E-signatures: are they legally binding and how do I prevent their unauthorised use?


Almost everyone over the age of 18 has likely been asked to use an e-signature at some stage in their life. Whether it be e-signing a delivery from a courier or using a digitally encrypted e-signature such as DocuSign to execute an agreement.

But are e-signatures legally binding and, if so, how do you prevent their unauthorised use?

Legal requirements

An electronic or digital signature is an indication of a person’s approval or acceptance of the information contained in an electronic document.

In Queensland, the Electronic Transactions (Queensland) Act 2001 provides key criteria that e-signatures must meet to be binding:

  1. a method is used to identify the person and to indicate the person’s intention in relation to the information communicated (e.g. providing approval via an email);
  2. the method used was to indicate the person’s intention to be bound by the document and the method was reliable and appropriate noting the type of document being signed; and
  3. the person to whom the signature is required to be given consents to receiving a signature in electronic form.

Do you still need to “wet” sign material?

Queensland has not progressed to a point where e-signatures have wholly replaced “wet” signatures. Several excluded transactions which require a “wet” signature are:

  1. the witnessing, swearing and verification of documents; and
  2. transactions (e.g. inter-bank payments and transferable documents where the bearer is entitled to claim delivery or payment).

When to implement e-signatures?

If your business is not required to keep records in a particular format, you should consider whether a digital or “wet” signature should be used.

Some important considerations include:

  1. a risk assessment for the use of e-signatures – e.g. contractual documents over a certain value;
  2. undertake a legal review to ensure your business is not required by legislation or other policy to utilise ‘wet’ signatures;
  3. liaise with your IT providers to ensure if e-signatures are to be primarily used and are protected through encryption; and
  4. ensure you have systems and processes in place to appropriately manage the documents and track variations.

How do I reduce my risk of unauthorised use?

While the levels of security vary between providers, it is important to have robust security and protection with the service and the type of document you are wishing to secure.

At a minimum, your platform choice should have ISO 27001, which is an information security management system. This provides a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

Further considerations:

Electronic record

Unlike wet signatures, e-signatures also come with an electronic record that provide an audit trail and proof of the transaction.

Completion notice

This process can include more specific details about each person signing the document.

Tamper-evident seal

Once signing is complete, all documents are digitally sealed using an industry standard technology called a Public Key Infrastructure.

Methods of verifying

The technology behind e-signatures offers multiple options for verifying a signer’s identity before they can access the document and sign.

Which system should I use?

The type of platform you select will depend on the information you need to collect. If it is simply a data collection exercise, a simple web form may be sufficient.

If you need to collect payment information or sign a legal document, further security considerations should come into play. DocuSign is common due to its ease of use. Alternatively, you can use an electronic signature app.

The platform you select should be considered and tested by your IT and legal team to ensure it not only covers what you require, but is legally binding, while remaining safe for all parties.