Non-Repudiation

**Three pillars of non-repudiation**

1. **Identity verification** — proving WHO signed (email OTP, API key authentication, PKI certificate) 2. **Intent capture** — proving they MEANT to sign (affirmative action like clicking a button or drawing a signature) 3. **Tamper detection** — proving the document HASN'T CHANGED since signing (SHA-256 hash)

**Non-repudiation by signature level**

• SES (Simple Electronic Signature): Provides basic non-repudiation through audit trails. Can be challenged — the signer can claim someone else used their email. • AES (Advanced Electronic Signature): Stronger non-repudiation. The signature is uniquely linked to the signer and created under their sole control. • QES (Qualified Electronic Signature): Maximum non-repudiation. Cannot be denied in any EU court. The legal equivalent of a handwritten signature.

**Why non-repudiation matters**

Without non-repudiation, a signer could claim: 'I didn't sign that', 'Someone else used my account', or 'The document was changed after I signed'. A well-implemented e-signature system makes all three claims provably false through cryptographic evidence.

**Signbee's approach**

Every Signbee document includes a SHA-256 hash (tamper detection), timestamps (when), IP addresses (where), and verification method (how identity was confirmed). This combination provides strong non-repudiation for standard business contracts.