Department of Justice Canada / Ministère de la Justice CanadaGovernment of Canada
Skip first menu Skip all menus
   
Français Contact us Help Search Canada Site
Justice Home Site Map Programs and Initiatives Proactive Disclosure Laws
Electronic Commerce Index

UNCITRAL Working Group on Electronic Commerce
Report on the Meeting of September 2000

The Working Group on Electronic Commerce of the United Nations Commission on International Trade Law (UNCITRAL) met in Vienna from September 18th through 29th. At the end of the meeting it adopted a Model Law on Electronic Signatures (MLES). This report sets out the highlights of the Model Law and the discussions leading to it.

Background

In 1996 UNCITRAL adopted the Model Law on Electronic Commerce (MLEC), which removes legal barriers to the use of electronic communications and provides "functional equivalents" to the use of paper documents for legal purposes. The MLEC is the basis for Canada's Uniform Electronic Commerce Act and thus of Ontario's Electronic Commerce Act 2000, currently Bill 88.

The MLEC provides (in Article 7) that where the law requires a person to sign a document, that requirement is met if a method is used to identify the person and indicate his or her approval of the document, and if that method is as reliable as appropriate in the circumstances. This is a very helpful rule in ensuring that electronic signatures can be used with legal effect. It is however very general. People signing documents electronically will want assurance at the time of signing that the method they are using is in law appropriately reliable for their circumstances, so that the signed document will be legally effective. Without case law on the subject, reliability and thus effectiveness was a matter of opinion, debate and uncertainty.

As a result, UNCITRAL asked the Working Group to develop further rules on electronic signatures, to help provide more certainty at the time of signature about the legal effect. The Working Group began its work in this topic in February 1997 and finished at the most recent meeting in September 2000. (The Model Law on Electronic Signatures has still to be approved by the Commission itself, meeting next June in Vienna. It is possible that the Commission will make minor changes to the text.)

Structure of the MLES

The MLES has three main parts: on criteria for reliable electronic signatures; on duties of the three potential functions involved in an electronic signature (signatory, certification service provider, and relying party); and on the recognition of foreign electronic signatures and certificates supporting them. These are set in a framework of rules about the operation of other laws and the rights of the parties to make arrangements that would not follow the Model Law. In addition, UNCITRAL will adopt a Guide to Enactment that explains the history, structure and operation of the MLES and recommends ways for member states of the United Nations to incorporate it into their legal systems. The MLEC has a similar Guide, which is a mine of useful information. (A draft of the MLES Guide has been prepared by the Secretariat and was commented upon by the Working Group. A small part of the next meeting of the Working Group in New York in February-March 2001 will be spent to complete its review of the Guide for presentation to the Commission).

Framework of MLES

The MLES, like the MLEC, applies to commercial transactions only (Article 1). A footnote makes clear that "commercial" is to be given a broad meaning, to cover matters like the supply of goods and services, factoring and agency relationships, construction of works and engineering, licensing, investment and finance, and the carriage of goods. The nature of the parties is irrelevant: public authorities and not-for-profit organizations may be involved in such transactions. While broad, the scope provision implies important limits. It would keep the rules of the Model Law from applying, for example, to uses of electronic signatures that were strictly internal to a corporation, and to many of their uses by public authorities. If an enacting state chose to make its domestic law apply to more transactions than commercial ones - as Canada has done in the Uniform Electronic Commerce Act - then these cases would not necessarily be excluded.

The MLES applies to a broader range of electronic signatures than does the MLEC. The MLEC applies only where the law requires a person to sign something. Signatures that have legal effect, e.g. by supporting contracts, but are not required by law, are not covered. The MLES has rules about the duties of parties to electronic signatures and about their recognition that apply whether the signatures are required by law or not.

There are two limits, however. First, the duties of signatories and certification service providers arise only where the electronic signature can have a legal effect. This is noted in the discussion of Articles 8 and 9 below. Second, the rules generally apply in a way that is commensurate with what the parties undertake. One size does not fit all (but some rules are mandatory nonetheless.) See the discussions under Articles 5, 8 and 9, and 12 below.

Article 3 ensures that the MLES does not prevent parties from establishing the reliability of electronic signatures by any means they choose. It recognizes that some legal rules may impose less demanding standards than others for signing electronically. It also preserves the rights of parties to choose and enforce between them standards higher than those that the general law might find "appropriate to the circumstances".

Article 4 repeats a provision of the MLEC to the effect that the rules fit into general principles of international commerce and good faith. Any gaps should be filled by reference to those principles. The Guide to Enactment to the MLEC (in para 43) sets out some of the likely content of those principles: to facilitate electronic commerce among and within nations; to validate transactions entered into electronically; to promote the implementation of new technologies; to promote the uniformity of law, and to support commercial practice.

Article 5 allows parties to any transaction to derogate from any of the rules in the MLES, except those that are a matter of mandatory rules of applicable law. This is what the Working Group called the "party autonomy" principle.

Article 5 represents a refinement of the operation of the MLEC. There, parties were not allowed to opt out of the Part of the Model Law that described the functional equivalents to paper documents, including the provision on electronic signatures mentioned earlier. However, if other law provided flexibility of form, that flexibility was continued in the MLEC. Further, Article 7 of the MLEC made relevant to determining the appropriate reliability of an electronic signature whether the parties to the transaction had any agreement about the method. Article 5 of the MLES essentially specifies that the only limits to opting out of the rules about electronic signatures are the mandatory rules of the law applicable to the transaction. The MLEC left open the possibility that other reasons for inappropriateness could be found to invalidate a method of electronic signature, even in the face of an agreement of the parties to use that method.

Reliability of Electronic Signatures

Article 6 is the keystone to establishing the reliability of electronic signatures for legal purposes. Paragraphs (1) and (2) restate the MLEC : the method of signatures should be as reliable as appropriate in the circumstances. (In the MLES, one also has to refer to the definition of « electronic signature » to find all parts of the MLEC's provision.) Paragraph (3) sets out criteria for making that determination. If a signature shows the listed criteria, then it is to be treated as equivalent to a handwritten signature, i.e. it will meet a legal requirement that a document be signed. The criteria are these :

  1. « the signature creation data are, within the context in which they are used, linked to the signatory and to no other person »

  2. Since an electronic signature is data in electronic form (definitions are in Article 2 and were discussed at length by the Working Group), whatever one uses to sign will be data. The Model Law borrows from the European Union the term « signature creation data » to refer to this; such data could include private cryptographic keys, PINs, and biometric information used to sign.

    For a signature to be reliable, the data have to point to one person, at least within the context of the signature. The qualification would allow the same signing code for more than one person, but not where it is at all likely to be ambiguous.

  3. « the signature creation data were, at the time of signing, under the control of the signatory and of no other person »

  4. People are safely presumed to control the means for creating a handwritten signature - their signing hand. Traditional cheque-signing machines present similar problems to electronic signatures : they are acceptable often only because the relying party has strong assurance that the purported signer will not repudiate the signature. Banks often insist by contract with the owner of the machine that any cheque signed by the machine will not be repudiated by the owner. For electronic signatures (also created by a kind of machine), the ability to control the use of the signing data is here made part of the criteria for reliability. No doubt some parties will make similar agreements among themselves to support reliance in practice.

    The Working Group discussed at length at several sessions the creation of signatures by multiple parties, or on behalf of entities like corporations. « Signatory » is defined in Article 2 as « a person that holds signature creation data and acts either on its own behalf or on behalf of a person it represents. » This means that a person signing on behalf of someone is the signatory and has the duties set out in Article 8, and not the person on whose behalf the signature is created. The duties and benefits of that person are to be decided under the general rules of agency or other authority in the applicable law. If more than one person is authorized to sign on behalf of, say, an employer, then they all (jointly? corporately?) have to control the signature creation data sufficiently to satisfy paragraph (2).

  5. «  any alteration to the electronic signature, made after the time of signing, is detectable »

  6. The next two paragraphs reflect a debate within the Working Group about the extent to which a signature at law shows the integrity of the signed document. Common law delegates generally said it did not. Civil law delegations generally said it did. (No one doubted the need for a relying party to know that the document was trustworthy; the debate applied only to the function of a signature to show that.) The compromise was to focus in one paragraph on alterations to the signature, which could be understood to refer to any doubt about the link between the signature and the document with which it was linked, and in another with alterations to the document. The test in paragraph (c) is not that a signature that is altered is invalid, but only that the alteration must be detectable. Once detected, the change may have a range of effects, largely within the judgment of the relying party, since the relying party takes the risk if the signature is invalid.

  7. « where a purpose of the legal requirement for a signature is to provide assurance as to the integrity of the information to which it relates, any alteration made to that information after the time of signing is detectable. »

The provision is a standard provision for the characteristics of digital signatures (those created using public key cryptography); it appears in the federal government's Bill C-6 in the criteria for a « secure electronic signature ». In Bill C-6, the notion of secure electronic signature is used in relation to electronic documents that require assurance of integrity in addition to achieving attribution. The Working Group did not decide that this characteristic was needed for any electronic signature to be reliable - unless preserving or showing the integrity of the document is considered an essential function of a signature. This was the civil law view, and civil law countries can be expected to have this provision as part of its criteria for a signature reliable enough to have the same legal effect as a handwritten signature.

Article 6 goes on in paragraph (4)(a) to underline that one need not show all the qualities listed in paragraph 6(3) for a signature to be reliable under 6(1) and thus meet a legal signature requirement. Article 3 arguably already has that effect. Paragraph 6(4)(b) ensures that the finding of reliability under (3) is challengeable in any event.

Paragraph 6(5) repeats the caveat of Article 7 of the MLEC that enacting states may carve out some kinds of signature requirements as exceptions to the general rule. The Model Law does not tell states what signatures should be given special treatment. It is open to discussion whether the need for a carve-out is as strong when criteria for reliability are clearer than they were in the mandatory rules is already guaranteed. Perhaps enacting states will find it clearer to list by statute the places where higher standards are required.

Article 7 anticipates a short cut to reliability: the declaration by an authorized body that a particular method of creating an electronic signature is reliable. This body may be in the public sector or may be a private body authorized by the public authorities to give such accreditation. Any such accreditation must be in accord with recognized international standards, so that countries do not get out of step with each other in the era of global communications.

The Working Group discussed whether to define « recognized international standards. » While no definition was retained, the Guide to Enactment of the MLES will point out that such standards may originate with public or private bodies and may be « standards » adopted by official standard-setting bodies, or guidelines. No doubt there would be some kind of unofficial hierarchy in favour of public standards, if an accreditation authority found that applicable standards varied when it needed to decide about signing methods.

Duties of the parties to a signature

The traditional handwritten signature has two parties: the person who signs and the person who relies on the signature. Some electronic signatures will also have the same two parties. However, many techniques of signing electronically introduce a third function, that of a trusted third party that assures the relying party that the electronic data (signature creation data) are indeed controlled by the person whose signature purports to be on the signed document. This is done by way of « certificate ». The Working Group borrowed another term from the EU Directive on Electronic Signatures and called this person the « certification service provider ». The Working Group recognised that these three functions may be served by two people or by more than three: two where the certification service provider is also the relying party (as with Ontario's Teranet system for electronic land registration); four or more when the functions of the certification providers are split or subcontracted among many businesses. The MLES imposes duties, or a code of conduct, on each of the functions.

Article 8 sets out what the signatory must do. « Signatory » is defined in Article 2, as already noted. A person may be a signatory under this definition without actually having signed an electronic document or without having applied the signature creation data. The duties imposed by Article 8 apply from the mere holding of the capacity to sign, the signature creation data, as it were, whether or not the signature creation data have been used in connection with an electronic document. The main duty under Section 8 is to keep the signature creation data confidential. If someone else can get hold of them, then the person doing so can sign undetectably as the legitimate holder of the data. If the data are compromised, the signatory must notify anyone who reasonably might rely on the data. Even if the signatory has reasonable grounds to think the data are compromised, it must tell the certification service provider, so that party may inform the public - or anyone likely to rely on the certificate - that the data may no longer be reliable.

In addition, where there is a certificate, the signatory has to ensure that the certification service provider has accurate and up-to-date information about the signatory, and so on.

Paragraph 8(2) says that a signatory shall be liable for failure to comply with these obligations. It does not say what kind of liability should be imposed, or whether any limits are appropriate. That was left to national law. Enacting states are by this paragraph simply asked to ensure that there is civil liability to local standards. Since its first meeting in February 1996, the Working Group made a number of attempts to develop a policy statement with respect to the nature, extent and computation of damages, but could not reach a consensus beyond an agreement that resulting liability should be left to the national law. Many delegates thought that private law matters should be kept out of a Model Law.

Article 9 describes what the certification service provider (CSP) is to do. Some of the obligations focus on the certificate and some on making information available through the certificate or otherwise, such as by an on-line statement of policy.

The basic rule is to operate in good faith, do what you say you are going to do, and disclose any problems that might devalue a signature. Again, the CSP is « liable » for failure to comply with the rules, but without any details of the liability regime.

In a certificate, the CSP must identify itself and state who has « control of the signature creation data at the time when the certificate was issued ». There was some debate whether the CSP could know, possibly some time after the signatory signed up for its service, who really controlled the key. It was acknowledged in discussion that « control » under this Article means no more than « holds » as provided in the EU Directive. The notion of control refers to the person who is entitled to use the signature creation data.

Although the Working Group developed Article 9 on the basis that certificates would be issued with respect to signature creation data, well before the signatory actually signed anything, it does not exclude other possible practices. As drafted, the criteria for certificates would apply whether the certificate is issued before or after the signature creation data is used.

Paragraph 9(1)(d) sets out what the CSP must make available elsewhere than in the certificate. Certificates are small, electronically; they do not have the bandwidth for this kind of information. The CSP is not required to maintain a revocation control list (9(1)(e) - and Article 5), but if such a list is not maintained, that must be disclosed to a relying party (9(1)(d)(v)(vi)).

Among the other requirements of a CSP is that it must use trustworthy systems (9(1)(f)). Section 10 of the MLES says what this might mean. It is a non-exhaustive and optional list of factors that can support the integrity of the signed document. The factors focus on the « systems, procedures and human resources » of the CSP. They include the financial resources of the CSP, the quality of hardware and software, the process for issuing certificates, the frequency of audit of the CSP's procedures, and the possession of any accreditation of the reliability of its practices. Other factors may be considered as well, or even instead of, these factors. There was some debate whether this list should merely go into the Guide, but eventually it was thought more likely to be helpful in the text of the Model Law itself.

Article 11 requires the relying party to take reasonable steps to verify the reliability of an electronic signature, and where there is a certificate available, to verify the status of the certificate and to comply with any limits on the value or nature of transaction stated in the certificate. If the relying party does not do these things, it must « bear the consequences » of not doing so. In this case it is not a question of making the relying party liable for anything. If it relies on an invalid signature, it may have a cause of action against those who did not ensure the integrity of the signature system (i.e. the other two parties to the signature). If however it does not take the steps in Article 11, it may not have an action against anyone; it may bear the consequences of its negligence, which is to have a worthless communication, even if it has laid out money in reliance on the signature. On the other hand, relying on the signature without following the steps of caution in this Article may have no harmful consequences at all; the signature may be genuine and valid, even if the relying party does not check. Therefore, liability is not the proper sanction here.

It should be noted that the obligations of all parties to an electronic signature would be commensurate with the technology they choose to employ and the purpose for which the technology is used. Not all legal purposes require the same level of reliability. Someone using a « low-level certificate », as the Working Group called it, would not have the same obligations as someone whose certificate purported to be highly reliable. This result is assured particularly by Article 5 on party autonomy, and its parallel in Article 12 on recognition, discussed below. It is also reinforced by the opening words of Articles 8 and 9. Article 8 starts « where signature creation data can be used to create an electronic signature that has legal effect », in order to eliminate from the scope of the Article those certificates that are not used to support signatures. The usual example given in the meeting was « browser certificates », used by computers to identify themselves. There may be a legal effect or consequence of such an identification, but it is not that of a signature. Article 9 has similar language: « Where a certification service provider provides services to support an electronic signature that may be used for legal effect as a signature ».

Recognition of foreign certificates and signatures

The Working Group gave serious consideration to Article 12 during this meeting, as this article had not been the subject of discussion for some time. Its focus is on recognition, not of any specific process like « cross-certification », in which the foreign certificate is certified in turn by a domestic CSP. Its underlying principle is non-discrimination. Paragraph 12(1) prohibits taking regard of the place where a certificate or signature originated in deciding to give them legal effect in the enacting state. The English version of the Model Law says « geographic location » - the apparently redundant « geographic » is a kind of code to indicate that one could indeed take account of factors in a place that might make signatures or certificates coming from that place unreliable. Only the geography (or nationality or residence) where the signature or certificate originated was an illegitimate factor in judging reliability.

Paragraph 12(2) deals with the principles for recognizing foreign certificates and 12(3) applies to foreign signatures. The rule is essentially that a receiving state has to give the same legal effect to a signature or certificate from offshore than it would to domestic signatures or certificates, if the system in the state of origin is « substantially equivalent » to that in the receiving state. The meeting heard from technical experts that total equivalence was perhaps impossible to achieve between systems, but that substantial equivalence was a workable test. Certificates are to be compared to like certificates, rather than appraising the general practices of a CSP or the whole range of certificates from a CSP.

The Working Group discussed what might be meant by « foreign signature ». This was not a concept readily applied to handwritten signatures. A draft reference to signatures subject to the laws of a foreign state was deleted, because of a general reluctance to interfere with the determination of applicable law. The final wording is « an electronic signature created or used outside the [enacting state] ». Whether it is possible to identify such a signature will depend on the facts of the case.

Paragraph 12(4) proposed in draft a number of factors on which the reliability of foreign certificates or signatures might be judged. After discussion, it was decided that the criteria for trustworthiness and reliability elsewhere in the Model Law would suffice, and the principle of non-discrimination in paragraph 12(1) meant that special factors should not be created for foreign matters. Finally paragraph 12(4) authorizes reference to recognized international standards (meaning the same as it will under Article 7, no doubt) and « any other relevant factor »

Paragraph 12(5) says that an agreement between foreign parties to use particular signing methods among themselves shall be recognized in the enacting state, between the parties. The wording of Article 5 on party autonomy was thought possibly insufficient to guarantee foreign recognition of such agreements, so the rule was made express here. The paragraph helps ensure that parties that agree to use less reliable methods of signature will not be held to the standards of more reliable signatures, unless otherwise prohibited by applicable law. Paragraphs (2) and (3) also speak of giving foreign certificates or signatures the same legal effect as domestic ones, not more, so flexibility at home leads to flexibility abroad.

Conclusion

The Model Law on Electronic Signatures is a modest but real contribution to the development of law on the subject. Its rules are themselves consistent with international practices. Enacting them as law may help the users of electronic signatures to avoid uncertainty.

Naturally any such implementing legislation in Canada would have to be harmonized with or adapted to our existing law. The most obvious example is the discussion in Article 6 of standards of reliability, taking into account the Uniform Electronic Commerce Act, currently being implemented in various provinces and territories in Canada, which does not stipulate a general test of reliability for electronic signatures to be considered valid. The provisions about the duties of the parties to an electronic signature and about recognition of foreign signatures may be more helpful to us. With a Model Law, unlike a treaty or convention, enacting states can pick and choose and amend and ignore as they see fit.

The Guide to Enactment should be considered in detail in deciding to implement the Model Law. Some of the matters currently mentioned in the Guide might be more useful as legislation to the parties to electronic signatures, and to the courts and arbitrators who have to interpret the enacting statute. Implementing states have the discretion to choose specific subjects from the MLES and the Guide that would be more useful as legislation.

More information

Reports of all the meetings of the UNCITRAL Working Group can be found at http://www.uncitral.org/uncitral/en/commission/working_groups/4Electronic_Commerce.html. The text approved by the Working Group is in the report of the September meeting. The draft Guide to Enactment is in WP.86 and WP.86.1, both on the site mentioned. The final text of the MLES and the Guide will be on the UNCITRAL site as well in due course, after approval by the Commission.

Joan Remsu
Senior Counsel
Head of Canadian Delegation

 

Chart: Model Law on Electronic Signatures (The scope of signatures)

 

There are arguably three classes of "signature" in the UNCITRAL Model Law

I:    Legally required signatures

A.    As reliable as appropriate

  • proved by any means - 6(1)
  • proved under 6(3)

B.    Party autonomy - 5, 6(4)

  • may or may not be objectively reliable
  • subject to mandatory rules
  • may be higher or lower standard than in A
  • parties may opt out of or vary duties in 8, 9, 10, 11 as well

C.    Issued or certified abroad and recognized - 12

II    "Legally effective" signatures, not required by law

  • parties intend to bind each other (or have other legal effect)
  • signatures will be used as evidence of source and intent
  • the new Model Law probably intends to "protect" the parties to these signatures, especially the relying parties, e.g. by applying Articles 8 through 11 to them
  • such signatures may become "required", and thus have to meet Article 6 standards, for use in evidence, at least where documents have to be signed to be admitted, or possibly for use with public authorities.
  • if there is any chance that parties will want later to use these signatures for a purpose that requires a signature, then they may have to design their signature processes from the outset to be capable of doing so.

III    "Non-signature" signatures

  • e.g. browser certificates - really just labels, no "intent to sign"
  • Q: do these ever turn into legally effective/required signature?
  • Arguably these should not even fall into definition of "signature"

[All rules and standards are adaptable to the purpose for which signatures or certificates are created, except in applying paragraph 6(3) and mandatory rules of applicable law.]

[The Model Law on Electronic Commerce applies only to class I - legally required signatures ]

 

Last Updated: 2005-11-15 Back to Top Important Notices