred? In other words, how much will it cost me to implement online signatures?
- Information: The pricing models of online signature providers vary and often range from pay-per-use models to licensing per user and flat rates. Which services do the costs cover? When determining this, make sure to consider all costs, including those for the implementation or initial provision, operating costs, upgrades, and support. Generally, the one-time identification with the TSP also entails costs.
- Action: Determine the applicable costs based on the number of signatures and users you require. Find a way to compare them in an overall cost assessment.
Have you evaluated the 5 questions for your company? Now compile all the information you have gathered and find a way to compare it.
Systematically evaluating signature providers facilitates the introduction of online signatures. The scope of services offered by many signature providers varies, which is why it is a good idea to take a very close look at all the points mentioned above (as well as potential additional expenses and implementation timelines) for each provider before making a decision.
Compile all the information you have gathered and find a way to compare it. Weigh the pros and cons, and let your employees have a say.
Then start the pilot phase of the processes you have selected! #happysigning
This article contains information about the legal framework conditions for using digital signatures at your company. However, it does not constitute binding legal consultation. Furthermore, legislation may change. These guidelines do not replace consultation with a lawyer.
If you want to learn more about qualified online signatures sign up for our webinar now. We will tell you all about the benefits of online signature and how to successfully implement it in your company.