Everything you need to know about electronic signatures and digital signing in the US, EU, and beyond.
Implementing a digital signing process into your business can provide tremendous benefits, but they may have questions about processes and legal ramifications of digital signing.
That’s why we wrote this guide.
Below, you’ll find everything you need to know about electronic signatures, digital signatures, and the online signing process.
1. What is an electronic signature?
Electronic signatures carry their own legal definition. Though this definition may vary slightly by country, this guide will focus on how e-signature laws are interpreted in the United States and the European Union.
In the United States, the legal definition of an electronic signature is derived from the Federal ESIGN Act of 2000:
Electronic Signature — The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
Many states across the US have also adopted the Uniform Electronic Transactions Act (UETA), which defines an electronic signature as:
“an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”
In the European Union, the definition of an electronic signature is derived from the eIDAS Regulation which states:
“electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
These definitions are part of the foundation that determines how electronic signatures work for business contracts signed throughout most of the western world.
More than a handwritten signature
One important takeaway from the legal definitions above is that an electronic signature is more than just an image file that resembles a handwritten signature.
In fact, an electronic signature doesn’t even need to look like the handwritten signature of the person signing the document.
While this is a feature that many e-signature software providers include in their offering, it carries limited legal weight when signing documents electronically.
Instead, electronic signatures use electronic identification methods, such as digital certificates, personalized login and access codes attached to the signer’s identity, and asymmetric encryption to create non-repudiation for sales contracts and signed business documents.
These enhanced security measures mean that — when executed correctly — electronic signatures are difficult to forge. These safety measures add to the legality of electronic signatures when used to sign digital documents and make electronic signatures safe for business use.
2. Who uses electronic signatures?
Electronic signatures are used by organizations large and small for a wide range of documentation. This includes:
- Fortune 500 corporations
- Insurance providers
- Banks and credit unions
- Government offices
- Small businesses
- Freelancers and consultants
And the number of businesses using electronic signatures is always growing. In fact, P&S Market Research predicted that the market will expand at a CAGR of around 35% until 2023 as global adoption rates continue to rise and evolve.
Many electronic signature solutions are also flexible enough to be integrated with businesses operating in a space where confidentiality requirements are a necessity, such as legal, financial, and health sectors.
However, because e-signing technology is so universal, nearly every company, regardless of size or industry, can benefit from adopting electronic signatures.
3. What are electronic signatures used for?
Electronic signatures could include any of the following:
- Sales proposals
- Purchasing contracts
- Hiring & onboardings
- Non-disclosure agreements (NDAs)
- Non-compete agreements (NCCs)
- Leases & rental agreements
- Tax documents
- Bank forms
- Insurance paperwork
- School forms
- Permission slips
- Model and product releases
An overview of the e-signing process
When a business wants to implement an e-signature solution, they must first digitize their existing documentation and convert it into a recognizable document format (.docx, PDF, PNG, etc.). After this process is complete, the business can add an e-signature solution to their digital document.
From there, the organization sends the documents to the signer and requests an electronic signature. The signer will follow the process required to create a digital signature. This process varies, depending on the software used during the signing process.
Many electronic signature solutions use handwritten signature illustrations to show signers where they should sign within a contract. Some even help you create a digital image of your signature, but that’s not strictly required by signature law.
Once the document is signed with the signer’s unique electronic identification, it can’t be changed. Any attempt to alter the document will invalidate the signature, requiring the signer to complete the process again after reviewing any changes to the document.
Find out more about how to implement an electronic signature solution in Section 9.
4. Why should my business use electronic signatures?
Businesses have adopted electronic signatures and document digitization for a number of reasons:
- Electronic signatures are completed faster than handwritten signature requests, which are often done by mail.
- Electronically-signed documents are recognized as legal replacements for handwritten signatures.
- Digital files reduce paper waste and are easier to store.
- Digital signatures are often more secure than handwritten signatures
- Digitization reduces printing and mailing costs while optimizing contract workflows.
- Digitally-drafted documents are easier to modify, reducing the burden of contract negotiation prior to signing.
Especially for businesses who are generating and processing paperwork with a limited staff, the ability to send and receive electronically-signed documents can reduce errors and ease workloads.
5. Are electronic signatures legal?
Yes. Electronic signatures are recognized around the world as a legal substitute for handwritten.
Though the legality of electronic signatures may vary slightly based on the governing authorities, electronic signatures are legal when captured correctly.
In many (not all) cases, electronic signatures are considered the equivalent of a handwritten signature. This is especially true when audit trails can trace the signing process back to the intended recipient.
These audit trails and security checkpoints, as well as the ability to lock a document after a signature solution is applied, creates non-repudiation — the assurance that the validity of the document can’t be denied — around the contract.
Some methods used to create non-repudiation include:
- Digital certificates
- Asymmetric or public-key encryption
- IP Address capture
- Account creation and login requirements
- Two-step verification for signers and signatories
Combined, these methods increase the level of security surrounding the document signing process and boost the enforceability of digital contracts in courts.
Below, we’ll discuss the laws behind electronic signatures and how they are applied within their specific regions.
6. Electronic Signatures in the European Union
In the EU, the validity and legality of electronic signatures are governed by eIDAS and the GDPR.
Companies seeking to do business with individuals and businesses across the EU should seek compliance with these bodies of law in order to gain legal standing through any electronic signature requirements.
The eIDAS (electronic IDentification, Authentication and trust Services), which became an established EU regulation in July 2014, extensively covers laws around electronic identification, digital certificates, electronic seals, timestamps, and the legality of electronic signatures.
The idea behind eIDAS was to create a uniform law that applies to every member state within the EU so that electronic identification information could be accepted from every EU member state.
Regarding electronic signatures, eIDAS segments digital signatures into three separate categories, each more secure than the last. These are listed below, and you can find additional information about them in Section 4 of the eIDAS Regulation.
1. Standard Electronic Signature (SES)
As mentioned at the top of the guide, eIDAS defines an electronic signature this way:
“electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
This is the most basic form of an electronic signature as defined by eIDAS. It has no basic security requirements and relies on logical assumptions to assume intent.
The United Kingdom’s Guide on Electronic Signatures and Trust Services cites a “scanned signature” or “tickbox plus declarations” as examples of this type of signature.
While a standard electronic signature might hold up in court (assuming the sender can prove that the signer was the one who actually signed the contract), the legal framework here is loose.
This type of electronic signature does not have the equivalent legal effect of a handwritten signature.
2. Advanced Electronic Signature (AES)
A step above standard electronic signatures, eIDAS qualifies advanced electronic signatures based on a higher standard of legal requirements (found in Article 26).
An advanced electronic signature shall meet the following requirements:
- it is uniquely linked to the signatory;
- it is capable of identifying the signatory;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
With AES, the escalation of requirements lends itself to enforceability and non-repudiation. By eliminating the potential for fraud and creating a system where only the intended signer can access and/or sign a legal contract, the legal standing of the contract increases.
However, like standard electronic signatures, this type of electronic signature does not have the equivalent legal effect of a handwritten signature.
3. Qualified Electronic Signature (QES)
The most stringent protocols for electronic signatures includes both the requirements for advanced electronic signatures (listed above) and additional requirements for the device upon which the signature is provided.
This means that devices must be acquired from an authorized certificate authority by the EU and used during the signing process. While this is covered extensively from Article 29 through Article 34 of eIDAS, the United Kingdom’s Guide on Electronic Signatures and Trust Services provides a simplified definition:
an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
With QES, both the digital security protocols and the devices on which a signature is created add to the authenticity and integrity of the electronic signature and the signed documents.
The addition of the digital certificate further reduces the potential for fraud or tampering and creates stronger non-repudiation around the digital contract.
Only qualified electronic signatures carry the equivalent legal effect of a handwritten signature.
The EU’s General Data Protection Regulation (GDPR) aims to harmonize data privacy laws across Europe.
While the regulation doesn’t take aim at electronic signatures specifically, it adds additional rules and requirements that companies who implement electronic signature solutions should consider. This includes:
- Data security
Organizations seeking to utilize an electronic signature solution should understand the EU’s stance on these topics, since they will be responsible for capturing and maintaining private information over an extended period in the form of contracts and digital agreements.
7. Electronic Signatures in the United States
In the US, electronic signatures are governed by the Uniform Electronic Transactions Act (UETA) and the Electronic Signatures in Global and National Commerce Act (E-Sign Act).
Combined, these two pieces of legislation maintain the groundwork for electronic signatures in the US. They’ve been adopted by nearly all states and are implemented at both a local and federal level.
Created in 1999 by the National Conference of Commissioners on Uniform State Laws, the UETA seeks to define the terms and basic legal framework for electronic signatures.
The UETA defines an electronic signature as “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”
While the law also provides a list of rules and regulations for each state, it must be adopted on a state-by-state basis. This is different from the E-Sign Act (below), which has been implemented at a federal level.
The UETA provides guidelines that are similar to the E-Sign Act but adds a few provisions that make it unique. These include how records should be attributed, how to handle mistakes in contract documents, and how information processing systems are defined when sending and receiving information.
Perhaps most importantly, the UETA states in Section 13 that “evidence of a record or signature may not be excluded solely because it is in electronic form.”
This provides legal standing to electronic signatures, which may be disproven but can’t be dismissed simply because of their digital format.
To date, 47 states have adopted the UETA as a legal framework for how electronic signatures are handled. The outlying states are Illinois, New York, and Washington.
You can find their UETA-alternative legal documentation below.
- Illinois: Electronic Commerce Security Act
- New York:Electronic Signatures and Records Act
- Washington:Washington Electronic Authentication Act
The E-Sign Act
Implemented in 2000 as a federal solution to electronic signatures and digital signing solutions, the E-Sign Act is active in all 50 states.
This law provides federal guidelines on various topics, including the intent to sign and the attribution and association of a signature with a graphic or textual record. Like the UETA, the E-Sign Act defines the legal definitions used to determine validity and regulation throughout the signing process.
In addition to safeguarding consumer consent surrounding electronic signature capture, the E-SIGN Act provides leeway for consumers who prefer paper signatures to electronic signatures or digital alternatives. It also mandates that businesses actively retain contracts and records associated with electronic transactions.
These measures ensure that consumers have the right to sign via pen and paper or in an “alternative, non-electronic form” and how consumers may withdraw consent from utilizing electronic formats.
Collectively, the UETA and E-Sign Act cover the legal groundwork regarding electronic documents and the e-signing process in the US. However, there are some notable exceptions. Neither law accepts the validity of electronic signatures in the following circumstances:
- The creating and execution of wills
- Areas of family law, including adoption and divorce
- Uniform Commercial Code
- Court documents
In these circumstances, documentation must be physically signed.
8. How do advanced electronic signatures and digital signatures work?
Aside from the simple electronic signatures defined by eIDAS (above), most electronic signatures are protected by some level of security and encryption.
This goes back to the idea of non-repudiation — the need for the organization issuing the contract to ensure that the authenticity of that contract is impossible to deny. Once the integrity of a contract and its attached electronic signature are no longer in doubt, the enforceability of the contract as a record of a transaction is much harder to deny.
These encrypted signatures go by a variety of names. In eDIAS and the EU, they are known as advanced electronic signatures. In the US, they’re often called digital signatures and come with a specialized set of standards that differentiate them from simple electronic signatures. These names carry special significance because they imply that some measure of digital security has been applied to the signing process.
Here are the two types of data security most often applied to electronic signature solutions.
When signing and sending electronic documents, both parties involved need some assurance that the content of the contract is not altered after the signing process is complete. Modern software uses public-key encryption to perform this task.
Asymmetric key cryptography allows parties to independently verify the authenticity of a contract by using the encrypted keys to validate a digitally-signed contract across multiple versions (or digests) of the document.
In most software solutions, the document only opens correctly (and with no warnings or alerts), if all versions of the contract match. If there are errors in the signing process, or if something has changed from the time that the document was signed, the process fails and all involved parties must sign the document again.
These extra checks and safeguards create electronic identification and audit trails that make documents more authentic. And, because this is a widely-accepted practice, many modern business solutions (such as Microsoft Word) come equipped with pre-built digital signing solutions.
This type of authentication is focused on ensuring that the electronic signature on a contract is authentic. This is often done by sending the document to a device or account that the intended signatory is known to control while requiring a secondary passcode in order to access the document itself.
Here are two common examples of evidence-based authentication:
- A company sends a document to the signer’s email, but they send a text to a number controlled by the signer which she must use in order to access the document.
- A signer is notified of a contract requiring his signature via an online document service. However, in order to access it, he must create an account and verify that account through proof of identity before he can sign.
With evidence-based authentication, companies are trying to ensure the identity of the signer. When combined with public-key encryption, it’s possible to ensure the authenticity and enforceability of a paperless signature.
9. How can I create an electronic signature?
There are multiple ways for individuals, as well as businesses of any size, to create electronic signatures. Below, we’ve listed the two most common ways to complete this task:
Use a word processor or PDF software
Many modern software solutions, like Microsoft Word or Adobe Acrobat, carry onboard signing solutions to help users create digital signatures.
However, the solutions are created using a process known as “self-signing”. A self-signed security certificate is simple and easy to make and, often, free. However, self-signed certificates also lack many of the security features that validate authenticity and build a case for non-repudiation.
While it is possible to create authentic digital signatures using a signature authority, this may be beyond the scope for most users both in terms of complexity and cost.
Use an online eSignature solution
A better solution, especially for organizations that may send and/or receive many signed documents, is an online eSignature solution like PandaDoc.
These online document companies already own the necessary certifications needed to create authentic signatures and often come equipped with everything you need to ensure compliance and non-repudiation from the moment you sign up.
If creating, sending, signing, and maintaining multiple contract files sounds like an administrative burden for your organization, give an online document solution a try. Their prices are affordable and most offer a variety of options to accommodate your personal or business needs.
10. Further Reading
Here, you’ll find a list of sources for legal documentation for electronic signatures in both the United States and the European Union.
You can also check out our e-signature legalities page for additional information on electronic signatures in other countries.
- Uniform Electronic Transactions Act
- Electronic Signatures in Global and National Commerce Act
- FDA Electronic Signature Regulations
- eiDAS Regulation
- United Kingdom Department for Business, Energy & Industrial Strategy on Electronic Signatures and Trust Services
- General Data Protection Regulation (GDPR)
Do you have additional questions about electronic signatures or the electronic signing process?
Have an idea for how we can make this ultimate guide even better?
Contact us and let us know!