Are electronic signatures legal? Your 2023 guide to e-signing
The COVID-19 pandemic propelled the rapid adoption of e-signing and turned the global digital signature market into one of the fastest-growing in the world, according to Deloitte. In 2020, its size was estimated at somewhere between $2.3 and $2.8 billion, and it is projected to balloon into $4.5-5 billion by 2023 and over $14 billion by 2026.
Clearly, businesses have no problem trusting e-signatures as legally binding and for all intents and purposes, equivalent to traditional signatures. Should they? In this article, we’re taking a closer look at electronic signature legality, as in what makes e-signatures under various laws around the world and what type of legal documents they can and can’t be used for.
Requirements for electronic signatures: what makes an e-signature legal?
As we explored in our previous post on wet signatures, an electronic signature, or e-signature, refers to a signature created to sign an agreement or other document electronically.
According to Gartner, an electronic signature is a traceable email or a biometric applied to a message. The biometric may be based on digitized handwriting, which is converted by cryptography into a digital signature. In other cases, a biometric, such as a fingerprint, is combined with a hash or digest of the message to show the signer’s intent. E-signatures can’t be removed and copied to other documents in an act of forgery.
So what makes an electronic signature? It varies by country, state or region. Let’s explore electronic signature laws and requirements around the world.
Electronic signature legal requirements from a bird's-eye view
As we pointed out earlier, e-signatures have seen enthusiastic adoption in the past decade. Deloitte reckons that Asia-Pacific and Europe are to become the fastest-growing region on a global scale by 2026, “closing the gaps with the levels of adoption currently observed in North America where supportive regulation has driven strong use across industries.”
United States
Electronic signatures are legally recognized in the United States. The United States has a two-tier model, where two laws are regulating electronic signature legality.
The Electronic Signatures in Global and National Commerce Act (E-SIGN) passed in 2000, legislated that electronic signatures are legal in every state and U.S. territory where federal law applies. The Act aims to provide a general rule of validity for electronic records and signatures for transactions in or affecting commerce across state and country lines. It explicitly allows the use of electronic records to satisfy any statute, regulation, or rule of law that calls for such information to be supplied in writing, with the affirmative and valid consent of the signatories.
TWhere federal law does not apply, most U.S. states have adopted theUniform Electronic Transactions Act (UETA).. The UETA was published in 1999, in response to the rise of electronic means of communication and doing business. It serves as a legal foundation for the use of such means where the parties have agreed to deal electronically. A key difference between the two laws is that while the E-Sign Act is a federal act, UETA has been adopted on a state-by-state basis (by 49 states except New York as of July 2021).
The requirements for electronic signature acceptance under the ESIGN Act and the UETA are the following:
- Intent
A legally binding e-signature requires evidence of deliberation and informed consent on the signer’s part to enter into the agreement and accept its terms. Using a mouse, touchpad or touchscreen to draw their signature or typing their name into a document's signature field are the most commonly used way to accomplish that.
- Record
According to law firm Tucker Arensberg, a record of the e-signature must be created at the time of signing and show the process by which the document was accepted by the signer. Online contract signing processes are often done via email, where the messages themselves usually tick this requirement as a record of the transaction.
- Opt-in and opt-out
In the case of online contract signature, consumers are legally required to opt in to the electronic signature process in a way of expressing their consent to doing business electronically. In the same vein, signers should also have the opportunity to say no to e-signing, in which case they must be advised on how to go the manual route.
European Union
In 2014, the EU’s Regulation on electronic identification and trust services, eIDAS for short, was passed to secure cross-border transactions and foster a predictable regulatory environment, providing a comprehensive legal framework for electronic signatures within the European Union. As a result, EU citizens have been able to benefit from safer and smoother experiences when filing their taxes, enrolling in a foreign university, remotely opening a bank account, and setting up a business in another member state, among other things.
As laid down in eIDAS, eSignatures are generally legally binding and their electronic form doesn’t, alone, disqualify their validity. However, the more evidence you can bring to demonstrate you are who you claim to be and your signature hasn’t been tampered with, the better you are positioned in front of the court.
To establish a common ground and trust in the world of eSignatures, eIDAS introduced three levels of electronic signatures: simple, advanced, and qualified.
Simple Electronic Signatures (SES)
The most basic form of eIDAS-compliant e-signatures is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” Meaning that something as simple as a signer writing their name under an email might qualify as a simple e-signature.
Advanced Electronic Signatures (AES)
Compared to SES, advanced electronic signatures offer additional security and identity proofing assurances. In particular, this type of signatures must meet the following criteria:
- uniquely linked to the signatory;
- capable of identifying the signatory;
- created using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control; and
- linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Qualified Electronic Signatures (QES)
The legal requirements for qualified electronic signatures must not only meet the same requirement as those for advanced electronic signatures, but furthermore they should be:
- created by a qualified signature creation device (QSCD);
- be based on a qualified certificate, issued by a certified qualified trust service provider (QTSP)
While advanced electronic signatures provide additional guarantees in respect of the authenticity and integrity of the document, their probative value is not evident under the eIDAS. Especially, with regards to formal requirements, certain contracts and declarations might be subject to national laws. They may mandate higher level of signatures (e. g. AES or QES) for specific contracts, or even prohibit the use of electronic means for certain documents (e. g. wills). According to the eIDAS only qualified electronic signatures are considered equivalent to a handwritten signature, having a uniform legal status within the EU.
United Kingdom
:The Electronic Communications Act (ECA) of 2000 was a milestone legislation and statutory framework passed by Parliament to make provisions on the delivery of cryptographic services and admissibility of electronic signatures in the United Kingdom. Although the ECA 2000 deals with the admissibility of electronic signatures, it does not expressly provide for their legal validity in UK law. This is primarily determined by principles of common law. following the UK’s 2020 withdrawal from the European Union, from 1 January 2021, the EU eIDAS was incorporated into UK domestic law (UK eIDAS) preserving the mutual recognition of electronic signatures and other trust services. The combination of UK eIDAS, the Electronic Communications Act 2000 and case law supports the continued use of electronic signatures to execute domestic transactions (under English law).
Switzerland
The two main pieces of legislation regulating the use of electronic signatures in Switzerland are the Swiss Federal Act on Electronic Signatures (FAES) and the Swiss Code of Obligations (CO).
The former, Deloitte explains, sets forth similar requirements to those of eIDAS, introducing a fourth type of e-signature called regulated e-signature as a compromise between advanced and qualified electronic signatures. The latter prescribes that only qualified electronic signatures based on a qualified certificate issued by an accredited certification service provider in Switzerland should be considered equivalent to handwritten signatures.
In the eyes of the law: signature enforceability in the digital space
So do electronic signatures hold up in court? In short, they do.
Similarly, the E-SIGN Act states that a signature or contract “may not be denied legal effect, validity, or enforceability of an electronically signed document solely because it is in electronic form.” So if all signing parties to a contract agree to using electronic signatures, in general, they're perceived legally valid, unless there are particular formal requirements in place.
In a 2016 case, however, a bankruptcy judge for the Eastern District of California imposed sanctions on a bankruptcy lawyer for permitting a debtor to e-sign documents that required a wet signature. According to the American Bar Association, the United States Trustee argued that the signatures on the documents did not constitute a wet signature as per applicable bankruptcy and local rules.
In the European context, qualified electronic signatures are deemed as the gold standard when it comes to undeniable legal validity. Being mutually accepted across all EU member states as the legal equivalent to conventional handwritten signatures, it is the safest choice for businesses for high-liability, sensitive transactions. On top of the security and authentication measures applied for advanced signatures, QES requires third-party identity validation by a qualified trust service provider. Equipped with these strong security and authentication features, QES provides the highest level of legal probative value and non-repudiation across the EU.
The bottomline is: always be sure to check all pertaining laws, local or national, state or federal, regarding the how and when of using e-signatures.
Examples of electronic signature use cases: a not-even-remotely exhaustive list
Signatories are typically allowed to use electronic signatures on documents including:
- sales contracts
- mortgage applications
- quality control reports
- non-disclosure agreements
- job offer letters
- purchase orders
- maintenance logs
- insurance claims
- patient intake forms
- change requests, among others.
What documents cannot be signed electronically? Depending on the jurisdiction, electronic signatures on legal documents such as deeds, wills, adoption papers, product recall notices, divorce filings, court orders, leases as well as termination, foreclosure, eviction notices, etc. aren’t typically allowed.
Electronic signatures on contracts: how to ensure e-signature compliance
Under US law, electronic signatures require three things – aside from electronic signature consent from all signatories – to hold up in legal proceedings:
- a digital seal to track the signatures’ origins;
- an audit trail leading back to the original signer; and
- strong authentication methods to confirm signer identities.
But businesses shouldn’t stop there, TechTarget warns. More specifically, they should take additional steps to prevent signature fraud and preserve the validity of e-signed documents, such as using only vetted e-signature tools, enabling two-factor authentication and only signing documents they expect to receive.
Sign your documents with confidence: eSign by Tresorit
Tresorit’s electronic signature for documents was designed with the same vision we had for all our solutions: to give users more control over their data. Securing a digital economy means securing all data assets the businesses manage, including documents that require a signature.
With Tresorit eSign, you can sign documents directly from our end-to-end-encrypted platform. This helps you mitigate risks and secure your sensitive documents on every steps of their cycle from storing, sharing to signing them, without having to switch between systems. You can even stand up to the strictest European and Swiss regulatory requirements, with our qualified electronic signature offering. Our integration with SwissSign allows you to create electronic signatures and QeS as defined in ZERTs. Thanks to our partnership with the Qualified Trust Service Provider EvroTrust, you can sign your documents with eIDAS-compliant QeS directly from Tresorit.
Use Tresorit eSign to:
- Electronically sign any document, whether it’s an asset purchase agreement, employment contract or non-disclosure agreement, faster without sacrificing security
- Take care of the signing process in three easy steps: create an eSign request, share the request link with your collaborators and get notified once they’re done
- Benefit from zero-knowledge, end-to-end encryption, the gold standard for privacy, through the entire document management lifecycle without leaving Tresorit
- Create fine-grained eSign policies and access controls to documents and share them securely with internal or external signatories through encrypted email or with encrypted links
- Intuitively manage your eSign workflow by easily adding fillable fields and tracking the progress
- Keep track of completed, pending, and rejected requests in one place and set up a secure contract repository for collaboration across departments
Disclaimer: The content of this document is for information and educational purposes only, and shall not be considered as legal advice. In the case of any specific legal questions, you should consult an attorney registered in the relevant jurisdiction where you seek advice. Laws and regulations may change from time to time, and the content of this document may not be current or accurate. To the maximum extent permitted by law, Tresorit disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.