Digital Signatures vs Reality: Why E-Signature Laws Need a Reality Check?

- A conversation with our CEO, Dr.Charles Wu

Electronic signature laws are notoriously difficult to draft, revise, and interpret.

They must balance legal provisions, real-world applications, cybersecurity controls, AND technical standards.

This multifaceted complexity demands not just theoretical understanding, but practical insight into how these technologies actually function in diverse scenarios. 

The Need for Better E-Signature Laws

When I developed and deployed video-based electronic signature technology for medical consent forms, the adoption rates were remarkable.

More than half of Taiwan's hospital beds—over 70,000 out of 130,000—implemented the solution, streamlining medical processes while simultaneously safeguarding patient rights. 

My eIDAS compliance reviews further reinforced the importance of balancing legal frameworks with technical rigor. Europe’s approach demonstrates how law and technology can converge to ensure electronic signatures achieve true reliability, security, and legal validity.

Their methodology revealed a crucial insight that shaped my perspective on the entire e-signature landscape: effective regulation requires nuanced understanding of how different signature technologies serve different purposes.

Creating sound legal frameworks that accommodate diverse electronic signature applications represents a critical milestone in a country’s digital transformation initiatives.

Taiwan's digital affairs ministries and legislative bodies have made significant progress modernizing these laws, though current regulatory frameworks still require refinement and clarification in several key areas.

Electronic Signature ≠ Digital Signature 

Digital signatures rely on certification authorities and encryption algorithms—think of them as the digital equivalent of official seals from the paper era. This analogy helps explain their function, BUT not every signing scenario requires or benefits from this level of cryptographic complexity. 

High-stakes legal transactions involving significant obligations, sensitive data, or financial risks—such as property transfers, major contracts, estate planning—typically require parties to appear in person, present identification, and sign before authorized officials.

These scenarios prioritize legal certainty and dispute prevention over convenience. In such contexts, remote certificate-based digital signatures, despite their technical sophistication, may not fully satisfy the legal or practical security requirements.

Conversely, many everyday signing scenarios present different priorities entirely.

Hospital patients signing medical consent forms represent a perfect example of this mismatch. These individuals, often dealing with medical stress and time constraints, rarely possess digital certificates or digital ID.

Requiring them to obtain and use such certificates would create unnecessary friction in healthcare delivery.

However, just because digital signatures are not suitable doesn't mean other forms of electronic signatures can't be used to create legally binding agreements.

Video-based e-signatures allow patients to sign directly on a touchscreen while being recorded. These systems capture the physical signing act, provide proof of their consent, and maintain non-repudiation capabilities that match traditional handwritten signatures' legal effectiveness.

The technology adapts to human behavior rather than forcing humans to adapt to technological constraints.

Balancing Risk Management and Technological Innovation

The rapid evolution of electronic signature technologies today has created a rich ecosystem of options, each with distinct characteristics and optimal use cases.

Traditional digital signatures, with their reliance on public key infrastructure and certificate authorities, have long been positioned as the "gold standard” due to their cryptographic foundations.

Biometric signatures (fingerprints, facial recognition, and similar technologies) take a different approach entirely.

They're much closer to traditional handwritten signatures, focusing on what makes each person unique—their biological characteristics. These capture the personal, human element of signing while leveraging modern verification capabilities.

Now the question is, why are digital signatures often prioritized over other types of electronic signatures, and does this truly uphold the principle of technological neutrality?

True technological neutrality means laws should regulate based on function and effect, not specific technologies.

From this perspective, treating digital signatures as the only "real" electronic signature clearly goes against technological neutrality.

International standards for e-signatures should focus on covering a variety of electronic signature technologies and categorize them based on their security, reliability, and legal validity.

In many cases, biometric signatures better capture a signer's true intent. For wills or medical consent, a biometric signature system that records the signing process might actually provide stronger evidence of voluntary action than certificate-based digital signatures, while reducing fraud risks.

So, international standards should embrace: 

• Diversity: Cover multiple e-signature technologies, including digital and biometric signatures. 

• Security: Define clear requirements to ensure authenticity and non-repudiation. 

• Legal Validity: Clarify enforceability across jurisdictions. 

• Interoperability: Enable cross-border compatibility between systems.

  
  

A graded system of assessment, validation, and compliance is the critical next step to clarify uncertainties, mitigate risk, and prevent disputes.

Global Framework Leadership: Learning from eIDAS

The European Union’s eIDAS regulation remains the most advanced and comprehensive framework for electronic signature governance, classifying signatures into three tiers based on risk and legal requirements:

• BES (Basic Electronic Signature) - Simple electronic processes indicating approval 

• AES (Advanced Electronic Signature) - Stronger identity verification with unique linkage to the signatory 

• QES (Qualified Electronic Signature) - Highest level requiring qualified certificates and secure creation devices 

  
  

By contrast, Taiwan and many other countries currently distinguish only between “electronic” and “digital” signatures—a simplification that may hinder alignment with international standards and domestic adoption.

The EU is now advancing eIDAS 2.0 to further integrate digital identity and improve interoperability, demonstrating that even advanced frameworks must remain adaptive.

Current trends indicate that e-signatures will evolve toward diversification, mobility, decentralization, and deeper integration with digital identity technologies.

So, the development of international standards for electronic signatures is crucial for promoting their global application, with growing emphasis on biometric-based e-signatures that enhance both security and user experience.

Future Outlook: Toward Technological Coexistence

The emergence of biometric e-signatures resolves many limitations of traditional digital signatures and has already proven successful across healthcare, finance, and real estate.

Recent legislative amendments in various jurisdictions have removed legal barriers, opening doors for broader adoption and industry growth.

Whether digital or biometric, each e-signature technology has unique strengths, weaknesses, and applicable scenarios. But the goal remains consistent: digitally and securely expressing a signer's true intent while ensuring non-repudiation.

In an era of escalating cybersecurity threats, just as physical seals and handwritten signatures once coexisted, the future demands an integration of "tokens" (certificate-based credentials) and "biometrics" (identity-based verification).

This balanced approach offers the best path toward ensuring trust in our digital age.