Richard Oliphant asks if the provision of HM Land Registry’s new digital services- using its own purpose-built PKI e-signature solution - can be augmented by partnerships with commercial e-signature platforms.
HM Land Registry aspires to become ‘the world’s leading land registry for speed, simplicity and an open approach to data.’ This aspiration moved closer to fruition after the Land Registry’s announcement of new digital services from April 2018, paving the way for electronic conveyancing transactions and registration (eg digital mortgages and land transfers).
I welcome the Land Registry’s innovation but argue that the delivery of these new digital services – and fulfilment of HMLR’s ambitious digital transformation programme - could be enhanced by partnering with DocuSign, Adobe Sign, eSignLive and other prominent electronic signature platforms.
The current legal framework for electronic conveyancing
Section 52 of the Law of Property Act 1925 requires that the transfer of land or the creation of a legal mortgage is made by deed.
Section 91 of the Land Registration Act 2002 establishes that an electronic document will be regarded as a deed if (a) it complies with the conditions of that section; and (b) the disposition is of a kind that is specified in ‘rules’. Currently, the only rules that have been issued under section 91 are the Land Registration (Electronic Conveyancing) Rules 2008. The 2008 Rules led to the registration of a small number of digital mortgages during a Land Registry pilot scheme in 2009. However, the 2008 financial crisis had dampened lenders’ enthusiasm for digital mortgages, and the electronic mortgage service was put in abeyance.
The Land Registry therefore requires a wet-ink signature on a paper version of any document or deed submitted for registration purposes.
The introduction of new digital services
The Land Registry has embarked on a bold programme of digital transformation. Like many public sector bodies, it has recognised the urgent need to adapt and update its practices for the digital era.
In February 2017, the Land Registry consulted on changes to the Land Registration Rules 2003 (the LRR 2003). The aim was to introduce new digital services that would permit the use of electronic documents with a digital signature for land transfers and land registration. The Land Registry also proposed to revoke the 2008 Rules (for digital mortgages), which would be superfluous if the changes to the LRR 2003 were approved.
The consultation closed in April 2017 and the Government published its response at the end of January. The Government noted that respondents were overwhelmingly in favour of the Land Registry’s proposals and enacted The Land Registration (Amendment) Rules 2018 on 22 January. They amend the LRR 2003 and will take effect from 6 April 2018.
New rr 54A-D of the amended LRR 2003 lay the foundation for the new digital services. They provide that a “disposition of a registered estate or charge” may be carried out electronically with a certified digital signature. The new digital services will not be immediately available for every disposition from 6 April; they will be rolled-out incrementally. If the Chief Land Registrar is satisfied that adequate arrangements are in place for a particular class of disposition, he will publish a notice that the digital service is ready to use for that disposition.
The Land Registry has confirmed that its digital mortgage service will be first off the blocks. The service will initially be restricted to re-mortgages and will be available only to a discrete number of conveyancers who are registered Business Gateway users and have signed an HMLR Network Access Agreement.
How will conveyancers access the new digital services?
The Land Registry has outlined three methods of access to the digital services in its consultation document:
· Application Programming Interfaces (APIs) – Large conveyancers already use APIs to integrate directly with the Land Registry’s network. Some upgrades will be required so that conveyancers can use the new digital services to automatically feed data into their electronic conveyancing documents (e.g a digital mortgage). As discussed more fully below, signatories will then access the document online and apply a secure digital signature that is certified by the Land Registry.
· Case Management Systems (CMS) – There are around 15 CMS software vendors in the UK market. Many of these vendors have developed APIs that integrate directly with the Land Registry’s network and they are likely to adapt their software and APIs so conveyancers can use their CMS to access the new digital services.
· Land Registry portal – There are approximately 3500 professional conveyancers who are registered Business Gateway users and have signed a Network Access Agreement. This means they can use an internet connection and a standard browser to access Business Gateway e-services via the Land Registry’s portal. The Land Registry has indicated that it will develop its portal and enable conveyancers to access the new digital services in the near future; for the time being, however, the Land Registry is prioritising new APIs for those larger conveyancers whose IT systems are already integrated with the Land Registry network.
How will the Land Registry verify the identity of a signatory to the electronic transaction?
Before an individual can apply a digital signature to an electronic document, he or she must confirm their identity through the GOV.UK.VERIFY service. The VERIFY service is used as a gateway for online access to many government services (e.g. HMRC and DVLA). Certified companies – such as Barclays and Royal Mail – verify the individual’s identity by checking their personal details against records held by credit agencies, mobile phone providers and HM Passport Office. The VERIFY service is integrated with the Land Registry’s network to provide a high level of identity assurance and to counter the risk of fraudulent transactions.
The identity checks by the VERIFY service are in addition to standard money laundering identity checks carried out by conveyancers and lenders.
How will the Land Registry generate and certify the digital signature?
The Land Registry has a purpose-built solution that uses public key cryptography to generate digital signatures. In legal terms, the Land Registry will be acting as a ‘Trust Service Provider’ and must comply with obligations laid down by the EU Regulation on electronic identification and trust services for electronic transactions (EU 910/2014). This EU Regulation is more commonly known as eIDAS and came into force (with little fanfare) in July 2016. eIDAS establishes an EU-wide framework for electronic signatures and online authentication and is a key driver of the European Commission’s flagship Digital Single Market strategy.
Once an individual’s identity has been successfully verified by the VERIFY service, the Land Registry will send security credentials to the individual’s mobile phone. The individual will use these credentials to access, for example, the digital mortgage service and sign the mortgage deed electronically. The Land Registry uses public key cryptography to issue a digital certificate that confirms the authenticity and integrity of the deed. Once the individual has signed, the conveyancer can complete the transaction and any registration formalities.
A digital signature is a more technologically sophisticated form of electronic signature. It is created using public key cryptography and the signature is backed by a digital certificate from a Trust Service Provider as proof of the signatory’s identity. The Land Registry has stated that its public key infrastructure (PKI) will generate a digital signature that meets the requirements for an ‘advanced electronic signature’ (AES) set out in Article 26 of eIDAS. That is, an electronic signature that is also:
§ uniquely linked to the signatory;
§ capable of identifying the signatory;
§ created using electronic signature creation data that the signatory can, with a high level of confidence, use under his or her sole control; and
§ linked to the signed electronic document in such a way that any subsequent change to that document is detectable.
In English law, an AES is admissible in evidence in relation to any question as to the authenticity or integrity of the electronic document (Electronic Communications Act 2000, s7). Although the ECA 2000 deals with the admissibility of electronic signatures, it does not deal with their validity. This depends on the nature of the transaction. In our case, an electronic disposition of a registered estate or charge, or any other disposition that triggers a requirement of registration at the Land Registry, must conform with s 91 of the LRA 2002 and rr 54A-D of the LRR 2003.
Section 91 (3)(c) of the LRA 2002 effectively abolishes witnessing of electronic deeds and substitutes a requirement that the AES is certified. The Land Registry - in its capacity as a Trust Service Provider - will generate the AES for the signatory to authenticate the electronic disposition. The Land Registry will follow PKI protocols to issue a digital certificate as evidence that the signatory is who he or she claims to be, and which will cryptographically bind the signatory to the signed document or deed.
How can electronic signature platforms support the provision of the new digital services and bolster the Land Registry’s digital transformation programme?
The European Commission and EU Member States are actively championing and eager to maximise the full potential of the digital economy. Digital technology offers many benefits to the public and private sector: efficiency gains, cost savings and convenience. I am therefore supportive of the Land Registry’s proposals to overhaul our conveyancing laws and upgrade them for the digital era.
Nevertheless, it seems to me that the provision of the new digital services and the Land Registry’s pathway to digital transformation could be enhanced by collaborating with the leading commercial electronic signature platforms:
1. The Land Registry’s role as a Trust Service Provider – The Land Registry’s primary duty is to oversee property ownership and ensure the integrity of the Land Register. As I explained above, in assuming responsibility for generating and certifying digital signatures, the Land Registry is regulated as a Trust Service Provider under eIDAS. This means, for example, that the Land Registry will be liable for damage caused intentionally or negligently to any persons arising from its failure to comply with its obligations under eIDAS and could potentially be penalised by ICO (as the competent supervisory body) for a breach of those obligations. Both the Land Registry and the certified companies operating the VERFY service will also have to implement measures to manage the risks posed to the security of the ‘trust services’ they are providing and notify ICO of any security breach within 24 hours. To a large degree, these security obligations mirror the Land Registry’s obligations under the forthcoming GDPR regime; but the Land Registry is departing from its core business of maintaining a register of land ownership, and assuming risks and responsibilities as a Trust Service Provider that are more suited to specialist commercial electronic signature platforms. Although the Land Registry will be the only Trust Service Provider permitted to generate and certify AESs when the new laws come into force in April, the government has left the door open for platforms to participate in the future. This is heartening. In its response to the consultation (para 4.23), the Government observed that the Land Registry ‘will continue to look at and monitor e-signature solutions that exist or emerge in the market, but we are currently satisfied that our own will be appropriate for the rigours of the land registration system.’
2. Security and availability of digital services– The security of the Land Registry’s network and the VERIFY service is fundamental to winning users’ trust; if conveyancers (and their customers) do not have trust in the Land Registry’s new digital services, they will persist with wet ink signatures and hold back the Land Registry’s digital transformation programme. Twenty respondents to the Land Registry’s consultation questioned whether the VERIFY service is ‘sufficiently robust and adequate to provide identity assurance’ for signatories.  The government was bullish about the security of the VERIFY service and pointed out that the Land Registry’s network (and its PKI system provided by IBM) is certified against the ISO 27001 standard for information security management.
The leading platforms are able to match the stringent risk management and security standards that the Land Registry demands, and which is necessary to maintain confidence in the integrity of the register. Security is paramount for the platforms and their reputation hinges on their ability to keep their customers’ data secure and confidential. For example, DocuSign and Adobe Sign are certified compliant with a raft of technical standards including ISO 27001, SOC 2 Type 2 and PCI DSS (used in the payment card industry). The best platforms use the highest level of encryption to protect data in transit and at rest. They also offer carrier grade availability (99.99% uptime) and redundancy across multiple EU data centres.
3. Technology refresh - Although providers may give customers the option to deploy the electronic signature platform on premises, it is more commonly offered as a public cloud service. Providers use the software as a service (or ‘SaaS’) delivery model which involves hosting the software applications and storage of customer data on shared IT infrastructure. Providers are constantly innovating and refreshing the software and hardware that underpins their platform to keep pace with technological development. The Land Registry is using closed PKI technology and may not upgrade that technology with the same frequency as the platform providers.
4. Methods of authenticating signatories
At the time of writing, the VERIFY service may only be used to authenticate an individual with a UK address. The individual does not have to be a UK citizen. Thus, the VERIFY service has limitations and cannot authenticate corporate bodies, charities or other legal persons.
Electronic signature platforms could potentially plug this gap. Platforms use multi-factor authentication for customers who sign documents with an AES and have the technical capability to verify the identity of corporate bodies or non-UK resident individuals.
The changes to the LRR 2003 will come into effect in April and herald a significant shift towards digitisation of the Land Registry’s conveyancing and registration services.
I welcome the new digital services and commend the Land Registry for its initiative and vision. I now hope that the Land Registry will take the next step and collaborate with electronic signature platform providers to improve and enlarge the scope of their digital services. This will benefit conveyancers (and their customers); it could also accelerate the Land Registry’s digital transformation programme.
Richard Oliphant is the former EMEA General Counsel of Docusign, Inc. and now an independent consultant who specialises in e-signatures, Cloud, data privacy and data security laws.
The author wishes to express his thanks to Michael Callaghan of Shoosmiths LLP for his assistance with this article.
 Subject to some limited exceptions in s 52(2) of the Law of Property Act 1925, none of which apply to the registration of land at the Land Registry.
 Notably a condition that the document is authenticated by an electronic signature, and this signature is “certified” (s 92(3)(b) and (c))
 Note that the text in LRR 2003 refers to an ‘electronic signature’. But, in fact, the Land Registry will generate and certify an ‘advanced electronic signature’ which is more commonly referred to as a ‘digital signature’.
 Some respondents to the consultation expressed concern that the VERIFY service will not provide the rigorous identity assurance that is necessary to prevent fraud and identity theft. The government downplayed this concern, stressing that the certified companies are “bound by detailed contractual requirements to provide highly robust procedures and results” and “audited and complete a rigorous onboarding process before joining VERIFY.” [para 4.16, Government Response to the Proposals to amend the Land Registration Rules 2003.]
 The Land Registry has indicated that email is likely to be another option in the future for issuing security credentials.
 Authenticity means linking the deed or document to the purported signatory.
 Integrity means that the deed or document has not been altered or tampered with after it has been signed.
 Article 13(1), eIDAS.
 Article 17(3)(b), eIDAS.
 Article 3(16), eIDAS.
 Article 19, eIDAS.
 General Data Protection Regulation (679/2016/EU).
 Government response, para 4.4.
 Platforms use an email account as the basic method of authenticating the signatory’s identity. Where a signatory signs with an AES, he or she is authenticated by checking their passport or national ID card (if applicable) To improve security and mitigate the risk of identity fraud, platforms offer customers the option to use additional methods of authentication e.g. sending a one-time passcode via SMS to the signatory that is required to access the document; and knowledge-based authentication (KBA) where the signatory must answer questions to access the document.
 This should include consideration of how platforms can supplement the ways in which the VERIFY service authenticates signatories.