Now that so much government, economic, and business activity has moved from paper hard copy to digital formats electronic signature (e-signature) capabilities are more vital than ever. While most developed countries/regions have an e-signature code or act to abide by, not all as coherent as one might hope. The European Union (EU) has had Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999. That framework has turned out to be problematic in various ways and will be replaced on July 1, 2016 with a Regulation on Electronic Identification and Trust Services (eIDAS).

Directive 1999/93/EC

The framework, in place since December 1999, has been the guidelines for EU Member States with regard to e-signatures. Acceptance of international e-signatures can be challenging: the recipient may not trust that the signature is authentic, while the sender must trust that the signature will be accepted at its destination. The 1999 Directive stated that “an advanced eSignature based on a qualified certificate satisfies the legal requirements of a signature in relation to data in electronic form in the same way a handwritten signature satisfies requirements for paper-based data.” By “advanced” it means the mark is unique to the signer, and “qualified certificate” includes identification information about the source and provider. In short, the 1999 directive says that with qualifications, an electronic signature is just as valid and binding as a written one.

While the 1999 Directive was successful in binding Member States of the EU, each Member interpreted the regulations differently. This often caused confusion and lowered the efficiency that the Act sought to promote; an e-signature would have to be verified subject to multiple sets of guidelines. When the Act was adopted, its goal was to allow for easy transfers of electronic information across borders.

Electronic Identification and Trust Services

The new regulation (eIDAS) will set out to fix the problems faced by the original directive. Going even further, the eIDAS will automatically invalidate any national e-signature laws that a Member State has established that are inconsistent with the new act, instantly decreasing the potential for confusion and inefficient transactions.

Under eIDAS, people and businesses of EU Member States will be allowed to use their nationally recognized electronic identities in cross-border transactions with other countries to access e-gov services. Essentially, this allows a person or company to keep the form of electronic identification their country uses, but allows that format to be accepted by all other EU Member States. While the initial implementation will be geared toward government services, private sector businesses have the opportunity to opt-in to the regulations on a voluntary basis.

On top of the new universal acceptance of national electronic identifications, eIDAS has also developed a set of e-Trust Services (eTS), which the Regulation will adopt with the overall goal of increasing confidence in the legality of electronically signed. The main services that make up eTS consists of a few main services, including E-seals, which allow not only individuals but also corporations to e-sign a document, which makes things like e-billing easier; time-stamping to provide evidence of exactly when a transaction took place; and electronic registered delivery which will work somewhat like certified mail by identifying the recipient and when they received the document signed.

Does This Affect the U.S.?

Considering the fact that the United States is not a member of the EU, there is no real effect for business in the U.S. The United States, at the federal level, already has a framework set up in the E-Sign Act so that e-signatures can’t be denied legal qualification simply for being electronically based. For the most part, states have adopted the Uniform Electronic Transactions Act (UETA), which has essentially the same guidelines.

Conclusion

eIDAS is a big step forward in expanding efficiency, trustworthiness, and confidence in electronic transactions. With the removal of previous barriers to cross-border transactions, electronic data transfer of secure information in the EU will become much easier starting in July 2016.

Image courtesy of Flickr user Gardyloo2011

Why Electronic Signature Law Matters for US E-Commerce

Cross-border e-commerce has made electronic signatures a daily operational reality for businesses of all sizes. Purchase orders, service agreements, employment contracts, software licenses, and non-disclosure agreements are routinely executed electronically — often with no paper ever changing hands. The legal validity of those signatures, however, depends entirely on which legal framework applies: the jurisdiction where the business is incorporated, the jurisdiction where the customer or counterparty is located, or the jurisdiction whose law governs the contract.

For US businesses dealing with EU counterparties after eIDAS, understanding both the US and EU frameworks — and where they align and diverge — is essential to ensuring that electronically signed agreements are legally enforceable on both sides of the Atlantic.

The US Framework: ESIGN and UETA

The United States has two overlapping federal and state frameworks governing electronic signatures. The Electronic Signatures in Global and National Commerce Act (ESIGN), 15 U.S.C. §§ 7001-7006, is the federal statute. It establishes that electronic signatures, contracts, and records may not be denied legal effect solely because they are in electronic form. ESIGN applies to transactions in or affecting interstate or foreign commerce.

The Uniform Electronic Transactions Act (UETA) is a model state law that has been adopted, with some variations, by 49 states and the District of Columbia. UETA covers electronic transactions not subject to ESIGN and provides the same foundational principle: electronic signatures are legally equivalent to handwritten signatures.

Under both ESIGN and UETA, an electronic signature is broadly defined as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” This means that clicking an “I Agree” button, typing a name at the bottom of an email, using a stylus on a tablet, or using a dedicated e-signature platform like DocuSign or Adobe Sign all qualify as electronic signatures, provided the intent to sign is present.

eIDAS’s Three-Tier Signature System

Where the US framework is essentially technology-neutral — treating all electronic signatures as equivalent regardless of the technology used — eIDAS establishes a three-tier hierarchy of electronic signatures, each with different legal effects and identity verification requirements:

• Simple electronic signature (SES). The baseline level — the equivalent of the US definition. An SES is data in electronic form attached to or associated with other data and used by the signatory to sign. It has no specific technical requirements, and its legal weight depends on the context and applicable national law. A typed name at the bottom of an email is an SES.
• Advanced electronic signature (AES). An AES must meet four requirements under Article 26 of eIDAS: it must be uniquely linked to the signatory; capable of identifying the signatory; created using data under the signatory’s sole control; and linked to the signed data in such a way that any subsequent changes are detectable. AES signatures are created using cryptographic public/private key pairs and are commonly used in high-value commercial transactions.
• Qualified electronic signature (QES). The highest tier. A QES is an AES created with a “qualified electronic signature creation device” and based on a “qualified certificate for electronic signatures” issued by an EU trust service provider listed in the national Trust List of an EU member state. Under Article 25(2) of eIDAS, a QES has the equivalent legal effect of a handwritten signature throughout the EU. This is the standard required for documents that must be signed “by hand” under EU law — real estate transfers, articles of incorporation, notarial acts, and similar high-stakes documents.

Practical Implications for US E-Commerce Businesses

For most US e-commerce businesses, the practical impact of eIDAS is limited but real. Most routine commercial agreements — terms of service, service agreements, standard purchase orders — can be executed using an SES and will be recognized as valid under both ESIGN/UETA and eIDAS. The risk of signature-related disputes in ordinary commercial transactions is low as long as the parties intended to be bound and there is a clear electronic record of the agreement.

However, US e-commerce businesses dealing with EU partners on high-value contracts — real estate, financial instruments, employment agreements in jurisdictions with specific formal requirements — may encounter situations where a QES is legally required. In those cases, obtaining a qualified certificate from an EU trust service provider and executing the agreement with QES-compliant software is the only way to ensure full legal validity throughout the EU.

Beyond formal validity, businesses should also consider the evidentiary weight of different electronic signature types. In litigation, the party seeking to enforce an electronically signed agreement must be able to prove that the person who purportedly signed actually did so. QES signatures are designed to be legally presumed to be the act of the identified signatory. SES signatures may require additional evidence — email headers, IP addresses, access logs — to establish the signer’s identity. Investing in a more robust electronic signature platform that generates a detailed audit trail is often worth the cost when agreements are significant.

Trust Service Providers and the EU Trust List

eIDAS created a framework of supervised Trust Service Providers (TSPs) that issue qualified certificates, provide qualified time-stamping services, and offer other trust services recognized across the EU. Each EU member state maintains a national Trust List identifying the TSPs operating within its jurisdiction. The European Commission maintains a consolidated EU Trust List drawing on all national lists. US companies that need QES capability for EU transactions must obtain their qualified certificates from a TSP on this list — US-based certification authorities do not automatically qualify.

For US businesses that regularly execute contracts with EU counterparties requiring QES, establishing a relationship with an EU TSP — or using an e-signature platform that integrates with multiple EU TSPs — is the most practical approach.

Talk to an Attorney

Electronic signature law is deceptively complex when transactions cross borders. A signature that is fully valid under US law may not carry the same legal weight in the EU, and vice versa. If your business regularly executes contracts with EU counterparties — particularly in high-value or heavily regulated sectors — you need to understand which electronic signature standard applies and whether your current systems meet it. Revision Legal’s internet attorneys advise businesses on electronic contracts, signature validity, and cross-border commerce. Contact us through the form on this page or call 855-473-8474.