Many companies around the world and across industries now use digital signatures to conduct business transactions—but incompatible digital signature technologies traditionally have made the process cumbersome, not to mention fraught with security weaknesses. A group of cloud-service providers is now looking to change that.
Paper signatures are the slowest and least efficient way to sign a document and certainly the least secure. According to a global survey conducted by IDC—a market research, analysis and advisory firm—46% of 1,518 line-of-business leaders surveyed said they aren’t sure they always have copies of all signed agreements. More than a third said they have problems with agreements that are missing signatures, initials, or dates—or that have been signed by the wrong person.
Another 51 percent of respondents to the IDC survey said they have problems with documents that are misfiled or lost. “The biggest problem is the lack of process visibility,” says Melissa Webster, leader of IDC's Content and Digital Media Technologies research program.
To help enhance operational efficiency, document security and customer experience, companies across the globe are shifting toward digital signature technology—such as for use in commercial contracting practices and procedures, for example. Digital signatures use a digital ID—an encrypted string of characters—issued by a trusted certificate provider to help senders of digital documents prove its authenticity. Digital signatures are unique to the signee, reducing the risk of forgery and tampering.
Historically, however, a complex web of legal frameworks around the world associated with e-signatures has created significant compliance challenges. Since 2000, U.S.-based companies have depended on the Electronic Signatures in Global and National Commerce Act (E-Sign Act) to legally protect electronic records and signatures for transactions in or affecting interstate or foreign commerce.
Trading in the European Union, however, hasn’t been so straightforward, where each member state has had its own set of laws and regulations. That changed on July 1, when the European Commission adopted the “Regulation on electronic identification and trust services for electronic transactions in the internal market” (commonly referred as “e-IDAS regulation”), whose overall intent is to create a uniform regime across the EU for the mutual recognition of electronic identification between member states.
“This regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union,” the regulation states.
From a practical standpoint, companies in the cloud-services industry say some technical work still remains before every corporate user can securely use digital signatures on all devices, including today’s mobile, iPad, or laptop devices. That’s why a group of industry leaders, mostly in the cloud-service provider space, decided to form the Cloud Signature Consortium to build a new open standard for cloud-based digital signatures.
“The consortium represents a cross-industry effort working toward a specific, measurable goal: a true technical standard that defines a common architecture, building blocks, and communication protocols for cloud-based digital signature transactions,” Lisa Croft, Adobe, senior product marketing manager for Adobe, a founding member of the consortium. “Adobe is working with these industry leaders to enable global marketplace solutions that work across mobile, web and desktop—and to meet market expectations to sign documents anytime, anywhere, and in any application.”
Currently, digital signature technology operates on dissimilar architectural platforms and most of them are incompatible with each other, posing significant challenges for key players in the global digital signature market. The shortcoming in some cloud-based digital signature solutions is that they are proprietary, limiting the choice of trusted certificate providers. “This prevents developers of mobile apps and other technologies from building tools that increase the reach of digital signatures across different platforms and applications,” Adobe said.
The consortium aims to publish new standard specifications by the end of 2016, at which point those standard specifications will be provided to vendors so that they can decide if they’d also like to build upon the standard, Croft says.
Additionally, the standard specifications will be provided to a standard-setting body to help build momentum for global approval of the standards. Says Croft: “It must satisfy the highest level of compliance and security, which is very important with regard to digital signature.”
Currently, 13 organizations participate in the consortium. Adobe is the only global digital signature provider in the group; others are based in Austria, France, German, Italy, Norway, Poland, Spain and Switzerland.
More cloud-based digital signature providers, trust services providers, academics, and standards- and security-focused organizations are encouraged to join. More information may be found here.