Standard for the use of a valid electronic signature on documents provided to the Companies Office
Introduction
1. This standard provides guidelines on the use of electronic signatures on documentation and information provided to the Companies Office and describes the circumstances in which the Companies Office will accept documentation and information under an electronic signature.
2. The Companies Office will accept an electronic signature on all documents and information that currently require a conventional signature, where this option is specified in the relevant document or associated guidelines.
3. For the purpose of this standard, an electronic signature is a secured authority that complies with the definition in section 209 of the Contract and Commercial Law Act 2017.
Application
4. This standard applies to all persons and entities who interact with the Companies Office (‘customers’) who wish to provide electronically signed documentation and information to the Companies Office through Companies Office approved channels.
5. Customers may only use an electronic signature when submitting documents and information to the Companies Office where:
- they are using Companies Office online services; or,
- they provide an electronic signature (whether directly or via an accountant or other intermediary) using software that complies with the requirements set out in this standard.
6. Customers submitting documentation and information under an electronic signature to the Companies Office must comply with the conditions for the presumption of reliability set out in sections 228(1)(a) to 228(1)(d) of the Contract and Commercial Law Act 2017.
Electronic signature
7. An electronic signature must be provided with the signatory's consent.
8. In accordance with section 228 of the Contract and Commercial Law Act 2017, the means of creating the electronic signature must be linked to the signatory, or other authorised person, and to no other person.
9. An electronic signature also verifies that the information was submitted by a known customer, or other authorised person, that the customer cannot deny having affirmed the document or information provided to the Companies Office and that the document or information was not altered in transit.
10. Any alteration to the document or information after the time of signing must be detectable.
11. The signatory is responsible for safeguarding their authentication credentials and the management of delegations they authorise.
12. An electronic signature is the customer's verification of the authenticity and accuracy of the information or documentation submitted to the Companies Office.
Non-repudiation of transactions submitted through third-party software
13. Third-party software providers must implement administrative, physical and technical safeguards to protect confidential information that are no less rigorous than accepted industry practices, including the 'International Organization for Standardization's' standards:
- ISO 14000 series
- ISO 27000 series
14. Third-party software providers must ensure that all such safeguards, including the manner in which personal information is collected, accessed, used, stored, processed, disposed of and disclosed, must comply with applicable New Zealand data protection and privacy laws, as well as the terms and conditions of their contractual obligations with the Companies Office.
15. If the integrity of a transaction is questioned, the third-party provider must be able to demonstrate the validity of the transaction on their system or intermediary systems.
The software must log authentication, time, and source details from online sessions on all transactions.
16. The software's terms of use and privacy declarations must state that the end user is responsible for safeguarding their authentication credentials and the management of delegations they authorise.
17. The software must maintain a log file that captures information that identifies the sender each time an electronic signature is provided.
18. The log file must be in its original format with no modifications.
19. The log file must be provided to the Companies Office, if requested, within a specified time limit.
20. Log files must be considered and treated as 'records' for the purposes of the Companies Act 1993 and ‘business records’ for the purposes of the Evidence Act 2006.
Guidelines for specific registers
We have published guidelines on all of our relevant registers.