Electronic Signatures
and Legal Requirements
What is an electronic signature?
An electronic signature or e-signature is defined as an electronic sound, symbol, or process, attached to or associated with any document and executed by a person with the intent to sign the document. An electronic signature provides the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created.
What are the key laws governing eSignatures?
- Uniform Electronic Transactions Act (UETA) 1999
- Electronic Signatures in Global and National Commerce Act (ESIGN) 2000
- UETA applies to 48 US states, the District of Columbia, Puerto Rico and the Virgin Islands. Illinois and New York have similar state statutes validating electronic signatures.
- Both the United States Electronic Signatures in Global and National Commerce (ESIGN) Act, and the Uniform Electronic Transactions Act (UETA), have the following major requirements for an electronic signature to be recognized as valid under U.S. law
- Electronic Transactions Act 1999
- The EU Regulation No. 910/2014 (the eIDAS Regulation)
What are the underlying principles of these laws?
Intent to sign
Electronic signatures, like pen-and-paper signatures, are valid only if each party intended to sign.
Consent to do business electronically
All parties to an agreement or transaction must agree to conduct the transaction using electronic means.
Association of the signature with the record
An e-signature must be connected or associated with the document that is being signed
Record retention
An electronically signed document must be in the form of an electronic record capable of retention by the recipient at the time of receipt.
Attribution
The attribution of an electronic signature to a person will be determined based on the context and circumstances under which the document is signe
Identification Requirement
The method used to sign identifies the person who is signing and indicates an intention by them to sign that document.
Reliability Requirement
The method was as reliable as was appropriate for the purposes for which the information was communicated.
The eIDAS Regulation defines three types of electronic signatures – simple, advanced, and qualified electronic signatures:
Simple Electronic Signature
Simple electronic signature (or electronic signature) covers all the broad types of electronic signatures as data in electronic form which are attached to or logically associated with other electronic data and serve as a method of authentication.
Advanced electronic signature
This type of electronic signature is required to meet certain specific requirements on signer identity, security, and sanctity of the signed document. The requirements specified under eIDAS are:
- Is uniquely linked to the signatory.
- Is capable of identifying the signatory.
- Is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control.
- Is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
Qualified electronic signature
The final type of signature defined under eIDAS is the Qualified Electronic Signatures (QES). While both Advanced and Qualified Electronic Signatures are uniquely linked to the signer, Qualified Electronic Signatures are based on Qualified Certificates which can only be issued by a CA which has been accredited and supervised by authorities designated by the EU member states and meet the requirements of eIDAS.