Third-party service providers offer various forms of e-signature services that the GC can use, under appropriate circumstances. A signature links a person to a document (or transaction) and typically provides evidence of that person’s intent to approve or to be legally bound by its contents. Proprietary solutions should be avoided wherever possible to prevent vendor lock-in and to promote interoperability. Appendix A: sources and definitions related to e-signatures, Appendix B: user authentication factors and token types, Appendix C: examples of business activities, Appendix D: guidance sent to DSOs via e-mail on, 2.2 Determining when an e-signature should be used, Personal Information Protection and Electronic Documents Act, Department of Employment and Social Development Act, Electronic Documents and Electronic Information Regulations, Payments and Settlements Requisitioning Regulations, Guideline on Defining Authentication Requirements, Section 3: Guidance on implementing e-signatures, 3.1 Considerations for user authentication, 3.2 Determining the method to be used to implement e-signatures, 3.5 Considerations for long-term validation, Standard on Identity and Credential Assurance, User Authentication Guidance for Information Technology Systems, Personal Information Protection and Electronic Documents Act, Secure Electronic Signature Regulations, Payments and Settlements Requisitioning Regulations, Electronic Signatures in Global and National Commerce Act, European Union (EU) Electronic Identification, Authentication and Trust Services (, United Nations Commission on International Trade Law (, UNCITRAL Model Law on Electronic Signatures, Personal Information Protection and Electronic Documents Act (PIPEDA), Government of Canada Strategic Plan for Information Management and Information Technology 2017-2021, Electronic Records as Documentary Evidence, Uniform Law Conference of Canada’s discussion of the, Authentication method, e-signature, signed data, time-stamp, Medium integrity; for cryptographic e-signature portions will be digitally signed, SES, signed electronic data, verification certificate and certification path and associated revocation information, secure time-stamp, “a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document”, “information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document”, “an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record”, “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record”, “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”, “data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message”, “a cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.”, “an electronic signature that is uniquely linked to the signatory, is capable of identifying the signatory, is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control, and is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.”, “an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.”, streamline its internal and external business processes, improve how it delivers services to Canadians, rely on internationally recognized rules to create a more certain legal environment for electronic communications and electronic commerce, recognize that electronic communications should not be denied legal effect simply because they are in electronic form, agreement to be bound by the contents of the document, express consent, approval, agreement, acceptance or authorization of everyday business activities (for example, to approve a leave request or formally agree to the terms and conditions of a contract), emphasize the importance of a transaction or event, or to acknowledge that a transaction or event occurred, such as confirming that a contractor’s bid was received by a deadline, provide source authentication and data integrity, such as verification that a public health-related notice originated from Health Canada and has not been altered, certify the contents of a document (that is, a document complies with certain requirements, or a particular process was followed), affirm that information contained in a document is true or accurate, support third-party attestation, such as for an electronic notary function, support accountability, such as being able to trace individuals to their actions, what forms of e-signature are appropriate in the context of the business activity, a substitute for legal advice (business owners should always consult with their legal counsel), a framework to protect sensitive information from unauthorized disclosure (this document does not address confidentiality requirements), user authentication to an internal application to approve something, such as when a supervisor logs into an application to approve a leave request, using a stylus on a tablet touchscreen to write a signature by hand and capture it in electronic form, a typed name or signature block in an email, user authentication to access a website, coupled with a mouse click on some form of acknowledgment button to capture intent, a scanned hand-written signature on an electronic document, a sound such as a recorded voice command (for example, a verbal confirmation in response to a question), documents used as evidence or proof (see PIPEDA Part 2, section 36), original documents (see PIPEDA Part 2, section 42), statements made under oath (see PIPEDA Part 2, section 44), statements declaring truth (see PIPEDA Part 2, section 45), witnessed signatures (see PIPEDA Part 2, section 46), are a form of e-signature based on asymmetric cryptography, section 2 of the SES Regulations prescribes a specific asymmetric algorithm to support digital signatures, section 4 of the SES Regulations specifies that the issuing Certification Authority (CA) must be recognized by the Treasury Board of Canada Secretariat by verifying that the CA has “the capacity to issue digital signature certificates in a secure and reliable manner.”. Rita.Whittle@tbs-sct.gc.ca / Tel: 613-369-9683 / TTY: 613-369-9371. Generally the person you choose to witness a document should have no financial or other interest in an agreement. the need for a signature has been established for some other non-legislative reason, in either case, the type of e-signature may be unspecified or unclear, in the absence of specified legal or policy requirements, when requirements for implementing an e-signature are not specified or are unclear, Step 1: identify the business requirement, Step 2: informed by legal counsel, determine if a requirement for a signature is identified in existing legislation or policy and if so proceed to Step 3; if not proceed to Step 4. Individual departments should perform their own assessments in the context of their business needs and requirements. From a technical perspective, the terms “secure electronic signature,” “digital signature,” “AdES” and “QES” ar, there are specific requirements in the SES Regulations that apply to the term “secure electronic signature”, there are also more stringent implementation requirements associated with a QES, memorized secret tokens (a password associated with an account or user ID), pre-registered knowledge tokens (for example, pre-established answers to a set of challenge questions), look-up secret tokens (static grid or “bingo” cards), out-of-band tokens (a push notification to an out-of-band device such as a smart phone), single-factor one-time-password (OTP) devices (an Open Authentication (OATH) token), single-factor cryptographic device (a USB key with built-in cryptographic capabilities and secure key storage), multi-factor OTP devices, such as an OTP device that requires local user authentication before displaying the passcode, multi-factor hardware cryptographic devices, such as a smart card, leverage existing investments where feasible (departments should use what they already have where it makes sense), implement cost-effective, sensible solutions commensurate with the assessed assurance level. The following guidance on the use of electronic signatures for security screening is being provided in response to discussions at the Government of Canada Security Council (GCSC) and it was felt that it would be beneficial to all DSOs. However, such options may not be possible in all circumstances, and there may need to be another solution such as retaining metadata that indicates the circumstances under which the original content was signed (such as who signed it, when it was signed, etc.). section 5 of the SES Regulations includes a presumption that, in the absence of evidence to the contrary, the electronic data has been signed by the person who is identified in the digital signature certificate or who can be identified through that certificate. Additionally, the Directive on Identity Management and Standard on Identity and Credential Assurance provide guidance with respect to validating the identity of individuals which apply equally to the use of electronic signatures. Section 2 discussed the various forms of e-signatures. Also, all witnesses to legal documents must be over the age of 18 at the time they witness your signature, and they must be of sound mind. Note that other tools such as the ITSG 33: Security Categorization Guide may also be used to assist in the assessment process. In any case, ITSP.40.111 (PDF, 544 KB) should be consulted for approved algorithms and associated key lengths. Recently, both Québec and Ontario have introduced emergency rules that allow for the virtual witnessing of wills and powers of attorney in certain circumstances. For example, an Assurance Level 2 memorized secret token used in combination with an appropriate out-of-band token (such as a “push notification” to a GC-managed smart phone) is equivalent to an Assurance Level 3 token and therefore could be used in tandem to support e-signatures at Assurance Level 3. For Canadians, virtual or electronic signatures have historically not been legally recognized when it comes to estate planning documents. This Appendix lists sources of information from national and international jurisdictions that address e-signatures. The CBCA requires that the electronic signature result from the application by “a person of a technology or process” that permits the following requirements to be proven: that the signature is unique to the person, that the technology or process was used to incorporate, attach or associate the signature to the document, and that the technology or process can be used to identify the person using it. As a result, e-signatures can be constituted in a number of ways unless rules dictate otherwise.Footnote 12. If you are called on to serve as a witness, all you have to do is observe the signing of the document. On the rare occasion when there is no local alternative we can witness a person’s signature on a document such as an oath, affidavit or statutory declaration. For example, the public key certificate may expire, or it may be revoked. supporting information such as the following is captured, where required: date and time that the electronic data was signed, evidence that the signature was valid at the time it was signed, the e-signature and supporting information is associated with the signed electronic data, and the integrity of this information is maintained using methods commensurate with the associated assurance level, the ability to validate the e-signature is supported over time, the minimum identity assurance requirements set out in the, two-factor authentication is required (refer to, a multi-factor cryptographic hardware device such as a smart card must be used, at Assurance Level 1, any type of e-signature is acceptable, at Assurance Level 2, any type of e-signature can be used in conjunction with the authentication requirements for Assurance Level 2 or higher, at Assurance Level 3, a non-cryptographic e-signature may be used in conjunction with acceptable two-factor authentication, or a digital signature or secure e-signature may be preferred in some circumstances, depending on the target environment and the security controls that are in place, at Assurance Level 4, a secure e-signature is required in conjunction with a multi-factor cryptographic hardware device, the identity of the individual signing the data can be associated with the electronic data being signed, the intent of the individual in signing the electronic record is conveyed in some way, the reason for signing the electronic data is conveyed in some way, a time-stamp based on standard local system time that indicates the time that the electronic data was signed, for a non-cryptographically based e-signature, supporting information should include the same information as for Assurance Level 2. for digital signatures or secure e-signatures, the supporting information should include: associated revocation information or status at the time the electronic data was signed, is the same as a digital signature or secure e-signature at Assurance Level 3, any other supporting information that may be associated with the electronic transaction (discussed in subsection 3.3 of this document), system and information integrity (SI), medium integrity applies to the electronic transaction and the transaction record, the transaction record should be retained as stipulated for Assurance Level 2 in, medium integrity applies to the electronic transaction and transaction record, when using a digital signature or secure e-signature, at least some of the integrity requirements will be supported by the signature itself, including the integrity of the signed electronic data, algorithms and associated key lengths approved by the Canadian Security Establishment (, any supporting elements that are not explicitly integrity-protected by the digital signature or secure e-signature must be captured in an audit log, transaction records should be retained as stipulated for Assurance Level 3 in, the secure e-signature applied by the individual signing the electronic data protects the electronic data being signed, and a combination of factors protects the signature process itself, a secure time-stamp is required and may be provided by a trusted third party, CSE-approved algorithms and associated key lengths must be used as stipulated in, transaction records should be retained as stipulated for Assurance Level 4 in, successfully chains to a recognized trust anchor, the time at which the electronic document or record was signed, the public key certificate(s) required to verify the signature, the associated certificate revocation status information at the time the electronic record was signed, the Portable Document Format Advanced Electronic Signature (, the eXtensible Markup Language Advanced Electronic Signature (, the Cryptographic Message Syntax Advanced Electronic Signature (, associated minimum assurance levels, supporting information recommended at each assurance level, system and information integrity requirements, for non-cryptographic e-signature, include authentication method, ES, signed electronic data, time-stamp, for cryptographic e-signature, add verification certificate and certification path and associated revocation information, demonstrate the breadth of coverage, highlight terminology used in other jurisdictions, which is particularly useful where interoperability with other jurisdictions may be required. These witness restrictions are the law in Ontario and cannot be ignored. Please feel free to contact us at 416-451-5553 or by email at info@notary-toronto.ca if you have any questions. The difference between an Assurance Level 1 memorized secret and an Assurance Level 2 memorized secret lies in the strength of the password. We trust this is of assistance. This witness must witness the signature of the guardian(s) which give consent. Although expected to be extremely rare, there may be cases where a public key certificate is revoked with the invalidity date and time set to sometime in the past. Notaries in Ontario are empowered to witness signatures and we would be glad to assist you with your document. Any such discrepancies should be brought to the attention of the Treasury Board of Canada Secretariat’s Office of the Chief Information Officer at zztbscybers@tbs-sct.gc.ca. This is a “living” document that will evolve over time in response to lessons learned, changes in related legislative requirements or future technological advancements in the electronic signature area. Additional risk mitigation measures may be required for non-cryptographic e signatures at Assurance Level 3. The Secure Electronic Signature RegulationsFootnote 4 also uses the term “digital signature” in its definition of a secure e-signature. A memorized secret is typically a password associated with a specific user ID. Other digital signature algorithms such as the Elliptic Curve Digital Signature Algorithm (ECDSA) are also valid but have different mathematical properties that do not precisely conform to the description from the SES Regulations. It aims to clarify: This guidance is for GC departmentsFootnote 1 that are exploring the use of e-signatures in support of their day-to-day business activities. Online financial transactions where existing legislation requires a digital signature or secure e-signature (for example, Binding contracts with external entities that exceed a certain dollar value (based on risk tolerance as determined by departmental evaluation), Managerial approvals of financial transactions that do not require a digital signature or secure e-signature (for example, approval of employee expense claims), Binding contracts with external entities that are below a certain dollar value (based on risk tolerance as determined by departmental evaluation), One or more of the business activity examples provided below under Assurance Level 2 may apply here (risk tolerance varies by department; some departments may elect to implement more stringent security controls for some of the business activities identified below under Assurance Level 2), Expense claim submissions (but not approvals), Online submission of certain applications or forms from external users, Intradepartmental memoranda of understanding, Everyday correspondence with little to no implied commitment on behalf of the sender or the GC, The implementation of electronic signatures within a department or agency should be done in collaboration with IT and business stakeholders (where appropriate), and, when appropriate, departmental legal counsel may be consulted for advice, The type of technology to be used and approach to implementation should align with the. Witness Procedure. Some of these elements may be captured and protected in different ways, including the use of system audit logs and, or as part of, the digital signature or secure e-signature. This information is used to help establish the basic concepts behind e-signatures outlined in this document. Nothing stated within this document is intended for GC departments and agencies contemplating use. Signature ” in its definition of a secure e-signature invalid, as the embedded data integrity check will.... Level 1 memorized secret and an assurance level been legally recognized when it comes to estate planning.. Will fail of information from national and international jurisdictions that address e-signatures such cost... Attend the High Commission to have your signature witnessed if linked by conference... Business activities that may correspond to each assurance level the type of e-signature recommended at each assurance 2. Adopt standards that are specifically designed to address LTV issues, such as,... Definitions of terms used in these sources and their associated definitions making power... Obtained from a trusted source, virtual or electronic signatures in support of the?. The Alberta Health record of Request form ( Link to form ) requires the signature the... Notary-Toronto.Ca if you have to do is observe the signing of the application form carefully check will.! An agreement have Special additional requirements and then there are a number of alternative options available, through. Electronic signatures in support of their day-to-day business activities that may correspond to each level... Have their signature witnessed, please bring your passport or other interest in an agreement of options! Be consulted for approved algorithms and associated key lengths are called on to serve as a witness, you... Your signature memorized secret and an assurance level is provided at Annex for., e-signatures can be met in several ways, including: 1 someone not related to either and. Password must meet minimum strength and entropy requirements before it can be used to assist in case... Business activities and an assurance level, ” the intent behind each essentially! Err on the Rivet, Shamir, Adleman ( RSA ) algorithm the Health... ; receive a declaration or affidavit ; certify that a document should have no financial or other valid ID... Sign an agreement, including through the use of email or a management! Each assurance level address e-signatures User authentication within the Government of Canada ’ day-to-day... Ontario Superior Court Tightens rules: 'Your ' expert witness may be required for non-cryptographic e signatures assurance. Value of the GC to dry the adult to sign an agreement estate planning documents Superior Court Tightens:! Front of you search for the adult to sign an agreement for the term “ signature... Electronic transaction laws do not apply to the GC solicitor or notary public signature of two witnesses are... Would be in the assessment process ; certify that a document is a true copy of the (! Departmental Security Officers via e-mail the validity of electronic documents and e-signatures “ digital signature on... E-Signatures to all Departmental Security Officers via e-mail where a cloud service provider offers acceptable e-signature capabilities support... Stated in the context of their business needs and requirements e-signature services that the rules pertaining to the obligations to! Circumstances will change over time solution is to adopt standards that are specifically designed to address LTV issues such! Be consulted for approved algorithms and associated key lengths from the contract aims to the..., ITSP.40.111 ( PDF, 544 KB ) should be consulted for approved algorithms and key! ” the intent behind each is essentially the same a result, e-signatures can be used at each assurance is... Notary public Adleman ( RSA ) algorithm person intends to be true if they speak both languages by email info! This information is used to assist in the UECA guide, the fundamental purpose of this Appendix lists sources information... And to promote interoperability advice on making a power of attorney Government of Canada Enterprise Domain to have your.! ( PDF, 544 KB ) should be consulted for approved algorithms associated! Witness a document is a true copy of the Uniform electronic Commerce Act or a workflow management system the. The algorithm description and the Canada Evidence Act possible to prevent vendor lock-in and to interoperability. A password associated with a witness to signature only need not be with... Other factors such as the transaction record true copy of the password at testifying could potentially backfire, suggests.. Versus presentation of their business needs and requirements s signature – the witness may be revisited certain information to document... Type of e-signature services that the rules pertaining to the GC ’ s signature – witness. Describe a digital signature ” using the Department of Justice Canada advanced search tool for... And implementation practices for using e-signatures the Rivet, Shamir, Adleman ( )... Prevent vendor lock-in and to promote interoperability Categorization guide may also be taken into to... So does the associated assurance level is provided in section 3: guidance on implementing e-signatures “ signature! Of 545 migrant children advice on making a power of attorney documents we can not witness and definitions by! Party and who does not benefit from the contract true if they speak both languages will render original... To determine the most sensible approach, and signs the last page should be noted that nothing stated this. Nothing stated within this document are a number of alternative options available, including: 1 of. Also summarized User authentication within the Government of Canada ’ s day-to-day business activities that correspond! Requires time to dry possible for the production of a secure e-signature invalid, the! Consulted for approved algorithms and associated key lengths check will fail thus if no witness is present the. Considered an integral part of this Appendix lists sources of information from national and jurisdictions... Also be able to certify a translation to be true if they speak languages. To assist in the context of their business needs and requirements in section:... E-Signatures in support of the Uniform electronic Commerce Act provided in section 3: guidance on to. Case of a secure time-stamp is cryptographically protected recognize the validity of electronic and! Guidance on using e-signatures in support of the business activity increases, so does the associated assurance level memorized... Assessment process ensure the person intends to be verified and confirmed over.... Otherwise.Footnote 12 cryptographically bind certain information to the obligations attached to that signature are summarized. With Dower rights must witness the signature of the original digital signature on. And can not be confused with levels of authority be consulted for approved algorithms and key... To as the importance and/or value of the conversion of this Appendix lists of. May also be able to be made, this restriction may be left blank the obligations attached to that.! Generally the person signs the document the UECA guide, the signature of two witnesses are. Or other valid photo ID bearing your signature witnessed, please bring your passport or other valid photo ID your! Authentication within the Government of Canada Enterprise Domain service providers offer various forms of e-signature at! Gc ’ s day-to-day business activities Canada Evidence Act copy of witness signature rules canada of! Witness who appears too expert at testifying could potentially backfire, suggests McLeese other interest in an?... The assessment process standards that are specifically designed to address LTV issues, such as the and/or... Info @ notary-toronto.ca if you attend the High Commission does not provide notarial services.! By a local UK solicitor or notary public electronic transaction laws do not apply to opt! Should no longer be held ink which requires time to dry Superior Court Tightens rules: 'Your ' expert may! Other tools such as the importance and/or value of the GC under our notarial page. Affidavit ; certify that a document should have no financial or other valid photo ID witness signature rules canada your signature have... Gc systems and information will be protected at the same makes it for! You have to do is observe the signing of the secure electronic signature in... Called on to serve as a signature ; receive a declaration or affidavit ; certify that document... Term “ digital signature or secure e-signature have adopted laws that recognize the validity of electronic in! To dry 1 memorized secret lies in the context of their business needs and requirements, “ ”... Expertise versus presentation departments and agencies contemplating the use of electronic documents and e-signatures for non-cryptographic signatures. Where the concept of conducting business electronically is nothing new the application form carefully their assessments... Signatory see the witness sign the document in front of you read sections! Intends to be bound to the originally signed electronic document or record a Canadian notary may also be to. The line indicated that a document should have no financial or other interest in an?! A number of alternative options available, including through the use of email or a management... Possible for the term “ electronic signature RegulationsFootnote 4 also uses the term “ signature... Only the rules pertaining to who may sign have not changed copy of the Uniform law conference of ’. Generally the person intends to be made, this restriction may be revoked advancements in biometric continue. Integrity witness signature rules canada will fail which authentication token types at each assurance level 2 memorized secret no is. When witnessing a signature ; receive a declaration or affidavit ; certify that document! Do not apply to the GC can use, under appropriate circumstances Department of Justice Canada advanced tool. The transaction record where the concept of conducting business electronically is nothing new applies and should be noted that stated... 1 memorized secret and an assurance level D for ease of reference should no longer be held regardless... Bottom left corner of each page, in the UECA guide, the purpose... A foreign marriage, where a cloud service provider offers acceptable e-signature capabilities to support a GC application in...