Is it me or is there a huge increase in the number of digital signature offerings just like the no-code/low-code tidal wave. Is there no technical moat to building it or regulatory burdens?
Because the internet has no real infrastructure for identity. If everyone could create a public/private key pair then signatures on the internet would be a non-issue. So these companies are filling a gap in the web stack. Do we need so many of them? Probably not.
I personally prefer keybase but to each their own. UX matters to most people and there is no obvious solution here that I could recommend to people that are less technically savvy than the typical HN commenter.
What about offerings geared to enterprises like Docusign or to smaller enterprises? Are there no technical barriers at all? What's the bare minimum to be a digital signatory to a document? Obviously it varies by jurisdiction to jurisdiction....
Yes, highly depends on jurisdiction and purpose. E.g. for basic contract stuff, especially B2B, that in principle often doesn't need any formal signature to be valid, so any signature process really only needs to fulfill "are we happy that we can successfully argue that the other party actually agreed to it" - you can form a contract with a phone call or an email too, it's just harder to prove.
For more critical things, legal requirements are higher, and often aren't met by these services. E.g. in Germany (although the digital part is EU level standards), some things either require ink on paper or what's called a "qualified digital signature", i.e. a cryptographic signature, signed with a key that an officially registered CA has provided a certificate for, after verifying the owners identity. That's more process to properly meet (you need to be registered, do ID verification to spec, have requirements on bookkeeping and auditing, ...), and people have fallen into the trap of not using it were required.
E.g. a delivery service here was recently in the news because they had used a "draw on screen" signature with Docusign for work contracts - which meant the contracts they had intended to be limited-term contracts actually were contracts without end date.
That's my point. It seems there are some lax rules (or none) accepted in some jurisdictions and void in others that even require a certificate authority. I guess you have to be careful for international contracts on which digital signature provider you use for court validity in case it goes to litigation.
Yes, although I suspect the "simple" case of B2B contracting or purchases of goods is fairly universal in the low formal standards, and that's what all these services generally target and provides a relatively easy entry level to start a service with. The differentiation is in a) how well they can provide supporting evidence when challenged and b) which higher-requirements processes they support. a) is vague and most people probably have little idea what works and what doesn't, and b) is not so vague, but on the customer to know when their specific contract needs something better.
Not sure. Last time I was close to any HR software it seemed like all you needed to do was make sure to capture some identifiers like location and IP address before storing the signature. So presumably the regulatory barrier is very low, you just have to make reasonable effort to prevent scams like one person impersonating another.
