Once upon a time, clicking a link was enough to sign a contract. The link arrived politely in your inbox. You opened it, glanced at the document, perhaps skimmed it with the optimism of someone who believes all will be well, and then you clicked. A small, satisfying action. The system recorded it. A timestamp appeared. A confirmation email followed. Done.
We were pleased with ourselves. We had eliminated paper, reduced friction, and sped things up. Progress, as it is usually defined.
And for a while, this worked perfectly well.
The assumption, though rarely stated out loud, was that the person clicking the link was the person intended to sign. The email address stood in for identity. The click stood in for intent. The system, obligingly, stood in for proof.
It was a tidy arrangement.
Then the world became less tidy.
Artificial intelligence, among its many accomplishments, has become adept at imitation. Voices can be replicated. Faces can be reconstructed. Writing styles can be borrowed, sometimes with unnerving precision. The distance between "this looks like you" and "this is you" has narrowed to the point where one begins to squint.
One might ask, not unreasonably, whether the assumptions underlying our tidy arrangement are still holding up?
If an email account can be accessed by someone other than its owner, or convincingly imitated, what does it prove? If a message can be generated that sounds exactly like the sender you expect, what does that tell you about who is actually speaking? If identity itself becomes something that can be approximated, then the act of clicking a link begins to feel less like a declaration and more like a gesture.
Gestures, as it turns out, are easy to copy.
Some jurisdictions, being cautious by temperament or experience, have taken a closer look at this problem. In Europe, a framework emerged that treats electronic signatures not as a single category, but as a spectrum. At one end, the simple click. At the other, something more rigorous.
This higher standard, often referred to as a qualified electronic signature, does not rely on convenience alone. It insists on a stronger connection between the signature and the person behind it. Identity must be verified. The signer must be in control of the process. The result must be something that can stand on its own, without requiring a great deal of explanation after the fact.
It is, in other words, less about recording that something happened, and more about proving who made it happen.
This approach can feel, at first glance, a little demanding. It introduces steps. It asks questions. It slows things down, if only slightly. But it does so for a reason. It acknowledges that the environment has changed, and that systems designed for a simpler time may no longer be sufficient.
The interesting thing is that the forces that led to this shift are no longer confined to one region.
Artificial intelligence does not respect borders. Neither do the problems it introduces. Identity, once a relatively stable concept in digital systems, has become fluid. A face on a screen may be a person, or it may be a construction. A voice may belong to the speaker, or to an algorithm trained on that speaker's past. The signals we once trusted have become less reliable.
So the question arises, quietly but persistently.
Is a click still enough?
Not enough to complete a process, perhaps, but enough to defend one. Enough to answer, convincingly, the question that tends to surface at the most inconvenient times: who signed this, and did they intend to do so?
Courts, when they are asked this question, tend to look beyond the mechanics. They are less interested in the elegance of the system than in the strength of the evidence. A record of activity is helpful. A demonstration of identity and intent is better.
This is where the distinction becomes important.
A click produces a record. A more robust process produces evidence.
Evidence is what holds up when examined. It connects the action to a person in a way that is harder to dispute. It provides context, not just data. It tells a story that can be followed, rather than a series of events that must be interpreted.
Some systems are already moving in this direction. They verify identity using methods that go beyond possession of an email address. They capture the act of signing in a way that can be observed and reviewed. They bind the signature to something more substantial than a momentary interaction with a button.
This is not a rejection of convenience. It is an adjustment. A recognition that convenience, while pleasant, is not always sufficient when the stakes are high.
One might say that the definition of a signature is quietly evolving. It is no longer simply a mark, or a click, or a typed name. It is becoming a combination of identity, intent, and evidence. A small shift in concept, perhaps, but a significant one in practice.
Standards have a way of emerging like this. First in one place, then in another. Not through sudden decree, but through a gradual accumulation of necessity. What begins as a higher bar in a specific context often becomes an expectation elsewhere, once the underlying reasons become clear.
We may be witnessing such a moment.
The tools we use to create agreements are not static. They respond, eventually, to the world in which they operate. As that world becomes more complex, more capable of imitation, more prone to ambiguity, the tools must become more capable as well.
So the next time a document appears, waiting patiently for a click, it might be worth pausing for a moment.
Not to reject the process outright, but to consider what, exactly, is being relied upon.
And whether it will be enough, should anyone decide to ask.