A sign of what’s to come: your business and e-signatures


17 October 2016
Posted by Matt Hughes (Studio Legal intern) and Suzy Wood

Are handwritten signatures officially retro? 

On 1 August 2014, the Australian credit card industry formally removed handwritten signatures as the primary method of approving credit card purchases. Many businesses are following suit, with e-signatures increasingly relied on as more and more business is conducted interstate and on the go. But before you throw away the biros, check out our tips for making sure your business has a clear plan for dealing with e-signatures.

  1. What are e-signatures?

An e-signature is any sign or process applied to an electronic document by a person with an intention to sign the document. E-signatures range from the basic (attaching a picture file of the handwritten signature to a document) to the sophisticated (accessing a restricted document via a secure private key, then clicking an acceptance button or entering a code).

Anyone who has ever had to print, sign and scan a contract, then attach the scan to an email (or send the original via post!) will immediately see the appeal of e-signatures. In the modern paperless office, a complete transition to e-signatures could give your business some significant savings in time and resources.

  1. Are e-signatures legally binding in Australia?

Subject to some exceptions, electronic signatures are legally recognised as a valid form of signature under Commonwealth law and Victorian state law. Where a law requires a person to sign a document, the signature must in a method that:

– identifies the person and indicates the person’s intention in respect of the information communicated;

– is reliable as is appropriate for the purposes of the communication, or is proven to be reliable in identifying the signatory and the signatory’s intention; and

– is consented to by the person who requires the signature.

Different circumstances will necessarily demand different levels of “reliability” in the chosen method. So depending on the circumstances, even a simple email signature block, or a picture file of your name on a document, can be sufficient to legally bind you to a contract.

(However, it’s important to note that signature requirements may differ from jurisdiction to jurisdiction, so keep this in mind when you’re dealing with interstate and overseas parties.)

  1. But what are the risks?

E-signatures might be a legally acceptable way of signing a contract, but the essential risk of accepting an e-signature is that the other party may later try to avoid the agreement by claiming that the e-signature was not in fact theirs. You could also be exposed to third parties, or unauthorised employees, signing contracts which you certainly didn’t mean for your business to be bound by.

There is a thriving market for e-signature technologies, with many engineers embedding critical security features such as IP address logging, email authentication requirements, GPS location tracking, and audit trails within the document. But these methods are rarely foolproof: IP addresses and locations can be masked or changed through the use of virtual private networks, and the security of a private key is also open to being compromised (particularly if it is sent by email).

To give your contracts the best chance of being enforceable, remember that the more the technology used is able to restrict entry to the document and verify the identify of the signatory, the better the chance that the document will hold up.

  1. Best practice when using e-signatures

– Steer clear of simply accepting a picture file of a handwritten signature, or the person’s name typed in fancy font, on a document unless you have restricted access to the document in some way which helps to guarantee that the file was placed, or the name was typed, by the actual signatory.

– Insert a provision into your contract stating that all parties have consented to be bound by electronic signature.

– Any software used should help to ensure that the signatory has sole control of the private encryption ‘key’ that they use to create their e-signature. If the private key is sent by email, the email address should first be verified with the owner and it should be guaranteed to be as secure as possible. It is also useful for the software to be able to identify when its accompanying data has been tampered with after the signature has been affixed, and in the case that this is detected, the e-signature should be automatically invalidated. Look for software which uses Public Key Infrastructure (PKI), the most trustworthy technology for authenticating the identity of signatories.

– Secure the final executed document. Businesses implementing e-signatures in their day to day activities need to ensure these documents are appropriately archived, and that access is restricted to avoid tampering. This way, you can help protect the “original” – whatever that might mean in this day and age.



The information in this article is of a general nature. It does not constitute formal legal advice, and should not be relied on as such. Please see the full disclaimer in our website terms. Please contact Studio Legal if you are seeking advice about a specific legal matter