Are Electronic Signatures Legally Binding?

With SignRequest your customers are requested to sign a contract online after clicking on a link in their email. This is an alternative to, for example,  having the contract printed, signed and scanned. Due to the added documentation, the impossibility of changing the contract during the entire process and the fact that signed contracts are automatically stored in one place, e-signatures are often a more secure alternative to many conventional practices.

Are electronic signatures legally binding in the EU?

As of July 1 2016, all EU member states have adopted the eIDAS regulation, a regulation regarding the legal effect of electronic signatures.

Below is some information related to this regulation that may be useful as you determine whether SignRequest is the right tool for your particular use cases.

eIDAS Article 25: Legal effects of electronic signatures

This article states:
"An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures."

(source: Article 25 eIDAS)

During a dispute the level of proof will be important. An advanced electronic signature has higher requirements with respect to the level of proof.

eIDAS Article 26: Requirements for advanced electronic signatures

This article states:

An advanced electronic signature shall meet the following requirements:

  • a) it is uniquely linked to the signatory;
  • b) it is capable of identifying the signatory;
  • c) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
  • d) it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

(source: Article 26 eIDAS)

Below, SignRequest features are listed related to these requirements.

a. "it is uniquely linked to the signatory"

SignRequest offers the ability for users to require that a signatory authenticate with 2-factor authentication to confirm a unique link between the electronic signature and the signatory.  When a 2-factor authentication is used, it is noted on the
‘signing log’ after the document has been signed. The integrity of the ‘signing log’ is protected with a hash code.

b. "it is capable of identifying the signatory"

The SignRequest ‘signing log’ contains the following information about the signatory:

  • Email address
  • All inputs made, for example: name, date and signature
  • Ip address during signing
  • Time and date of the signature
  • Hash code of the signed document
  • Details of added attachments, for example: a picture or scan of an ID and/or bank card (optional)
  • Phone number of the signatory (optional)
  • Bank number of the signatory (optional)

Every organization should choose the information it wishes to use for identifying the signatory, weighing the degree of reliability required compared to the ease of signing.

c. "it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control"

Users can set SignRequest to use electronic signature creation data such asa signatory’s email account and phone.

d. "it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable"

SignRequest adds a hash code to the ‘signing log’ accompanying every e-signed document. A hash code is unique for every document. Therefore, even the slightest change of the document will result in a different hash code. Comparing the hash code of a document with the original hash code on the ‘signing log’ will determine the integrity of the document.

In addition, SignRequest sends the hash codes of the document and signing log by email after all parties have signed and keeps a log of these hash codes.

All documents are also sealed with SignRequest’s digital certificate.

Are electronic signatures legally binding in the USA?

There are two laws that establish the legality of e-signatures in the United States.

  1. The Electronic Signatures in Global and National Commerce Act (E-Sign Act), signed into law on June 30, 2000, provides a general rule of validity for electronic records and signatures for transactions in or affecting interstate or foreign commerce.
  2. 48 states each having its own variable version of the Uniform Electronic Transactions Act (“UETA”), addressing electronic records and signatures at a state level.

How secure are e-signatures?

There is a solid legal framework for the use of an electronic signature. Yet, sometimes one still has some doubt. In that case it is good to analyze the current state of affairs within an organization.

When contracts are currently  sent as, e.g., a PDF attachment and after printing and signing returned as a scanned document the organization has no 'wet' signature. Then there is much uncertainty about the integrity of the document. The content of the PDF sent by email can easily be modified without being noticed and a fake signature can be added.

With SignRequest, the document can not be changed without your knowledge and any added data is logged. In addition, all signed documents are easy to find so there are no more lost documents. Therefore, the use of SignRequest digital signatures may offer, in many cases, a safer and stronger security position than in the current situation of many organizations.

SignRequest's experience is that organizations using the services of SignRequest often have more evidence than in their current situation.

For more information about Dutch law please visit our Dutch page.

Disclaimer:  The information on this site is is for general information only and is not legal advice.  SignRequest does not guarantee that the information on this site is current, complete, or correct.