The COVID-19 pandemic propelled the rapid adoption of e-signing and turned the global digital signature market into one of the fastest-growing in the world, according to Deloitte. In 2020, its size was estimated at somewhere between $2.3 and $2.8 billion, and it is projected to balloon into $4.5-5 billion by 2023 and over $14 billion by 2026.
Clearly, businesses have no problem trusting e-signatures as legally binding and for all intents and purposes, equivalent to traditional signatures. Should they? This week, we’re taking a closer look at electronic signature legality, as in what makes e-signatures legal under various laws around the world and what type of legal documents they can and can’t seal.
Requirements for electronic signatures: what makes an e-signature legal?
As we explored in our previous post on wet signatures, an electronic signature, or e-signature, refers to a signature created to sign an agreement or other document electronically.
According to Gartner, an electronic signature is a traceable email or a biometric applied to a message. The biometric may be based on digitized handwriting, which is converted by cryptography into a digital signature. In other cases, a biometric, such as a fingerprint, is combined with a hash or digest of the message to show the signer’s intent. E-signatures can’t be removed and copied to other documents in an act of forgery.
So what makes a valid electronic signature? It varies by country, state or region. Let’s explore electronic signature laws and requirements around the world.
Electronic signature legal requirements from a bird's-eye view
As we pointed out earlier, e-signatures have seen enthusiastic adoption in the past decade. Deloitte reckons that Asia-Pacific and Europe are to become the fastest-growing region on a global scale by 2026, “closing the gaps with the levels of adoption currently observed in North America where supportive regulation has driven strong use across industries.”
Two laws regulate electronic signature legality in the United States.
The Electronic Signatures in Global and National Commerce Act, or E-Sign Act, was passed in 2000 to provide a general rule of validity for electronic records and signatures for transactions in or affecting commerce across state and country lines. It explicitly allows the use of electronic records to satisfy any statute, regulation, or rule of law that calls for such information to be supplied in writing, with the affirmative and valid consent of the signatories.
The Uniform Electronic Transactions Act, or UETA, was signed into law the same year in response to the rise of electronic means of communication and doing business. It serves as a legal foundation for the use of such means where the parties have agreed to deal electronically. A key difference between the two laws is that while the E-Sign Act is a federal act, UETA has been adopted on a state-by-state basis (by 49 states except New York as of July 2021).
The requirements for electronic signature acceptance under the E-Sign Act and the UETA are the following:
A legally binding e-signature requires evidence of deliberation and informed consent on the signer’s part to enter into the agreement and accept its terms. Using a mouse, touchpad or touchscreen to draw their signature or typing their name into a document's signature field are the most commonly used way to accomplish that.
According to law firm Tucker Arensberg, a record of the e-signature must be created at the time of signing and show the process by which the document was accepted by the signer. Online contract signing processes are often done via email, where the messages themselves usually tick this requirement as a record of the transaction.
- Opt-in and opt-out
In the case of online contract signature, consumers are legally required to opt in to the electronic signature process in a way of expressing their consent to doing business electronically. In the same vein, signers should also have the opportunity to say no to e-signing, in which case they must be advised on how to go the manual route.
In 2014, the EU’s Regulation on electronic identification and trust services, eIDAS for short, was passed to secure cross-border transactions and foster a predictable regulatory environment. As a result, EU citizens have been able to benefit from safer and smoother experiences when filing their taxes, enrolling in a foreign university, remotely opening a bank account, and setting up a business in another member state, among other things.
When are electronic signatures legally binding under eIDAS? If they are:
- uniquely linked to the signatory;
- capable of identifying the signatory;
- created using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control; and
- linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
It’s important to note here that the above electronic signature legal requirements are only applicable to advanced electronic signatures (AdES). The eIDAS, however, defines three levels of electronic signatures: simple, advanced, and qualified. The legal requirements for electronic signatures falling into the other two categories are as follows.
The most basic form of eIDAS-compliant e-signatures is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” Meaning that something as simple as a signer writing their name under an email might qualify as a simple e-signature.
The legal requirements for qualified electronic signatures are the same as those of advanced electronic signatures, plus that they should be:
- created by a qualified signature creation device (QSCD);
- based on a qualified certificate for electronic signatures; and
- equivalent to a handwritten signature.
The Electronic Communications Act of 2000 was a milestone legislation passed by the Parliament to make provisions on the delivery of cryptographic services and confirm electronic signature legality in the United Kingdom. In July 2016, it was replaced by eIDAS, which remained in use as the general framework for electronic signatures and other trust services following the UK’s 2020 withdrawal from the European Union. In fact, it has since been adopted by UK law and is commonly referred to as UK eIDAS.
The two main pieces of legislation regulating the use of electronic signatures in Switzerland are the Swiss Federal Act on Electronic Signatures (FAES) and the Swiss Code of Obligations (CO).
The former, Deloitte explains, sets forth similar requirements to those of eIDAS, introducing a fourth type of e-signature called regulated e-signature as a compromise between advanced and qualified electronic signatures. The latter prescribes that only qualified electronic signatures based on a qualified certificate issued by an accredited certification service provider should be considered equivalent to handwritten signatures.
In the eyes of the law: signature enforceability in the digital space
So do electronic signatures hold up in court? In short, they do. The E-Sign Act, for example, specifically states that a signature or contract “may not be denied legal effect, validity, or enforceability solely because it is in electronic form.” Similarly, contracts may not be denied legal effect, validity, or enforceability simply because an electronic signature or record was used to seal them. So if all signing parties to a contract agree to using electronic signatures, there’s no reason why their legality would be questioned.
In a 2016 case, however, a bankruptcy judge for the Eastern District of California imposed sanctions on a bankruptcy lawyer for permitting a debtor to e-sign documents that required a wet signature. According to the American Bar Association, the United States Trustee argued that the signatures on the documents did not constitute a wet signature as per applicable bankruptcy and local rules. The bottomline is: always be sure to check all pertaining laws, local or national, state or federal, regarding the how and when of using e-signatures.
Examples of electronic signature use cases: a not-even-remotely exhaustive list
Signatories are typically allowed to use electronic signatures on documents including:
- Sales contracts
- Mortgage applications
- Quality control reports
- Non-disclosure agreements
- Job offer letters
- Purchase orders
- Maintenance logs
- Insurance claims
- Patient intake forms
- Change requests
What documents cannot be signed electronically? Depending on the jurisdiction, electronic signatures on legal documents such as deeds, wills, adoption papers, product recall notices, divorce filings, court orders, leases as well as termination, foreclosure, and eviction notices aren’t typically allowed.
Electronic signatures on contracts: how to ensure e-signature compliance
Under US law, electronic signatures require three things – aside from electronic signature consent from all signatories – to hold up in legal proceedings:
- a digital seal to track the signatures’ origins;
- an audit trail leading back to the original signer; and
- strong authentication methods to confirm signer identities.
But businesses shouldn’t stop there, TechTarget warns. More specifically, they should take additional steps to prevent signature fraud and preserve the validity of e-signed documents, such as using only vetted e-signature tools, enabling two-factor authentication and only signing documents they expect to receive.
E-sign your documents with confidence: eSign by Tresorit
Tresorit’s electronic signature for documents was designed with the same vision we had for all our solutions: to give users more control over their data. Securing a digital economy means securing all data assets the businesses manage, including documents that require a signature.
Use Tresorit eSign to:
- Electronically sign any document, whether it’s an asset purchase agreement, employment contract or non-disclosure agreement, faster without sacrificing security
- Benefit from zero-knowledge, end-to-end encryption, the gold standard for privacy, through the entire document management lifecycle without leaving Tresorit
- Create fine-grained access controls to documents and share them securely with internal or external signatories through encrypted email or with encrypted links
- Keep track of completed, pending, and rejected requests in one place and set up a secure contract repository for collaboration across departments
- Take care of the signing process in three easy steps: create an eSign request, share the request link with your collaborators and get notified once they’re done
A local association of the German Red Cross digitalized the way of processing invoices using Tresorit eSign. The new process cuts the time needed to approve invoices from two to three days to two to three hours:
„Tresorit eSign makes our workflow much easier: we sign invoices digitally and, at the same time, our NGO can follow the four-eyes principle quickly and securely.“