Standard for the use of a valid electronic signature on documents provided to the Commissioner

Introduction

1. This Standard provides guidelines on the use of electronic signatures on documentation and information provided to Inland Revenue and describes the circumstances in which Inland Revenue accepts documentation and information under an electronic signature.
2. Inland Revenue will accept an electronic signature on all documents and information that currently require a conventional signature, where this option is specified in the relevant document or associated guidelines.
3. For the purpose of this standard, an electronic signature is a secured authority that complies with the definition in section 209 of the Contract and Commercial Law Act 2017.

Application

4. This standard applies from the date we publish the final version. It applies to all taxpayers and customers of Inland Revenue ("Customers") who wish to provide electronically signed documentation and information to Inland Revenue through Inland Revenue approved channels.
5. Customers may only use an electronic signature when submitting documents and information to Inland Revenue where:
   1. They are using Inland Revenue's online services; or,
   2. They provide an electronic signature (whether directly or via a tax agent or other intermediary) using software that complies with the requirements set out in this standard.
6. Customers submitting documentation and information under an electronic signature to Inland Revenue must comply with the conditions for the presumption of reliability set out in sections 228(1)(a) to 228 (1)(d) of the Contract and Commercial Law Act 2017.

Electronic signature

7. An electronic signature must be provided with the signatory's consent.
8. In accordance with section 228 of the Contract and Commercial Law Act 2017, the means of creating the electronic signature must be linked to the signatory, or other authorised person, and to no other person.
9. An electronic signature also verifies that the information was submitted by a known Customer, or other authorised person, that the Customer cannot deny having affirmed the document or information provided to Inland Revenue and that the document or information was not altered in transit.
10. Any alteration to the document or information after the time of signing must be detectable.
11. The signatory is responsible for safeguarding their authentication credentials and the management of delegations they authorise.
12. An electronic signature is the Customer's verification of the authenticity and accuracy of the information or documentation submitted to Inland Revenue.

Non Repudiation of transactions submitted through third party software

13. Third party software providers must implement administrative, physical and technical safeguards to protect confidential information that are no less rigorous than accepted industry practices, including the 'International Organization for Standardization's' standards:
    • ISO 14000 series
    • ISO 27000 series
14. Third party software providers must ensure that all such safeguards, including the manner in which personal information is collected, accessed, used, stored, processed, disposed of and disclosed, must comply with applicable New Zealand data protection and privacy laws, as well as the terms and conditions of their contractual obligations with Inland Revenue.
15. If the integrity of a transaction is questioned, the third party provider must be able to demonstrate the validity of the transaction on their system or intermediary systems.
    The software must log authentication, time, and source details from online sessions for all transactions.
16. The software's terms of use and privacy declarations must state that the end user is responsible for safeguarding their authentication credentials and the management of delegations they authorise.
17. The software must maintain a log file that captures information that identifies the sender each time an electronic signature is provided.
18. The log file must be in its original format with no modifications.
19. The log file must be provided to Inland Revenue, if requested, within a specified time limit.
20. Log files must be considered and treated as 'business records' for the purposes of the Tax Administration Act 1994 and the Evidence Act 2006.