Agrello blog

How trust works online - legal basis of e-signatures

E-signatures are now a common practice worldwide. Simply a link to a place where you can review your document and draw up a signature is sent to your email. However, have you ever thought why and how it actually works? Everyone could just draw whatever signature in the computer, then claim they did not sign this document. Or can they?
Hando Rand, Head of Innovation/Founder of Agrello
Hando Rand, Head of Innovation/Founder of Agrello
February 11, 2021

What is consent?

To understand what is a signature in general, we must first understand where it stands in basic legal framework. It is important to state that the following explains signature in a default private sector legal setting. There can always be exceptions, which regulate the actual form of a signature in some cases.

In private sector, legal agreements are made more often than we notice. This is because in some agreements we are so trustful about its successful execution that we do not use the measures that could protect us if the opposite side fails to comply. Generally worldwide, a contract is everything where there is an offer and an acceptance. There are some details which might vary from system to system but are not relevant for mentioning for the purpose of this article.

The offer and acceptance events are only binding if there was consent from the person to provide the offer or acceptance. Basically, consent is the skeleton that holds the contract together. In private sector, law does not stipulate how to show consent to be bound by a contract. Law does also not stipulate how to prove consent by the opposing side. I repeat though, there are exceptions. Thus, it is important for the parties to make sure that there is consent from the other side and most importantly, that it can be proved in court. Consent can be shown verbally, by an act, like a payment, or in a form of a signature.

Signature is the simplest way of providing and proving consent in physical world. One thing though, that is commonly neglected, is that when a handwritten signature is given, it should be checked immediately against a travel document, which has a signature example in it. This is to compare, whether the signer wants to do tricks or actually wants to be a part of the contract.

Therefore, make sure that you are getting consent and signatures in a way that makes sure that you can later prove the link of the consent to the contract and the link of the right person to the right consent. This becomes trickier as we delve into the digital world.

How consent is electronically achieved?

In virtual world, the notion of a signature is somewhat scrambled. The problem is that some e-signatures do not actually carry any legal weight with them and thus are not considered as a consent in itself. Such
e-signatures have been popularized by DocuSign and Adobe. However, I am not saying that signing through DocuSign and Adobe means legally nothing. Such e-signature systems are built with the legal framework of proving consent in mind. This means that even if the drawn e-signature has little to none legal force, then what it has is the metadata that was gathered during the signing process. These are email addresses, IP addresses and other metadata which support provenance of consent.

Now some of you might also think that the latter is not enough for proving consent and you might be partially right. The information that is provided by the e-signature platforms go only halfway when proving consent. To prove the consent of the opposing party email address and IP might not be enough. Then proof must be found by putting together the digital persona of the signatory, which hopefully matches the real person behind the signature. The necessary digital persona can be put together among else from circumstantial evidence, which could be previous communications between the parties, previous use of the email (to link the email to a certain person) or has the party already executed some parts of the contract. Mostly these elements exist in business relations and the risk that a signature would be fake or challenged is incremental.

However, not all instances in life have room for the risks being encompassed by such vague method of managing consent. For example many consumer services, healthcare and airline industries. Such business environments need electronic consent mechanisms that do not have any room for fraud, hacking or legal challenging. This is where the Public Key Infrastructure (PKI) comes in. PKI makes sure that the link of consent to the terms and the person is assured with the signature itself.

Thus, if you need strong digital signatures and do not want to take any risks, check out our .ID identity verification based digital signing possibilities from If you just need something simple for putting your initials on a document, you can check out our simple electronic signature features.

Share the post

Let's make something great together!

Get in touch with us