5 Common Mistakes When Creating a Digital Signature

In the digital era, the use of electronic signatures is increasingly widespread. In Indonesia, this is regulated under Law No. 11 of 2008 on Electronic Information and Transactions (UU ITE) along with its derivative regulations, which recognise electronic signatures as legal evidence provided they meet certain requirements.

Nevertheless, in practice, many organisations and individuals still make mistakes, rendering digital signatures ineffective, invalid, or vulnerable to risks. Therefore, it is important to understand the correct way to create a digital signature. Here are some common mistakes along with ways to avoid them:

1. Ignoring Legality and Validity Requirements

Many people still think that simply scanning a signature and pasting it onto a PDF document completes the signing process. However, under Indonesian law, not all electronic signatures are automatically deemed valid.

A common error is using uncertified digital or electronic signatures or those not from official providers, without ensuring key aspects such as the signer’s identity, document integrity, and non-repudiation guarantees.

To avoid this, choose certified services or use public key infrastructure and electronic certificates. Also ensure that the documents and signing system meet requirements for authentication, integrity, and signer identity.

If using a digital signature platform, ensure the platform transparently explains its legal status and certificates. Some platforms available in Indonesia, such as Privy, provide electronic certificates and identity verification processes to ensure documents are legally valid.

2. Failing to Secure Private Keys or Authentication

The proper way to create a digital signature relies on encryption and authentication mechanisms. If the private key is compromised or the system is weak, the risk of manipulation or forgery increases.

Errors often occur due to storing private keys carelessly, using shared accounts, or selecting systems that do not encrypt properly. To avoid this, store private keys securely and do not share them among users without controls.

Also use providers that implement clear encryption and security protocols, and conduct strict identity verification, which is also part of the requirements for valid digital signatures.

3. Signing Documents Without Ensuring Document Condition

Creating a digital signature is not just about “pasting the signature” but also ensuring that the document is not altered after signing and that the final signed version is the correct one.

Errors typically happen when signing documents that are still to be edited, or using methods that allow changes after signing without traces.

To avoid this, ensure the document is in its final version before the signing process, use systems that generate a “hash” or document fingerprint, and store signing logs that record time, device, identity, and other details.

4. Using Services Not Suited to Business Needs

Not all transactions have the same risks and requirements. For important contracts or cross-border transactions, higher-level digital signature systems may be needed. Common errors occur when choosing cheap or fast services without considering the scale of risk or business requirements.

To avoid this, identify the type of transaction to select an appropriate service. For important transactions, choose those with certification and strong audit trails. For example, services like Privy are an option because they offer legally compliant and user-friendly processes.

5. Lack of Education and Internal SOPs in Organisations

Often, companies or teams simply install a digital signature service and expect everything to run smoothly without training or clear SOPs. As a result, operational errors or misunderstandings occur.

The solution is to establish internal SOPs, such as who may sign, under what conditions, how to use the service, log backups, and document storage. Then train the team on digital signature risks, regulations, how to check signature validity, and conduct periodic audits of digital signature usage in the company.

By understanding and avoiding these five mistakes, you can ensure that the use of digital signatures is not only practical but also safe and legally recognised. Services like Privy provide a solution that combines ease of use with regulatory compliance.