E-signature validity: 4 key requirements to know

It's become much less common these days to need to physically write out your name. Wireless credit cards and chip readers have replaced the need to sign your name on credit card slips. Many Americans don't own a checkbook, let alone ever sign a check. And even many work forms, filled out on-site with an HR rep present, are signed using electronic technology.

E-signatures are widely used today—for rental agreements, purchase offers, and other contracts—rendering the old-fashioned John Hancock nearly obsolete. For most transactions that require a signature, an electronic signature will almost always do. In many instances, an electronic signature is preferred to a handwritten one, as it's easier to procure and leaves a clearer audit trail.

Yet with all the ease of using an electronic signature, or eSignature, you may wonder if it's actually legally binding and what makes it so.

Rest assured, an electronic signature carries the same weight as a handwritten signature for business transactions in the United States—along with much of the industrialized world. But for certain documents within the U.S., a handwritten signature is mandated. Additionally, for an electronic signature to be legally valid, it must meet certain requirements.

This article will cover the four requirements for an e-signature to be considered valid in the United States. We'll discuss the laws that govern e-signature validity and some notable exceptions. We'll also cover laws governing electronic signatures in jurisdictions outside of the U.S.

What are the requirements for an electronic signature to be legally valid?

In the U.S., there are four main requirements for an electronic signature to be recognized as legitimate and valid.

These requirements are:

• Intent to sign: Each individual or party whose signature is required must demonstrate a clear intent to sign the document. A third-party eSignature software, like Blueink, can easily satisfy this requirement by sending the signer an invitation to sign a specific document. The recipient clearly accepts that invitation before proceeding to sign. 
• Consent to conduct business electronically: All parties involved must consent to conduct business electronically. Different standards of consent apply to consumers and businesses, and consumers must be provided with specific disclosures when their consent is solicited.
• Record of signature: There must be an electronic record (proof) of the e-signing event captured by the software that generates the signatures. This record logs every step of the transaction, notably the signer opening the document, adopting a signature, signing, and then receiving a timestamped copy of the form.
• Retention of records: Signature records must be properly retained for the timeframe required by law, with records accessible to all applicable parties. Documents must be retained in a secure, tamper-proof manner that respects consumer privacy.

Blueink's e-signing solution exceeds these requirements, ensuring compliancy with the guidelines outlined in the E-Sign Act.

What are the laws governing e-signatures?

In the United States, two different laws govern e-signatures. 

These two laws are:

• Uniform Electronic Transactions Act (UETA)
• Electronic Signatures in Global and National Commerce Act (E-SIGN)

The Uniform Law Commission introduced the UETA in 1999. This act makes e-signatures the legal equivalent of manual or handwritten signatures, thereby removing barriers to electronic commerce. Every state except for New York has adopted the UETA. The Empire State has passed its own state-equivalent legislation making e-signatures legally binding in New York.

A year later, Congress passed the E-SIGN Act (often stylized E-Sign Act). This 2000 act legally recognizes electronic signatures, electronic forms, and online records used in interstate or foreign commerce, if all contractual parties consent to the use of electronic documents and e-signatures.

What does an electronically valid signature look like?

An electronic signature can take many forms. Often, it's your name typed into a signature field on an electronic form. Or, you may use your figure or stylus to trace-write your name.

There are no rules for an e-signature's appearance. Just as you can sign a contract with an "X" or other doodle marks, your electronic signature could resemble an X or illegible squiggles. In some instances, clicking "I Agree," entering a password, or providing a personal identification number (PIN) may be regarded as an e-signature.

Are electronic signatures always valid?

There are some exceptions to the e-signature laws where a handwritten signature is required.

Some of these exceptions are as follows:

• Wills and testamentary trusts
• Family law issues, such as adoption orders and divorce decrees
• Court documents (i.e. briefs, judgments, pleadings, court orders)
• Utility cancellation notices (electric, water, sewer, gas)
• Insurance cancellation notices (health or life insurance)
• Product recall notices (issued by government agencies, retailers, manufacturers, or distributors)
• Notices of eviction or foreclosure

These exceptions are designed to offer additional protections to consumers where one party is taking (potentially) adverse action against another.

There are also other scenarios where an electronic signature must meet additional requirements—other than the four main ones established by the E-Sign Act—in order to be valid.

As an example, the U.S. Food and Drug Administration (FDA) accepts electronic signatures, but the agency imposes more rigorous criteria for the collection and storage of such records.

Blueink is compliant with all FDA e-signature requirements established in Title 21 CFR Part 11 Subpart C. Blueink also conforms to HIPAA, FERPA, Sabanes Oaxley, and PCI DSS guidelines.

Are there state-specific e-signature requirements?

Yes, some states impose their own requirements governing the validity of electronic signatures.

Here are some notable examples:

• Arizona: The Arizona Electronic Transactions Act (AETA) is a state-amended version of the UETA and incorporates language to address blockchain technology.
• California: Requires digital signatures to meet the standards outlined in the California Code of Regulations, and signatures must be created with "acceptable technologies."
• Nevada: Title 59 specifies language to define blockchain technology and address its usage in the creation and storage of electronic records.
• New York: The state has enacted its own version of the UETA, the Electronic Signatures and Records Act (ESRA).

Additionally, it's worth noting that most states do not recognize e-signatures for wedding, birth, or death certificates.

What are common concerns with using e-signatures?

While widely adopted, businesses and consumers hold lingering concerns about electronic signatures. (Source note for editor: https://founderslegal.com/the-legality-and-security-of-electronic-signatures-four-key-aspects-for-e-signature-enforceability/)

Forgery

Document integrity is a concern with any signature, whether handwritten or digital. Although an electronic signature may be produced using a common font, an e-signature is much more secure. Robust digital certificates and audit trails prove the legitimacy of an e-signature, including capturing the signer's email, IP addresses, and timestamps to prove how the document was accessed and signed.

Document tampering

As with forgery, document manipulation is a concern for print or electronic forms. Documents are significantly safer when using an e-signature technology such as Blueink, as there are robust security measures to prevent unauthorized users from viewing the document. After all parties sign, no one can make further edits. Unique IDs, encryption, and detailed audit trails ensure document integrity.

Adhering to state-specific laws

Different states do have different admissibility (in courts) standards for e-signatures, however, a reputable third party can alleviate those concerns. An eSignature provider is a neutral third party that uses advanced security measures to safely obtain and store digital signatures and records, with digital certificates to prove the document's integrity.

What about other jurisdictions?

Other non-U.S. jurisdictions have their own laws governing electronic signature technology, but the basic principles around security and integrity remain. As an example, we'll explore the European Union and Canada.

European Union

The European Union (EU) enacted electronic signature legislation in 2014 called the electronic IDentification Authentication, and Trust Services (eIDAS).

The eIDAS outlines minimum standards for the recognition of digital signatures, including what constitutes a valid digital certificate. Overall, the eIDAS promotes the usage of electronic signature technology and gives it the same legal weight as a wet-ink signature.

To be eIDAS-compliant, a digital signature must meet these requirements:

• Identity: All transacting parties can be properly identified and validated.
• Intent: All parties have demonstrated an understanding of the document's content and expressed a clear intent to sign.
• Reliability: This means the electronic document is reliable and secure with no unauthorized access, in such a way that the document cannot be improperly deleted, modified, or tampered with.

Canada

The Canadian government offers a loose set of guidelines on using electronic signatures, but there is no uniform set of standards. In many scenarios, a typed name at the end of an email can qualify as an electronic signature if it meets certain other criteria, notably identity, consent, and intent.

In addition to keeping a strong digital audit trail, here are some recommended guidelines for the usage of e-signatures in Canada:

• Intent to sign: Establish a signer's clear intent to sign a document. Having a user click "I agree" is one way to accomplish this.

• Consent to electronic communications: If all parties have given clear, explicit consent to send and receive electronic documents, this can strengthen the case for an eSignature's validity in the event of any dispute.
• Authentication: Here, the Canadian Security Establishment (CSE) provides some guidance, emphasizing the use of algorithms, keys, digital certificates, and an audit log.
• Record retention: The CSE also recommends using retention periods based on the Assurance Level of the document. Generally, Assurance Level 3 will apply to business or government-related documents. (The Canadian government issues Assurance Levels 1-4, with 4 being the most secure.)

While the requirements for an electronic signature to be legally valid can vary from country to country, or even within the United States, four common general principles abide that relate to intent, consent, (authentication), and proper record retention.

By using a third-party eSignature solution for document creation and management, you can exceed these standards and confidently do business.

‍