The Revision of "Electronic Signature Law', A New Blueprint for The Future of Digitalization
Taiwan, despite its well-known global reputation as a "tech-savvy" country, has a surprising fact: The heavily paper dominated document processing, even during the pandemic. Many official administrative documents are carried out using signatures and stamp, which is environmentally detrimental and consumes a significant amount of energy, resulting in an overwhelming amount of pollution.
Some may think that the reason for the uncommon usage of electronic signatures in Taiwan is due to the absence of laws related to electronic signatures. However, in reality, Taiwan's "Electronic Signature Act" was passed on November 14, 2001, and officially implemented the following year, with more than 20 years of implementation up to this year.
The primary issue with the "Electronic Signature Act" is its inadequate description of electronic signature or digital signatures. Article 2 of the act only defines electronic signature as data attached to and associated with an electronic record, executed with the intention of identifying and verifying the identity or qualification of the signatory of the electronic record and authenticating the electronic record. As a result, many exclusion clauses still apply to electronic signatures, particularly in government departments. This makes it challenging for individuals or businesses to determine which electronic signature product is compliant and suitable for specific circumstances, prompting them to revert to traditional paper signatures.
As electronic signatures become an increasingly prevalent international trend, the obsolescence of prior regulations is becoming apparent. To live up to its reputation as a technologically advanced country, Taiwan must digitize most of its paperwork processing to expedite efficiency. In this case, the law needs to clearly define the specifications of available electronic signature products on the market, leading to an urgent revision of the "Electronic Signature Law".
Use Cases of Electronic Signatures
The United States introduced the Electronic Signature Act (ESIGN Act) in 2000, enabling Americans to use electronic signatures for everything from contracts to court documents. In its 2022 interim report, the Industry Working Group (IWG) under the UK Ministry of Justice stated, "The group's view is that electronic signatures can and should be widely used today, and members of society should have confidence in them."
Electronic signatures are not only an exemplary demonstration of the government's commitment to environmental protection, but also a policy actively promoted by governments around the world. The California Natural Resources Agency (CNRA) has introduced electronic signature products, resulting in a 75% reduction in time-consuming paper-based transmissions.
Moreover, the UK government's Department for Digital, Culture, Media and Sport (DCMS) is currently establishing a framework for digital identity and trusted attributes. In 2022, the UK government signed a Digital Economy Agreement (DEA) with countries such as Japan, Australia, New Zealand, and Singapore to further address the issues of electronic signature applications in cross-border business and transactions.
The government's confidence in electronic signatures stems from industry trends. According to market research reports, the global electronic signature market was valued at approximately $1.527 billion in 2021 and is estimated to grow to $12.721 billion by 2030. This strong growth momentum supporting the trend comes from the global cross-industry demand for personal data security, ESG, and remote work scenarios. Therefore, in addition to traditional software applications, the performance of electronic signatures in banking, financial services, and insurance-related scenarios is also notable.
The New Turning Point of Electronic Signatures: New Technology, Framework, and Trend
One of the reasons why electronic signature or digital signature has not been as successful as expected is due to the doubts in security and usability. Although electronic signatures are convenient, they are difficult to authenticate the signer's identity and their signature trail is not reliable. As for digital signature, it often requires physical cards or tokens for identity verification, making it inconvenient for users.
This leads to how crucial it is to find an electronic signature product that can meet both security and usability requirements. Fortunately, with the advancement of technology, the collection and application of biometric information have become quite mature. There are already many non-invasive methods of collecting biometric information such as facial images, fingerprints, voiceprints, handwriting, and iris scans that can be applied. Biometric information is the key solution needed for electronic signatures.
The advancement of blockchain technology also offers new possibilities for virtual products in terms of encryption. Blockchain records any changes or edits made to the signature, strengthening the anti-counterfeiting capability of electronic signatures. By combining random hash codes and mathematical methods for encryption, signing documents with higher-risk and legal purposes with electronic signatures is now possible, even more effective in terms of security compared to paper-based signatures.
ThinkCloud Technology has combined both of those aspects and developed SelfieSign, a dynamic biometric electronic signature solution’ that differs from the usual ‘digital signature’. Its unique feature is that SelfieSign records the signer’s image, surrounding audiovisual recording, and records information such as GPS location and time during the signing process. This allows the signing process to be retraced and authenticated, providing unique and irrefutable evidence for electronically signed documents.
Choose The Appropriate Electronic Signature Level of Assurance According to Your Needs
Beyond the technological aspect, industry, government, and academia also established a set of evaluation standards to distinguish the effectiveness of electronic signatures, known as LoA (Level of Assurance). Each electronic signature is divided into four levels based on the strength of the identity data required during account registration, the complexity of the verification mechanism, the level of risk associated with the usage scenario, and the trustworthiness of the signature or token required during signing. The higher the level of the signature product, the more identity information is required during registration, the stronger the trust mechanism for the signature or token, and the more factors are needed to verify identity.
For example, LoA1, the lowest trust level electronic signature, only requires an email account to register for and can be used in low-risk scenarios such as signing up for gifts or simple free account registration. These scenarios do not require strict identity verification, but rather prioritize ease of use and quick signature completion that can be easily replicated.
In contrast, LoA4, the highest trust level electronic signature, may require in-person registration, binding with hardware security keys during signing, and multiple-factor authentication due to its correspondence with high-risk scenarios such as transactions involving large amounts of money or important legal documents. These requirements are worthwhile for users to tolerate to obtain the highest level of security.
Similarly, the European eIDAS regulation also divides the effectiveness of electronic signatures into three levels based on identity verification strength and whether it is trusted through a service provider, known as SES (Simple Electronic Signature), AES (Advanced Electronic Signature), and QES (Qualified Electronic Signature), which is similar to the concept of LoA.
By classifying electronic signatures into different levels based on their form and effectiveness, users can clearly know which level of electronic signatures to use and effectively reduce disputes when adopting electronic signatures.
SelfieSign is an advanced electronic signature solution that doesn’t only identify the signatory, but provides a strong evidence connecting the signature and the signer by recording the whole signing process, capturing the situation both visually and by audio, added by the encryption of hashcode in all document signed by SelfieSign. With this high level of security, SelfieSign meets the requirements of AES level of eIDAS regulations and the highest level of LoA4 with multiple verification method.
In the situation where only LoA1 is needed, SelfieSign has the functionality of allowing document managers to simply turn off the setting of video recording in the signature block requirement during the template setting.
As Taiwan's digital transformation accelerates, it is necessary to revise the Electronic Signatures Act. Responding to industry demands, the government has established the Digital Development Department and is considering amending the Electronic Signatures Act. We hope to contribute to Taiwan's digital software industry and seize opportunities in the global market.