Tungsten Blog
Friso de Jong. Click to know more about author.

Six reasons why we should use digital signatures forever

by Friso de Jong 14. December 2011 03:36 AM

In his debut post as a guest blogger for OB10, Friso de Jong, Founder of the e-Invoicing Trust Foundation, which includes the e-Invoicing Platform, writes about new EU legislation and the use of digital signatures. While on the surface, it could seem as if their role is diminishing, Friso shares his thoughts on why they're here to stay.

Governments in some Latin American and Asian countries have mandated the use of advanced electronic signatures. But if you live in the EU, a new VAT directive is about to have a dramatic impact on the digital signature arena. Or at least that’s how it seems at first sight.

From 1 January 2013, a new European Directive comes into effect, which means that member states should have adopted and published the necessary provisions to comply. The EU Directive allows for e-invoicing in its simplest form in every member state and helps SMEs reap the benefits more easily.

No need for digital signatures

The keywords for the new EU e-Invoicing legislation are liberalisation, simplification, equal treatment, business controls and harmonisation. There is no formal requirement to use technical elements like advanced electronic signatures. But in practice things look very different.

It may sound weird to some, but electronic signatures have their own intrinsic value. So even though they will no longer be a requirement by law after 1 January 2013, I believe you will still keep using them. 

It’s worth noting that ‘electronic signature’ is a legal term. A digital signature is a form of electronic signature based on certificates or PKI. Legally they are called advanced electronic signatures. If you have to identify yourself to receive a digital signature certificate, you have a qualified advanced electronic signature.

Six reasons to keep using your digital signatures

Here are the top-six reasons why I think you should keep using digital signatures:

1. Digital signatures make it easier to prove your fiscal compliance

According to the new EU Directive on e-invoicing you can apply the business controls you have that keep your invoices, payments and book keeping in check to e-invoices.

So, everything stays the same? Almost. By using business controls with e-invoicing the tax authorities assume that everything is okay. But they can ask you to dig deeper to provide more evidence to assure them you comply with the fiscal requirements. Remember, authenticity, integrity and legibility.

Electronic signatures, preferably an advanced electronic signature, offer the fiscal authorities a greater guarantee that you comply. Digital signatures make it much easier to prove your fiscal compliance.

2. Digital signatures make it easier to provide trade law evidence

Among its many purposes, an invoice is a signal to initiate payment. However, on many occasions an invoice just isn’t enough so we resort to sending reminder after reminder, which in some cases it leads to a lawsuit.

Imagine a lawsuit based on electronic invoices, or even worse electronic invoice data. A smart lawyer will try to undermine the integrity, authenticity and legibility of your e-invoice (data). By using a digital signature in the e-invoice, the message carrying the e-invoice, you create irrefutable evidence about the invoice and its contents, which makes the ’e’ aspect of your business transaction a non-issue.

That way you can focus on what is really important: convincing the judge and jury that you are entitled to payment of the invoice amount and additional damages.

3. Think about your reputation and responsibility: a customer-centric professional

Every company has a reputation. A digital signature adds to your reputation. It shows that you are a professional and that you can be verified through the credentials in the digital signature.

Adding a digital signature to an e-invoice is also an extension of the service you offer customers or clients as you help them comply with their fiscal requirements (see point 1 above).

Just because some legislation says you no longer have to use digital signatures, it doesn’t decrease your responsibility as a good business partner.

4. Acquisition fraud: ghost invoices

The electronic world mirrors the real, bricks and mortar world. Just as there is acquisition fraud with paper invoices in the real world, there is also fraud with e-invoices. These fraudulent invoices are used for phishing, installing malware, spreading viruses, espionage and all kinds of purposes.

With the uptake of e-invoicing (and liberalisation in the EU) you can expect an exponential increase in these fraud invoices. With digital signatures in the e-invoice or its message, your customers immediately know that this invoice comes from you as it is verified by a digital signature.

5. Return on investment

This applies to all e-invoicing service providers and companies that have already invested in digital signatures: don’t stop using them. You probably invested in them specifically for e-invoicing or other governmental requirements. If you stop using digital signatures you will not achieve your return on investment (or be able to use the governmental services).

So if you already have a digital signature service in place, keep using it.

6. The rest of the world

While the EU is liberalising electronic invoicing, many (if not most) of the countries outside the EU are following a different path. The Latin American e-Invoicing landscape, for example, has become very strict. To trade with these countries you will need a digital signature and sometimes more than one.

Here to stay

The digital signature is here to stay and it should. The next challenge, however, is making it easier to get one.

To keep up with Friso's thoughts on the development of electronic invoicing, follow him on twitter or The e-Invoicing Platform.

Comments (5) -

Christian Lanng
Christian Lanng Denmark
12/14/2011 6:55:10 AM #

Six reasons you should avoid digital signatures ...

Christiaan van der Valk
Christiaan van der Valk France
12/15/2011 2:46:00 AM #

Not sure this is the right place to contribute a view but here we go.

There is no morning-after pill for invoices.

A company must have excellent evidence that its sales and purchase invoices are real and unchanged. If you are always fully in control and can prove on that basis up thirteen years later and within a reasonable time that every mandatory item on all your archived invoices is authentic, you're good to go in many countries.

If this is not the case, take your precautions.

Countries and cultures differ on these matters. The precaution equation is different if you live or trade in a country where tax auditors start from a degree of trust that their local businesses try to be good citizens. It is also different if your tax administration uses macro level methods and risk analysis on aggregated economic and other data, so that your invoices and accounts become less important in the tax law enforcement process. These conditions are NOT in place in most countries with VAT. Places like Denmark and Finland are nice countries with nice people, clean streets and clean books. For those who think that all of the EU will soon become Finland, I believe you need to start travelling a little more.

You cannot be half pregnant - sorry: half compliant. Evidence is evidence is evidence. Actual proof of integrity and authenticity does not just emerge from your good intentions - it takes continuous analysis and effort. The average VAT rate in the EU is over 20% - more than most companies' profit margins and more than you would want to tell your CFO you must pay back retroactively over your sales or purchases of X years with interest because you were overly confident or simply in your enthusiasm forgot to take precautions.

Smart companies strive to have evidence that can convince a not-nice tax auditor, judge or arbitrator. So how can they do that? Sometimes some form or method is imposed by the law - in that case there is no choice. But increasingly there is a choice.

I disagree with a good number of items on Christian's list (aren't we past the stage where we confuse paper and electronic signatures? can you show me a case where conversion could not be done because parties used signatures?), but of course electronic signatures are not perfect. The ideal thing is to just run your process and have excellent evidence as a zero-effort zero-cost side effect - but if you choose to take precautions, ALL methods to ensure evidence will have drawbacks: if you don't sign the invoice you may need to store significant amounts of other data to corroborate the invoice; set up much more formal processes with pervasive auditable separation of duties; ensure expensive third party audits; make sure that the tiniest process change is documented, approved and logged and the result stored throughout your processes including all service provides that carry or store your data at some point; conclude and maintain extensive trading partner agreements with thousands of suppliers including Pizza Pino and the flower delivery guy...

All businesses are different. That is the reason why the new VAT Directive rules on e-invoicing are good: they create freedom of choice. The options available are NOT "sign or do nothing"; they are "provide excellent evidence any way that suits you". With choice comes responsibility. Choose your precaution. Protection, in whatever form, will have drawbacks of some kind.

Many companies burned their fingers on e-signatures and PKI fifteen years ago. They licensed expensive technology that would not integrate with anything and was clunky to manage. When the bosses of the people who had made these investments evaluated the results (a signed email? a million dollars and 14 month project for a signed email?), careers were compromised. Perhaps many of the people who think electronic signatures are an unacceptable straightjacket have not followed the market much. There are many solutions out there that make the application and validation of signatures an entirely painless and seamless process.

Here's a document along the same lines Friso pitched in:

There is no morning-after pill for invoices. Take your precautions. Judge your options with care, you don't get a second chance. Celebrate your freedoms if you have any, and honour it with responsible choices.

Sandra Higgison
Sandra Higgison United Kingdom
12/15/2011 2:06:06 PM #

Catch up with the discussions on digital signatures on the e-Invoicing Platform LinkedIn group http://linkd.in/tHnuZU

Stefan Foryszewski just posted a comment on the OB10 approach to digital signatures and e-Invoicing.

Robert Frisco
Robert Frisco United States
1/7/2012 3:47:33 PM #

I agree with many of the points raised here. Also would like to share a great resource i found here www.electronicsignature.com/.../

Peter Downie
Peter Downie Spain
2/2/2012 12:01:36 PM #

Interesting comments on both sides here.

But that really is the problem, the fact that this issue obviously creates debate is because despite its best intentions, the new EU Legislation has not clarified things, in fact it has made things less clear.

Few organisations would have invested in and employed Digital Signatures previously, if they had not been deemed  as a requirement. However as they were clearly required it was straightforward.

In the current situation it appears Corporates- Buyers are left to run the risk or shell out Consulting Euros in order to try and clarify the situation.

Pingbacks and trackbacks (1)+

Add comment

  Country flag

CAPTCHA This question is for testing whether you are a human visitor and to prevent automated spam submissions.

  • Comment
  • Preview