Question:
Lawyer, what risks might our Company face when accepting electronically signed contracts? What considerations should be kept in mind when signing contracts using electronic signatures?
Response:
Potential risks when accepting electronically signed contracts
1. The digital signature does not meet regulatory requirements.
If the digital signature on the electronic contract does not meet the conditions to be considered a valid electronic signature, there is a risk that the contract will be deemed invalid. According to Article 3.11 of the 2024 Law on Electronic Transactions, an electronic signature is a signature created in electronic form attached to or logically associated with a data message to identify the signer and confirm the signer’s approval of the data message.
2. The electronically signed contract is lost or not properly stored.
Some service providers may limit the time during which the electronic contract is stored in their system, while the Company may also fail to properly store the electronic contract, leading to its loss or absence in the Company’s internal records. In such cases, the Company will not have evidence to prove its claims in the event of a dispute with a customer regarding the electronic contract.
3. The contract was signed without proper authorization.
Unlike handwritten signatures, digital signatures can be made by anyone with access to the account, password, security token, and token-receiving device, creating the risk that the individual signing the electronic contract is not the Company’s legal representative but an unauthorized person.
Considerations and risk mitigation solutions when signing electronic contracts
1. The digital signature does not meet regulatory requirements.
Before signing the contract, the Company should verify the certification license of the public digital signature certification service provider.
2. The electronically signed contract is lost or not properly stored.
The lawyer recommends that the Company ensure proper internal storage, create a "vi bằng" (bailiff's report) for the signed electronic contract, or negotiate with the service provider to ensure the electronic contract is stored and can be retrieved when necessary.
3. The contract was signed without proper authorization.
The Company can establish internal security measures, including administrative measures (implementing an internal procedure for signing electronic contracts) or technical measures (creating a technical barrier so that only authorized individuals can sign electronic contracts using digital signatures).
