How to Stay Compliant With E-Signature Legal Requirements

E-signatures have held equal status to “wet” signatures since they were legally recognized in 2000, in both the ESIGN Act and similar international laws.

However, there are a few but important proportion of transactions that still require a pen-and-paper signature.

An e-signature is an electronic symbol, usually the person’s name, that is attached to a form or contract and demonstrates consent. They are legally binding for all transactions they are used in.

Many e-signatures enable companies to receive legally binding consent via a computer or smartphone while an agent is on a call with them. They have an advantage over pen-and-paper signatures thanks to their efficiency and CX advantages. Digital signatures are a subtype of e-signatures that are particularly secure and rely on encryption technology.

Furthermore, the particulars of e-signature legal requirements depend on the country and jurisdiction. Here, we will explore the legality of e-signatures around the world.

E-signature legal requirements

The United States' Electronic Signature and Records Association Act states that an electronic signature is only legal when all parties consent to use them instead of more traditional methods of providing consent.

The Uniform Electronic Transactions Act also says that each state should have an outline of how the e-signatures should be used, a concept that the E.U. has also adopted for its member-states.

In general, legally-binding e-signatures must:

• Show that signer truly is who they claim to be
• Show that the signer intended to sign electronically. The best way of proving this is to give the signer the option of signing on paper and letting them choose.
• The signer’s willingness to sign is demonstrated (e.g. an option to not agree is also present, such as a “cancel” button).
• The signer’s authenticity can be verified independently. This often means the presence of an email trail, timestamp, mobile phone number, and IP address. Two-step identification may also be helpful here for the purpose of attribution.

By meeting the above criteria, e-signatures are recognized as legally binding. But there are situations when e-signatures cannot be legally accepted.

In many countries and jurisdictions, e-signatures aren’t used in significant ceremonies and documents such as birth or death certificates, divorce certificates, and adoption papers. In these instances, wet signatures and a notary or witnesses are usually required. E-signatures are also rejected if the signer is shown to not be computer-literate.

The encryption technology underlying legal e-signatures

Legally binding e-signatures are based on a technology called public key infrastructure (PKI). A PKI is a system that enables the secure management of electronic digital signatures by generating two bits of code known as keys: a private key and a public key.

The private key is only used by the signer of the document and hidden from everyone else. The public key is shared with those who need to validate the e-signature’s authenticity. The PKI system also guarantees adherence to certificate authority (CA) requirements, which are organizations that have the authority to ensure the integrity of key security.

Once the signer adds an electronic signature, a cryptographic hash is created that’s associated with the document and functions as a unique digital fingerprint. The private key then encrypts the cryptographic hash and stores it in a secure HSM box. It is added to the document and submitted to the recipient with the signer’s public key.

Using the public key certificate, the recipient can decrypt the encrypted hash. A new cryptographic hash is generated on the recipient’s side, and the two hashes are compared to validate the e-signature’s authenticity and prove that no tampering has occurred.

A background on e-signature legal requirements

Since there is some variation in electronic signature legal requirements across various states and countries, businesses should seek to understand the laws in their area. Businesses can even seek legal counsel for regional variations in e-signature laws.

In 2000 in the United States, the federal Electronic Signatures in Global and National Commerce Act (ESIGN) and the state Uniform Electronic Transactions Act (UETA) affirmed the legality of the e-signature and outlined the criteria for ensuring electronic signature legal compliance.

In the UK, e-signatures gained legal standing in Electronic Signatures Regulations (2002). According to this act, it’s not necessary for a contract to consist of a wet signature. For a contract to be valid, all parties must simply demonstrate an understanding of the contract, and an e-signature serves as evidence that all parties involved have agreed to the contract terms.

In the EU, e-signatures became legally binding through a community framework directive. According to this directive, an electronic signature cannot be rejected merely because it was electronically created.

The following constitute the basic characteristics of a legally-binding e-signature. While this overview is based on the principles of US law, most of the principles can be applied to e-signatures in other parts of the world, which we will deep-dive into in the next section.

• Validity: Electronic records and signatures have the same legal standing as wet signatures on paper documents. Documents, contracts, and signatures cannot be denied legal enforceability just because they are electronic.
• Intent: E-signatures are only valid if the signer showed intent to sign. This is no different than wet signatures.
• Recording: E-signatures must be accompanied by graphic or text elements that show the electronic process by which the signature was created.
• Consent: Consent to sign must be demonstrated either explicitly or implicitly (as a result of actions undertaken). If the party is a consumer, he or she must receive UETA disclosures, actively consent to electronic interactions, and have not retracted that consent.
• Retention: For electronic documents and signatures to be valid and legally binding, they must be both retained and reproducible by all parties entitled to the document.

E-signature legal requirements – nuances around the world

E-signature legal requirements tend to be similar throughout the world. For example, the vast majority of jurisdictions state that a document or contract can’t be rejected simply because it was electronically signed. Yet there are some important variations across jurisdictions, especially when it comes to types of e-signatures and the few situations where e-signatures aren’t accepted.

E-signature requirements in the US

In the US, e-signature legal requirements are based on two main acts: on the state level, there is the Uniform Electronic Transactions Act (UETA) and on the federal level there is the Electronic Signatures in Global and National Commerce Act (ESIGN).

Both ESIGN and UETA were passed in 2000 and describe five main elements that make an e-signature legally binding:

• Validity: Signatures and records that are created electronically carry the same legal weight as traditional paper and ink versions. The fact that a signature was recorded electronically cannot be a reason for invalidating it.
• Consent: The person signing must consent to use an electronic signature. That means the business must make certain disclosures to them before they sign.
• Intent: An e-signature requires that the person signing has the intent to sign the document. They must agree to what’s written in the document they are signing and fully understand the implications of their signature.
• Recording: An e-signature needs to be accompanied by proof that this is an electronic signature and not a wet signature.
• Data integrity: Documents that have been e-signed must be kept secure from tampering or unintentional data loss.

In the US, electronically signed documents are accepted in most situations. That includes B2B, B2C, and C2C transactions, as well as transactions between the government and businesses or individuals. Multiple court cases have affirmed the reliability of e-signatures, enshrining them in case law.

There are a few circumstances when e-signatures aren’t accepted in the US In these cases, signatures are required to comprise of ‘wet ink’ or formally notarized signatures.

The following situations exclude the use of e-signatures:

• Court orders and notices
• Adoption and divorce agreements
• Termination of life or health insurance benefits
• Wills, testamentary trusts, and codicils

E-signature legal requirements in the UK

Similarly to ESIGN and UETA, the UK Electronic Communications Act in 2000 affirmed that an agreement can’t be invalidated purely because the signature was electronically delivered. Electronic signatures were fully codified in the UK under the Electronic Signatures Regulations Act in 2002.

According to UK law, a valid contract doesn’t need a written signature, as long as both parties have an understanding of the contract and reach a mutual agreement. This being the case, an electronic record serves as acceptable proof that both sides agreed to the document.

There are different degrees of legality for e-signatures. The most basic type, Standard Electronic Signatures (SES), isn’t seen as having the same weight as a handwritten signature. But UK law does perceive one type of e-signature as equal to a handwritten one. These e-signatures are known as Qualified Electronic Signatures (QES) or Advanced Electronic Signatures (AES).

An AES is:

• Uniquely connected to the person signing it
• Identifies the person who signed it
• Created using a process that can only be accessed by the signer
• Linked to other data, so any alterations or tampering will be detected

A QES is:

• A type of digital signature that has been approved by governmental authorities
• Generated with a highly secure signature creation device
• Equivalent to a handwritten signature under all legal conditions

In the UK, standard e-signatures are accepted on most documents, including employment contracts, HR documents, commercial agreements, sales contracts, short-term leases, guarantees, and loan agreements. Other documents require AES or QES.

There are some agreements that still have to be signed by hand, such as:

• Family law documents, including prenups and separation agreements
• Real estate deeds such as transfer of title, mortgage, and release of mortgage
• A majority of leases
• Customs and revenue documents

E-signature legal requirements in the EU

In 2000, the EU accepted e-signatures as legally binding through the Directive on a Community framework. This confirmed that an electronic signature can’t be rejected just because it was created electronically.

Many European countries share the UK’s approach of accepting contracts as legally binding without a handwritten signature. In 2015, EU legislation replaced the 2000 e-signature Directive with Regulation (EU) No 910/2014, usually referred to as eIDAS. eIDAS stated that there are three types of e-signatures: SES, AES, and QES, just as in the UK.

Standard e-signatures

According to eIDAS, a simple electronic signature covers every type of signature in which electronic data is attached to the signature and used for authentication. It is technology-agnostic, so any electronic document, such as Adobe PDF or Microsoft Word can include such a signature.

Regardless of the type of technology underlying it, a simple electronic signature must show the signer’s intent, be created by the person who is providing consent, and be part and parcel of the document it’s connected to.

The standard e-signature is accepted for most contracts and documents, including employment contracts, purchase orders, invoices, sales agreements, software licenses, and real estate documents. An SES is accepted in B2B, B2C, and C2C situations. AES or QES are accepted for most court briefs, consumer credit loan agreements, and residential and commercial leases.

Advanced e-signatures

An advanced electronic signature must include additional elements that guarantee the signer’s identity and the security of the document. It must be uniquely linked to the signer and be connected to the data in such a way that any subsequent changes to the document, such as tampering, can be detected.

Qualified e-signatures

Finally, the last type of signature defined by eIDAS is a qualified electronic signature. Even though both advanced and qualified signatures are uniquely tied to the signer’s identity, qualified electronic signatures are based on qualified certificates. As such, they can only be issued by a certificate authority (CA), which is an industry-approved organization that regulates the integrity of such electronic signatures.

A certificate authority must be accredited and supervised by bodies assigned by EU member states, and meet the stringent requirements of eIDAS. Qualified certificates must be stored on a qualified signature creation device such as a USB token, a smart card, or a cloud-based trust service. Like in the US and UK, there are just a few situations in which only a handwritten signature will do in the EU.

These include:

• Contracts to transfer or buy real estate
• Marriage contracts
• HR termination notices
• Formation of a limited liability company

It’s important to remember that each member of the EU has its own set of requirements for e-signatures.

Recommendations for e-signature legal enforceability

You don’t want there to be any chance that your customers’ e-signatures aren’t accepted. To avoid this, follow these best practices:

• Make sure that there is a clear audit trail that backs up the e-signature’s validity. This includes actions that the signator took before signing the document, like having checked a box to show they agreed to terms and conditions or clicked Next Page to sign.
• Set up a secure signature site that uses user authentication to ensure that only the customer can sign.
• Use third-party software to verify that you complied with disclosure regulations.
• Use a third party to maintain a secure storage site that ensures that the document can’t be tampered with after signing.
• Include an easy way for the signer to download and save a copy of the document for their own records.

Next-generation e-signatures that are part of a wider, customer-centric system are making it possible for businesses to instantly collect documents, e-signatures, and payments while customers are on the phone. This use of next-generation e-signatures streamlines workflows, ticks up customer satisfaction, and increases completion rates, all in a fully compliant and legally binding manner.

Find the right e-signature software for your business needs, only on G2.