Digital Signatures: The Law and Best Practices for Compliance
The Law and Best Practices For compliance
Electronic/Digital Signature Legislation
Disclaimer: ARX is not a law firm and does not provide legal advice.
We make no warranty, express or implied, concerning any
interpretation of laws and regulations or its reliability as presented
here or of the content on websites cited in this presentation.
Electronic vs. Digital Signatures
Legally defined as an electronic sound, symbol (e.g., a graphic
representation of a person in JPEG file), or process, attached to or
logically associated with a record, and executed or adopted by a person
with the intent to sign the record.
Some of the solutions that fit this legal definition can be very
problematic with regards to maintaining integrity and security, and
especially a good business policy or practice.
Digital signatures :
Digital signatures, often referred to as advanced or standard electronic
signatures, provide the highest form of signature and content integrity
as well as universal acceptance.
Digital signatures help organizations sustain signer authenticity,
accountability, data integrity, and non-repudiation (a signer cannot later
deny their participation in a transaction they signed) of electronic
documents and forms.
US/EU Federal and State Statutes
Uniform Electronic Transactions Act (“UETA”) – 1999
Electronic Signatures in Global and National Commerce Act (“E-Sign”) –
EU Directive for Electronic Signatures – 1999
These Acts give legal force and effect to electronic or
Uniform Electronic Transactions Act (UETA)
SECTION 7. LEGAL RECOGNITION OF ELECTRONIC RECORDS,
ELECTRONIC SIGNATURES, AND ELECTRONIC CONTRACTS.
(a) A record or signature may not be denied legal effect or
enforceability solely because it is in electronic form;
(b) A contract may not be denied legal effect or enforceability solely
because an electronic record was used in its formation;
(c) If a law requires a record to be in writing, an electronic record
satisfies the law;
(d) If a law requires a signature, an electronic signature satisfies the
ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE
ACT (aka E-Sign) at: http://frwebgate.access.gpo.gov/cgi-
Mirrors various provisions of UETA (which preceded it)
section a) says electronic signatures and documents are legal;
section b) this act does not override other acts that may mandate use
of paper-based transactions;
section c) “Consents” outlines what the parties must agree, and
declare they agree(d), to use of electronic signatures/contracts
between them; important in B2C and B2B scenarios.
State Compliance with UETA
46 US States (+ DC, Puerto Rico, and the Virgin Islands) have
adopted UETA. http://www.ncsl.org/programs/lis/CIP/ueta-statutes.htm
Georgia; Illinois; New York; Washington have other statutes pertaining
to electronic transactions
(GA: Ga. Code Ann., § 10-12-1; IL: 5 ILCS 175/1-101; NY: NY CLS State Technology § 301
et seq.; WA: http://apps.leg.wa.gov/RCW/default.aspx?cite=19.34)
The US Federal Act, E-Sign, governs if disputes cannot be
settled at the state level.
Note: US courts seem to be so routinely admitting electronic signatures
due to the E-Sign Act that it is unnecessary for them to write a written
opinion actually going through the analysis under the statute. In a sense,
the statute is doing its job by obviating the need for any court to think
twice about whether an electronic signature could be admissible
(assuming it met all the other rules of evidentiary procedure).
EU Directive for Electronic/Digital Signatures
Directive 1999/93/EC Of the European Parliament and of the
Council of 13 December 1999 on a community framework for
The directive indicates standard digital signatures are required,
without explicitly saying so (wanting to appear technology neutral).
All EU Member States have adopted this directive with local
legislation, as of 2003.
EU Member States are not allowed to add additional requirements to
those in the directive.
EU VAT Directive 2001: Council directive 2001/115/EC:
Directive for electronic invoices calls for electronic signatures as
defined by the 1999 directive for electronic signatures.
US and EU law accept electronic and digital signatures but state
nothing of specific technology choices.
US law allows for a broad definition of electronic signature.
EU law narrows the definition and implies that digital signatures
should be used.
Regulations in specific industries tend to lean toward digital
The courts are concerned with:
Was a policy/procedure followed consistently in the
execution of routine business?
Best Practices for Digital Signature Deployment
A legally enforceable digitally signed record should have:
Attached to signed information
Uniquely linked to the signer
Capable of identifying the signer
Been created using means signer maintains under his/her control
Verifiable by anyone at anytime
Anyone at anytime should easily be able to detect changes to signed
Digital signing should be part of a standard automated organizational
There should be a clear audit track
When are Digital Signatures Needed?
When proof of identity, intent, and integrity is needed
Audit and regulatory requirements
Particular to industry/geography
Inside and outside the organization
Now and in the archive
CoSign Digital Signature Compliance
CoSign creates legally enforceable digital signatures in
accordance with UETA, 15 U.S.C. 7001 (E-Sign) and EU
Directives 1999/93/EC and 2001/115/EC
The Cosign digital signature solution, when implemented with a
proper organizational policy, can comply with:
FDA Title 21 CFR Part 11 (Life Sciences)
Most states’ PE boards (Engineering)
EU VAT Directive
SAFE BioPharma Association
United States Department of Agriculture (USDA)
The CoSign digital signature solution
automates your signature-based approvals
compliantly and affordably, allowing you to
cut costs and expedite business processes.
For more information, please contact
John Marchioni, VP Business Development
Tel: (415) 839 8161