Subscribe to the Non-Human & AI Identity Journal

Remote Online Notarisation

Remote online notarisation is a notarisation process performed over a live digital session rather than in person. The legal value comes from identity verification, digital signing, and retained evidence that can prove the act occurred and was not altered later.

Expanded Definition

Remote online notarisation, often shortened to RON, is a legally mediated digital notarisation event that combines live identity proofing, audio-visual presence, signature capture, and evidence retention. It is not simply a video call with a signature attached. The process usually depends on a trusted workflow that can show who participated, what document was signed, when the act occurred, and whether the record was altered later.

Definitions vary across jurisdictions, because notarial law is state- or country-specific and the technical controls around RON are still evolving. In security terms, RON sits at the intersection of identity verification, document integrity, and evidentiary logging. That makes it closer to an identity assurance workflow than a generic e-signature process. The NIST Cybersecurity Framework 2.0 is useful here because it frames governance, protection, detection, and recovery around trustworthy digital services, which is the real operational requirement behind RON.

The most common misapplication is treating RON as equivalent to a standard electronic signature, which occurs when organisations skip identity proofing and tamper-evident evidence retention.

Examples and Use Cases

Implementing RON rigorously often introduces extra identity checks and evidence-management overhead, requiring organisations to weigh convenience against legal defensibility and fraud resistance.

  • Real estate closings where a signer cannot attend a physical office and the notarisation must still produce auditable evidence of identity, session integrity, and document finality.
  • Cross-border or travel-constrained transactions where the notarial act needs to be completed remotely, but the governing jurisdiction still requires live presence and retained session records.
  • High-value lending workflows where a notary must confirm the signer’s identity through knowledge-based, credential-based, or document-based checks before the electronic seal is applied.
  • Corporate or power-of-attorney execution where the organisation needs a durable record trail, including timestamps, video evidence, and signed document hashes, to support later challenge response.
  • Identity-sensitive onboarding where a regulated institution uses RON to reduce in-person friction while preserving a defensible chain of evidence for audit or dispute resolution.

For teams formalising controls around these workflows, NIST guidance on digital assurance and secure system design helps distinguish a valid notarial process from a simple remote meeting. In practice, RON should be evaluated with the same caution applied to other high-trust digital events: if the evidence cannot withstand review, the notarisation may not either.

Why It Matters for Security Teams

Security teams care about RON because it creates a trusted record that can later become evidence in litigation, compliance review, or fraud investigation. If identity proofing is weak, an impostor may be able to complete a valid-looking act. If the recording or audit trail is incomplete, a genuine act may become difficult to defend. If document integrity controls are weak, the notarised record may be challenged as altered after execution.

That makes RON relevant to IAM, fraud prevention, and digital trust governance, especially where personal data and legally binding consent intersect. It also has a growing connection to NHI governance when automation, signing services, or workflow bots assist in document routing, evidence retention, or session orchestration. In those cases, the non-human components need strong authentication, bounded authority, and immutable logging just like human participants do. The operational lesson is that RON is not only about user convenience; it is about proving the legitimacy of a critical act after the fact.

Organisations typically encounter RON as a security problem only after a disputed signature, failed audit, or fraud allegation, at which point the evidentiary chain becomes operationally unavoidable to reconstruct.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack surface, NIST CSF 2.0 and NIST SP 800-63 set the technical controls, and DORA and PCI DSS v4.0 define the regulatory obligations.

Framework Control / Reference Relevance
NIST CSF 2.0 GV.OC, PR.AA, PR.DS RON depends on governed identity assurance, data protection, and auditable digital trust.
NIST SP 800-63 IAL2 RON relies on identity proofing strength aligned to remote verification expectations.
OWASP Non-Human Identity Top 10 RON workflows often use automated systems that need authenticated, least-privilege machine identities.
DORA RON evidence and availability matter in regulated digital processes that must remain resilient.
PCI DSS v4.0 Not directly defining RON, but relevant where notarised workflows handle sensitive regulated data.

Set ownership, protect evidence, and verify identity before treating a remote notarisation as trustworthy.