Digital signatures, security and global interoperability

Share this...

By Carrie Peter, Managing Director at Impression Signatures, Advocacy Committee Vice-Chair at the Cloud Signature Consortium

As the world has moved online, so have those interested in taking advantage of people and companies using online tools. The shift toward global business systems is no different. The rise of products or systems with interfaces that support global interoperability is steep and growing exponentially. With it, the risk of operating online increases across the world too.

South Africans need a valid VISA to enter 95 countries around the world. Why? To ensure they are who they say they are; to prove their identity. This practice is the key to bolstering security when operating online, and using products and systems that operate digitally, whether locally or globally. This is how trust can be established. With trust, comes certainty, safety, and the ability to operate across geographies – unlocking immense economic opportunities.

This begs the question – how is identity proven in a digital or electronic setting? Here the role electronic signatures plays cannot be overstated. This is not a new concept. Wet signatures have been used to prove identity for millennia. It’s no wonder then, that in a digital world, electronic signatures effectively bring identity certainty to transactions. This digital identity, and the responsibility of trusted service providers facilitating this process, are the cornerstones of doing business remotely.

This is achieved through the development of Public Key Infrastructure (PKI). PKI comprises procedures, technologies, and policies that are purpose-built to create and manage Digital Certificates – through encryption. Using Public Keys, PKI drives secure online operations and communications. PKI is widely used across network security layers – from application to presentation, session, transport, network, and data link. The reality is that building digital identity services without PKI is like building a house without a foundation. It might look good, but it won’t last – and it’s definitely not safe.

If it were impossible to rely on the fundamental integrity of consent and transactions, the ability to transact would be wholly undermined. Similarly, trust in PKI is the foundation necessary for any truly valid digital identification. In recognition of this, and in an attempt to protect their citizens, most countries have implemented some form of PKI regulation. These regulations routinely introduce protection for digital and electronic signatures. Similarly, the Cloud Signature Consortium (CSC) is actively building a standard for cloud signatures.

While elaborating on trust and identity, these regulations and standards also make one fact clear: today, eSignatures have become a human right, entitling users to participate in the digital economy. In most countries, PKI legislation creates undeniable legal support for eSignatures, covering everything from common law applications to PKI and eSignature specific legislation, and legislation relating to transactions specifically.

In March 2024 African regulators gathered to form the Africa PKI Forum, an organisation looking to become responsible for the proliferation and adoption of PKI services across the continent. The primary objective of the forum is to develop a framework for interoperability and mutual recognition between African countries. The Forum has requested the presence of the CSC in an observer and advisory capacity to facilitate the development of these frameworks.

The adoption of PKI and eSignature legislation in Africa has accelerated in the last five years, motivated by the shift towards online services post covid. The economic advantages of digitised services to African citizens are obvious, in recognition of this governments are moving to create the appropriate policy proposals.

Locally, in South Africa, a new piece of government policy was published on 31 May, establishing the government’s approach to cloud services. Two important references to interoperability in this document are: the conclusion of the African Continental Free Trade Area, (ACfTA); and how the African Single Digital market and digital identity will rely significantly on data-sharing within different jurisdictions. This is a strong move toward continental interoperability and a massive opportunity for cloud-based identity solutions through Africa.

What is crucial is that these regulations and policies are enforced. The CSC is uniquely positioned to offer true global interoperability through its conformity checker and API. Here new regulations like European Union’s new Regulation on Identification and Trust Services (eIDAS) are setting rigorous requirements for secure signatures, in a way that is expected to influence the entire global industry. The CSC aims to make it simple for businesses and governments to comply with this new regulation successfully. The vision is to create a single digital market, across Europe and the globe.

With its strong API and certification, the CSC strives to ensure risks are mitigated and transactions are secure the world over. It operates with a commitment to driving the standardisation of highly secure and compliant digital signatures in the cloud. As it continues to change the digital signature landscape, the CSC is tipped to become the global conformance body in eSigning.