A Legal Overview of E-signatures and EthSign’s Compliance
E-signature legality around the globe
As large swaths of the business world recognize and embrace the convenience and flexibility of electronic signatures, one critical problem to consider is the legality and validity of e-signature across different jurisdictions and in specific scenarios.
Broadly speaking, e-signature laws in different countries can be divided into two categories: technology-neutral laws and tiered-model laws.
Technology-neutral laws are also known as minimalist or permissive laws, which tend to adopt a broad definition of electronic signatures and do not stipulate specific technical requirements (e.g. security technologies like PKI-based digital certificate, cryptographic protocols) that e-signatures must meet in order to be legally binding and enforceable.
Jurisdictions that adopt technology-neutral e-signature laws include the United States, Canada, China, Australia, New Zealand, Cayman Islands, and BVI. Subject to certain exceptions, which we will discuss later in this article, e-signatures in these jurisdictions carry the same (or similar) legal weight as handwritten signatures as long as they satisfy general requirements of the specific country’s law.
In the U.S, for instance, the E-Sign Act and the Uniform Electronic Transactions Acts (UETA) define “electronic signature” as “an electronic sound, symbol, or process, attached to or logically associated with a contract or record and executed or adopted by a person with the intent to sign the record.” Therefore, for electronic signatures to be qualified under U.S. law, signers have to demonstrate their intent to sign the document, and the signature must be electronically connected to the corresponding document signed and cannot be transmitted to anyone else or onto any other document.
Tiered-model laws, on the other hand, set stricter requirements for e-signatures to be legally recognized. Jurisdictions adopting tiered model laws typically provide stronger legal presumptions to signers who use approved authentication or security technologies, which generate a more secure type of e-signatures, known as digital signatures*. Some jurisdictions may also require digital signatures to be verified by a Certificate Authority (CA)/Trust Service Provider (TSP). Nevertheless, tiered-model laws typically leave signers free to agree on the type of e-signatures they use when doing business and rarely would courts deny the validity of e-signatures solely on the grounds that they are not digital signatures or backed up by digital certificates.
*Note: “digital signatures” is not a legal term, rather a specific technology implementation of electronic signatures that use algorithms to protect the integrity and authenticity of the signature and the signed document.
Tiered model laws are enacted by the European Union and many Asian jurisdictions including Singapore and Hong Kong. As an example, the European Union adopted the Electronic IDentification Authentication and trust Services (eIDAS) regulation in 2016. An EU-wide legal framework, the eIDAS divides e-signatures into three tiers: simple electronic signatures (SES), advanced electronic signatures (AES) and qualified electronic signatures (QES). Among the 3, QES must be backed by a qualified certificate, issued by approved trusted service providers and is considered the legal equivalent of handwritten signatures.
Notably, e-signatures are not legally admissible for certain kinds of use cases. In the U.S., these exceptions include court orders, power of attorney, wills, and family law documents such as adoption and divorce agreements. Bank deposit, mortgage and some other promissory notes also require handwritten signatures from the parties and are excluded from the coverage of E-Sign Act. Exceptions in other countries and jurisdictions are varied and should be considered on a case-by-case basis.
EthSign Compliance and Features
Under technology-neutral laws :
EthSign easily satisfies and exceeds general requirements of simple or standard e-signatures under virtually all technology-neutral laws.
Using U.S. law as an example:
- EthSign helps users show intent by having them either add a signature or click to sign the agreement;
- Users show consent by having signers accept a standard or customized agreement before opening and signing the document;
- Furthermore, EthSign’s cryptographically secure workflow can ensure that a signature is logically associated with the electronic record (i.e.,the signed document). This is because when using EthSign, users are essentially signing a hash that combines the storage content ID of the document, that of any overlaid annotations, and the index of the document’s signing fields. Any mismatch of the above three will lead to an error detected by our algorithm,so the e-signature cannot be transmitted to anyone other than the signer.
- Lastly, the electronic records are permanently stored in IPFS and Arweave, satisfying the record retention requirement.
It is worth pointing out that under U.S. law, there is no specific requirement regarding signer-identification or association of the signature with the signer, which is an important and necessary requirement that many tiered-model laws specify.
Under tiered-model laws :
As a decentralized signing platform, EthSign does not collaborate with any third party trust-service provider or government agencies to verify the signer’s identity or issue certificates. This means our e-signatures would not qualify as qualified electronic signature(QES) under EU’s eIDAS framework or QES-equivalent in other jurisdictions.
However, EthSign does comply with advanced electronic signature (AES) requirements under eIDAS. For e-signatures to qualify as AES, eIDAS requires unique signer identification and asks that signatures be linked to the data signed in a way that any subsequent data change is detectable.
The legal language here is formulated in a technology-neutral way and therefore does not necessarily require identity verification via government-issued credentials. As the world is migrating to the Web 3.0 stage, all forms of online identity can be used to verify one’s identity, including emails, phone numbers, and even public and private keys, thus enabling EthSign to satisfy the identification requirement without collecting or storing critical user information such as name, facial ID and government ID.
Furthermore, EthSign deploys the elliptic curve digital signing algorithm (ECDSA), which can easily verify and detect subsequent data change made after signage: when given the data hash used for signing, ECDSA will return a public key that matches with the public key of the signer. If, however, changes are made to the data after signing, the return address from ECDSA will also change unpredictably, leading to a mismatch with the signer’s public key. Since the 256-bit hash of a piece of data is entirely unpredictable, EthSign essentially relies on the backbone of all modern cryptography to ensure our signature is tamper-proof.
Factors to consider when using E-signatures
Moving on from here, we have several suggestions to EthSign users concerning compliance and legality.
- Choose the governing law: It is more preferable to choose those jurisdictions adopting technology-neutral laws as they are more likely to embrace newly developed technologies and recognize blockchain-based e-signatures as legally binding and enforceable. Notably, many states in the U.S. (including Arizona, Vermont, and North Carolina) have passed amendments recognizing blockchain-backed e-signatures; e-signatures and electronic records are also widely recognized in China, where the Supreme People’s Court has recently approved the use of electronic records stored on blockchain as court admissible evidence.
- Gain consent to use e-signatures: Parties should include explicit language in contracts and terms of agreements to agree on the use of e-signatures as legal equivalent of handwritten signature.
- Determine whether subject matter of the contract is appropriate for e-signatures: Take note of important exceptions such as mortgages and promissory notes where using e-signatures to sign those documents will not be legally recognized. For these use cases, EthSign can leverage blockchain technologies to give users greater flexibility: EthSign gives businesses easy access to smart contract-based innovations and is actively integrating with other DeFi protocols, allowing our users to make deals on-chain in a secure manner and potentially avoid certain statutory restrictions of e-signature laws.
Heather Zhou (EthSign’s Legal Researcher) is a Juris Doctor Candidate at Harvard Law School
Your inputs about our product are valuable to us, provide feedbacks here
[Twitter] [Discord] [Youtube] [Gitbook]
References:
[1] Mark Tibberts (Baker&McKenzie), How to Execute Contracts Electronically While Working From Home (30 March 2020)
[2] U.S. Congress, Electronic Signatures in Global and National Commerce Act
https://www.govinfo.gov/content/pkg/PLAW-106publ229/html/PLAW-106publ229.htm
[3] European Commission eIDAS Regulation
https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation
[4] Carey Olsen, The legal validity of electronic signatures in Bermuda, the British Virgin Islands and the Cayman Islands
[5]Singapore Status, Electronic Transactions Act
https://sso.agc.gov.sg/Act/ETA2010
[6] Zegal, Global E-signing Handbook https://ts5mapnq9e48izo12znjei1n-wpengine.netdna-ssl.com/wp-content/themes/FoundationPress/ebooks/e-signatures/Zegal%20Global%20E-signing%20Handbook%20-%20Country%20by%20country%20guide.pdf
[7] National People’s Congress of China, China’s Electronic Signature Law (中华人民共和国电子签名法)
http://www.npc.gov.cn/wxzl/wxzl/2004-10/20/content_334609.htm
[8] Adobe, Brexit briefing: What is the impact on electronic signature laws in the UK?
[9] Ascertia, Basics of Digital Signatures & PKI
https://www.signinghub.com/wp-content/uploads/2017/05/Basics-of-Digital-Signatures-and-PKI-s.pdf
[10] Supreme People’s Court of China, Rules for Online Litigation in People’s Court (人民法院在线诉讼规则)
