Trust is the cornerstone of commercial activity and can be enhanced in the online world by the use of e-signatures and trust services. In this blog we review the different types of e-signature and consider their legal validity and security for executing contracts and deeds.
What are e-signatures?
E-signatures take many forms including typewritten, scanned, digital representations of characteristics such as a fingerprints or retina scans, as well as electronic representations of handwritten signatures, such as those used when accepting the delivery of a parcel by signing with a stylus and a handheld touch screen device.
Regulation EU/910/2014 on electronic identification and trust services governs the use of e-signatures and trust services in commercial arrangements and categorises e-signatures according to their level of sophistication for authentication and integrity. Namely these are as follows:
(i) “simple”, meaning data in electronic form such as scanned signatures or tick boxes with declarations;
(ii) “advanced”, meaning signatures that are uniquely linked to an identifiable signatory with sole control of the data used to create it (such as through private encryption); and
(iii) “qualified”, meaning those signatures that meet the “advanced” criteria and are supported by a formal certificate issued by a trust service provider.
What are trust services?
Trust services are provided by the qualified service providers listed on the EC’s website. Trust services are used to verify the authenticity of an e-signature and include measures such as:
(i) electronic time stamping, whereby data in electronic form binds other electronic data to a particular time which proves that the data existed at a particular time;
(ii) electronic seals, which are incorporated into a document to guarantee its origin and integrity; and
(iii) website authentication, a certificate allowing users to verify the authenticity of a website and its link to the website owner.
The UK’s draft withdrawal agreement from the European Union anticipates that a reciprocal arrangement for accepting information in electronic format will continue after Brexit at least for the duration of a transition period.
Contracts
Contracts for commercial arrangements can be made orally or in writing (including through a variety of electronic communications including by email, acceptance procedures and text message). Signature of the parties is a strong indication of their intention to create legal relations. English law allows for e-signatures of all complexities to be used as the basis for entry into a contract with equal treatment to execution by wet-ink signature, so long as the signatory intends for the e-signature to authenticate the document.
E-signatures can be quickly generated and are likely to be more efficient from a cost and time standpoint in high-volume transactions on standard terms (where there is limited scope for negotiation). That said, the need for security may prevail over convenience in high value transactions where sophisticated e-signatures with a secure link to the owner would more usually be used for authentication purposes.
Deeds
The main difference between a deed and a contract is that deeds must be in writing and there is no need for consideration (i.e. payment in some form) for a deed to be legally binding. There is a statutory requirement in certain types of transaction for the parties to use a deed, for example land conveyances or the release of a debt. The execution requirements are also more complex for deeds. For example, the Companies Act 2006 provides that one director may sign on behalf of the company in the presence of a witness, or two authorised signatories may sign on behalf of the company.
The statutory requirements for signing an agreement must also be considered in line with any requirements prescribed by the company’s articles of association. If the articles do not include provisions governing the use of electronic or wet-ink signatures then the company may execute a deed by e-signature. In the case of a deed, the witness who attests the signature must have actual sight of the live signing. It is considered best practice for the witness to be in the same location as the signatory but the requirement can also be fulfilled by using a live videolink. The witness may either attest the signature by affixing their own e-signature or use a wet-ink signature, subject to any provisions of the company’s articles.
Key considerations
- Suitability: legal advice should be sought when contemplating whether to sign documentation by e-signature.
- Trust services: can be used to ensure the security and legal validity of electronic activity and may be helpful where e-signatures are being used.
- Public bodies: a wet ink signature is required for filing documents with certain public bodies such as HMRC, the Land Registry and Companies House (for example stock transfer forms for the payment of stamp duty).
- International arrangements: it is best practice to discuss the use of an e-signature to execute an agreement with the counterparty in advance, particularly if they are based outside the EU where e-signatures may not be common place or enforceable.
- Legislation and constitution: ensure the manner of the execution satisfies the necessary statutory requirements and the company’s articles of association;
- Witnesses: when executing a deed, make sure the witness genuinely observes the act of signing.
If you require such assistance, or you would like to enquire about how else the team could help with your company’s affairs, please contact a member of our technology law team.
Latest blogs and news
Why does software ownership matter? Six key legal takeaways for tech businesses
For founders, investors and anyone involved in the tech sector, understanding who owns your software and how to prove it is critical. Whether you’re seeking investment, planning an exit or simply aiming to protect your IP, clarity on ownership can make or break a deal
Court of Appeal clarifies data protection claims for non-material damage: A win for claimants - But what are the implications for controllers and processors?
The Court of Appeal has recently handed down an important decision in respect of data protection law considerations in Farley & Others v Paymaster (trading as Equiniti) [2025] EWCA Civ 1117, providing clarity on the scope of infringement and compensation data protection claims under the UK GDPR and Data Protection Act 2018 (“DPA”). The judgment will be of particular interest to any service provider dealing with and processing large volumes of customer personal data.
Three Cautionary Tales for UK Tech Companies
In tech, the law often arrives after something has gone wrong. Here are three cautionary tales* and the lessons every founder, CTO and in-house counsel should take away.
Top five takeaways from the Data (Use and Access) Act 2025
The Data (Use and Access) Act 2025 (the “DUAA”), which received Royal Assent on 19 June 2025, introduces targeted reforms to the UK data protection legal framework — particularly the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (“PECR”).
A game changer for data processors? The ICO issues a significant fine against a processor
The recent cyberattacks on major UK retailers have put cybersecurity back in the spotlight. But a more significant development for data protection practitioners has been flying under the radar: the Information Commissioner’s Office (ICO) has issued a notable fine directly against a data processor for breaching UK GDPR security obligations - an important shift in enforcement focus.
Key takeaways: What recent consumer law reforms mean for service providers
On 6 April 2025, the first wave of consumer protection provisions under the Digital Markets, Competition and Consumers Act 2024 (“DMCC Act”) came into force, marking the most significant overhaul of UK consumer protection law in over a decade.
Boosting cybersecurity: New Software Security Code of Practice for software vendors
In the wake of recent high-profile cyber-attacks on major retailers like Marks & Spencer and Co-op, the UK government has launched a new voluntary Code of Practice for software vendors at its flagship cyber security event, CyberUK 2025. This initiative sets a dynamic baseline for software security and resilience, aiming to help prevent such breaches in the future.
Ofcom’s new draft guidance for ‘a safer life online for women and girls’ as part of its OSA consultation process
The Office of Communications, commonly known as ‘Ofcom’ (the regulator for communication services) is calling on tech firms to make ‘the online world safer for women and girls’.
Reflections from an Exclusive Roundtable at The Ivy: Top 10 Takeaways on AI Regulation
Last week, I had the pleasure of hosting an insightful roundtable dinner at The Ivy in Covent Garden, London, bringing together thought leaders, industry experts, and business owners to discuss one of the most pressing topics of our time - AI regulation. Co-hosted by the brilliant Fred Becker, CAO of Unlikely AI, the conversation was rich with diverse perspectives, practical concerns and strategic insights.
EU Data Act: Are your SaaS contracts ready for September?
The EU Data Act is set to reshape the data landscape, and while its full impact will unfold over time, some key provisions are coming into effect this September that SaaS providers need to be aware of now. Specifically, we're talking about the rules around data switching, and how they'll likely require you to update your standard terms and existing customer agreements.
The UK-US Data Bridge: A Shift in Transatlantic Data Sharing
On 12 October 2023, the UK-US Data Bridge (the “Data Bridge”) came into force, transforming the way both nations handle the flow of information across their borders. In this blog we explore the position before and after the introduction of the Data Bridge, looking at the key implications, benefits and challenges associated with the transatlantic data-sharing initiative.
Is your online business caught by the Online Safety Act?
The Online Safety Bill recently received Royal Assent and became law in October this year (the “Act”), at which point the Office of Communications (“Ofcom”) was granted broad powers to regulate online service providers. Essential detail concerning the legislative framework within the Act will be disclosed in the course of consultation and stakeholder engagement concerning the secondary legislation, codes of practice and guidance which will underpin the Act.
SVB’s rescue is an unexpected credibility boost for the UK Science and Technology Framework
The rescue of SVB showed that the UK government not only acted decisively in relation to a critical sector for the UK economy, but in the process showed that its newest policy Framework can involve meaningful action as well as words
Software support helpdesk services – key contracting principles
In our recent blog, we explored why a Framework Agreement structure is typically the most appropriate customer contracting model for IT managed services providers (“MSPs”) and IT consultancies which offer a diverse product and service offering. Whilst our initial blog focussed on the purpose and terms of the Framework Agreement itself, that document is merely the starting point, given that a Work Order is also needed to document specific terms relating to each product or service offered by an MSP or IT consultancy. A typical service offering is a dedicated software support helpdesk, usually provided to support each of the software products offered by the MSP or IT consultancy to its customers. This blog considers a handful of the key issues to bear in mind when documenting the terms of a Work Order relating to the supply of a software support helpdesk service.
Framework Agreements: the customer contract model for technology service providers
Many businesses lack comprehensive in-house IT expertise and resources to fully implement and manage all of their IT infrastructure requirements. IT managed services providers (“MSPs”) and IT consultancies plug the gaps by typically offering a diverse range of IT services and products to lighten the burden on their customers’ in-house IT teams (or to even remove the need to have an in-house IT team).
Data: A New Direction - Unleashing the transformational power AI?
In this blog series, we will review the key proposals for reform of data protection law within the Government’s consultation paper ‘Data: A New Direction’. We will consider how far the Government will stray from the current path and signpost some potential pitfalls and practicalities for consideration along the way.
The new cookie conundrum
Potential reforms to UK data privacy laws will change the way that cookies work on websites - businesses need to prepare now.
Lifecycle of a tech startup series: Preparing to raise investment
In the last instalment we talked about the ways in which the founders of KNow Wear Limited could protect the intellectual property in their business. Since then, the business has been progressing well and our founders have been working on developing a prototype.
Lifecycle of a tech startup series: Intellectual Property
In our last instalment our founders, Sarah and Chris, considered the basics in establishing their tech startup and they incorporated a company under the registered name ‘KNow Wear Limited’.
How the tech sector can make the most of the UK’s new immigration rules
Many companies in the tech sector will be aware of the new immigration system and Skilled Worker category opening in a couple of weeks on 1 December. For those companies without a sponsor licence, they will need to apply for one in order to recruit both non-EU and EU citizens. EU citizens resident in the UK before 11pm on 31 December 2020 can apply to the EU Settlement Scheme.
You may also be interested in:
We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.
Share insightLinkedIn X Facebook Email to a friend Print