August 31, 2020
by Leor Melamedov / August 31, 2020
E-signatures have held equal status to “wet” signatures since they were legally recognized in 2000, in both the ESIGN Act and similar international laws.
However, there are a few but important proportion of transactions that still require a pen-and-paper signature.
An e-signature is an electronic symbol, usually the person’s name, that is attached to a form or contract and demonstrates consent. They are legally binding for all transactions they are used in.
Many e-signatures enable companies to receive legally binding consent via a computer or smartphone while an agent is on a call with them. They have an advantage over pen-and-paper signatures thanks to their efficiency and CX advantages. Digital signatures are a subtype of e-signatures that are particularly secure and rely on encryption technology.
Furthermore, the particulars of e-signature legal requirements depend on the country and jurisdiction. Here, we will explore the legality of e-signatures around the world.
The United States' Electronic Signature and Records Association Act states that an electronic signature is only legal when all parties consent to use them instead of more traditional methods of providing consent.
The Uniform Electronic Transactions Act also says that each state should have an outline of how the e-signatures should be used, a concept that the E.U. has also adopted for its member-states.
In general, legally-binding e-signatures must:
By meeting the above criteria, e-signatures are recognized as legally binding. But there are situations when e-signatures cannot be legally accepted.
In many countries and jurisdictions, e-signatures aren’t used in significant ceremonies and documents such as birth or death certificates, divorce certificates, and adoption papers. In these instances, wet signatures and a notary or witnesses are usually required. E-signatures are also rejected if the signer is shown to not be computer-literate.
Legally binding e-signatures are based on a technology called public key infrastructure (PKI). A PKI is a system that enables the secure management of electronic digital signatures by generating two bits of code known as keys: a private key and a public key.
The private key is only used by the signer of the document and hidden from everyone else. The public key is shared with those who need to validate the e-signature’s authenticity. The PKI system also guarantees adherence to certificate authority (CA) requirements, which are organizations that have the authority to ensure the integrity of key security.
Once the signer adds an electronic signature, a cryptographic hash is created that’s associated with the document and functions as a unique digital fingerprint. The private key then encrypts the cryptographic hash and stores it in a secure HSM box. It is added to the document and submitted to the recipient with the signer’s public key.
Using the public key certificate, the recipient can decrypt the encrypted hash. A new cryptographic hash is generated on the recipient’s side, and the two hashes are compared to validate the e-signature’s authenticity and prove that no tampering has occurred.
Since there is some variation in electronic signature legal requirements across various states and countries, businesses should seek to understand the laws in their area. Businesses can even seek legal counsel for regional variations in e-signature laws.
In 2000 in the United States, the federal Electronic Signatures in Global and National Commerce Act (ESIGN) and the state Uniform Electronic Transactions Act (UETA) affirmed the legality of the e-signature and outlined the criteria for ensuring electronic signature legal compliance.
In the UK, e-signatures gained legal standing in Electronic Signatures Regulations (2002). According to this act, it’s not necessary for a contract to consist of a wet signature. For a contract to be valid, all parties must simply demonstrate an understanding of the contract, and an e-signature serves as evidence that all parties involved have agreed to the contract terms.
In the EU, e-signatures became legally binding through a community framework directive. According to this directive, an electronic signature cannot be rejected merely because it was electronically created.
The following constitute the basic characteristics of a legally-binding e-signature. While this overview is based on the principles of US law, most of the principles can be applied to e-signatures in other parts of the world, which we will deep-dive into in the next section.
E-signature legal requirements tend to be similar throughout the world. For example, the vast majority of jurisdictions state that a document or contract can’t be rejected simply because it was electronically signed. Yet there are some important variations across jurisdictions, especially when it comes to types of e-signatures and the few situations where e-signatures aren’t accepted.
In the US, e-signature legal requirements are based on two main acts: on the state level, there is the Uniform Electronic Transactions Act (UETA) and on the federal level there is the Electronic Signatures in Global and National Commerce Act (ESIGN).
Both ESIGN and UETA were passed in 2000 and describe five main elements that make an e-signature legally binding:
In the US, electronically signed documents are accepted in most situations. That includes B2B, B2C, and C2C transactions, as well as transactions between the government and businesses or individuals. Multiple court cases have affirmed the reliability of e-signatures, enshrining them in case law.
There are a few circumstances when e-signatures aren’t accepted in the US In these cases, signatures are required to comprise of ‘wet ink’ or formally notarized signatures.
The following situations exclude the use of e-signatures:
Similarly to ESIGN and UETA, the UK Electronic Communications Act in 2000 affirmed that an agreement can’t be invalidated purely because the signature was electronically delivered. Electronic signatures were fully codified in the UK under the Electronic Signatures Regulations Act in 2002.
According to UK law, a valid contract doesn’t need a written signature, as long as both parties have an understanding of the contract and reach a mutual agreement. This being the case, an electronic record serves as acceptable proof that both sides agreed to the document.
There are different degrees of legality for e-signatures. The most basic type, Standard Electronic Signatures (SES), isn’t seen as having the same weight as a handwritten signature. But UK law does perceive one type of e-signature as equal to a handwritten one. These e-signatures are known as Qualified Electronic Signatures (QES) or Advanced Electronic Signatures (AES).
In the UK, standard e-signatures are accepted on most documents, including employment contracts, HR documents, commercial agreements, sales contracts, short-term leases, guarantees, and loan agreements. Other documents require AES or QES.
There are some agreements that still have to be signed by hand, such as:
In 2000, the EU accepted e-signatures as legally binding through the Directive on a Community framework. This confirmed that an electronic signature can’t be rejected just because it was created electronically.
Many European countries share the UK’s approach of accepting contracts as legally binding without a handwritten signature. In 2015, EU legislation replaced the 2000 e-signature Directive with Regulation (EU) No 910/2014, usually referred to as eIDAS. eIDAS stated that there are three types of e-signatures: SES, AES, and QES, just as in the UK.
According to eIDAS, a simple electronic signature covers every type of signature in which electronic data is attached to the signature and used for authentication. It is technology-agnostic, so any electronic document, such as Adobe PDF or Microsoft Word can include such a signature.
Regardless of the type of technology underlying it, a simple electronic signature must show the signer’s intent, be created by the person who is providing consent, and be part and parcel of the document it’s connected to.
The standard e-signature is accepted for most contracts and documents, including employment contracts, purchase orders, invoices, sales agreements, software licenses, and real estate documents. An SES is accepted in B2B, B2C, and C2C situations. AES or QES are accepted for most court briefs, consumer credit loan agreements, and residential and commercial leases.
An advanced electronic signature must include additional elements that guarantee the signer’s identity and the security of the document. It must be uniquely linked to the signer and be connected to the data in such a way that any subsequent changes to the document, such as tampering, can be detected.
Finally, the last type of signature defined by eIDAS is a qualified electronic signature. Even though both advanced and qualified signatures are uniquely tied to the signer’s identity, qualified electronic signatures are based on qualified certificates. As such, they can only be issued by a certificate authority (CA), which is an industry-approved organization that regulates the integrity of such electronic signatures.
A certificate authority must be accredited and supervised by bodies assigned by EU member states, and meet the stringent requirements of eIDAS. Qualified certificates must be stored on a qualified signature creation device such as a USB token, a smart card, or a cloud-based trust service. Like in the US and UK, there are just a few situations in which only a handwritten signature will do in the EU.
These include:
It’s important to remember that each member of the EU has its own set of requirements for e-signatures.
You don’t want there to be any chance that your customers’ e-signatures aren’t accepted. To avoid this, follow these best practices:
Next-generation e-signatures that are part of a wider, customer-centric system are making it possible for businesses to instantly collect documents, e-signatures, and payments while customers are on the phone. This use of next-generation e-signatures streamlines workflows, ticks up customer satisfaction, and increases completion rates, all in a fully compliant and legally binding manner.
Find the right e-signature software for your business needs, only on G2.
Leor Melamedov is the content manager at Lightico. She’s passionate about spreading the word on customer-facing technologies that make companies’ and people’s lives easier and better. Leor is a native New Yorker and now lives in Israel with her husband.
Digitization is having a significant impact on every sector, and the banking industry is no...
The advent of the software revolution has brought unprecedented productivity and convenience....
It’s safe to say the power dynamic between employers and employees has shifted. Gone are the...
Digitization is having a significant impact on every sector, and the banking industry is no...
It’s safe to say the power dynamic between employers and employees has shifted. Gone are the...