Digital Signatures in XBRL
The XBRL Standards Board has this week approved for release, as a consultation draft, the first deliverable of the Digital Signatures in XBRL Working Group (or… umm… D6WG). The requirements document has now been published. What’s this about? Is it important? Glad you asked. And Yes.
Digital business reports prepared in XBRL contain corporate and organisational disclosures that have been developed with significant care, involving a diverse range of expert people, specialist systems and strong controls. Their contents can have direct bearing on the issuing organisation’s value and reputation. It’s therefore important that preparers, auditors, regulators and end users all know that the report has not been tampered with.
Different regulatory environments have had a wide range of different approaches to this need, ranging from extremely light touch, to complex, multi-layered security systems. The D6WG is working towards the publication of a new XBRL specification that will permit the use of digital signatures (based on the controlled issue of cryptographic key pairs, or “digital certificates”) to permit signing of these reports, or parts of these reports, by as many people as needed.
For example, for a public company, that might mean the CFO, the CEO and Chair need to sign, as well as the financial auditor. Before long, many reports will also require signatures from the assurance provider that has reviewed the sustainability report. A report to an insurance regulator might require that the Chief Risk Officer and the Actuary signs. In some cases we expect that the regulator will add their signature, to indicate that this is the version of the report that was received at a particular time and date.
The WG proposes the use of “detached” signatures that connect all or part of the report to one ore more signatures in a separate signatures section of the relevant Report Package. Importantly, the WG proposes that no single digital signing technology be required. Instead, the specification will control the manner in which digital signatures (of any kind) are applied to XBRL reports.
The widespread use of this specification (which is being increasingly sought by a number of regulators and policy makers) will be highly dependent on your feedback to these requirements, as well as the user experience that vendors develop to permit signing to take place in a user-friendly manner.
Your initial feedback is sought on this important new set of proposals, initially by 7 July 2023. Find the requirements document here.