Companies and organizations in every industry are recognizing the value of integrating electronic signatures into applications and internal workflows to reduce paper, speed transactions, and provide a better user experience for signing processes. Instead of using third-party services such as DocuSign or Adobe Sign, organizations want to embed electronic signatures into internal enterprise applications or commercial products.
In this article, you'll learn everything you need to know about the legal aspects of electronic signatures, digital signatures, and the online signing process.
Definition: What is an Electronic Signature?
Digital signatures represent a variety of methods for signing and authenticating digital documents.
In the law of the United States, the Federal ESIGN Act of 2000 defines electronic signatures as follows:
The term "electronic signature" means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
In Europe, the eIDAS regulation has the following definition for electronic signatures:
Electronic signature means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
Replacing the handwritten signature with a secure electronic substitute is the goal of both regulations.
In both cases electronic signatures are defined as a process used by signers to mark a digital document where the signature must be logically associated with both the document and the signer.
Types of Electronic Signatures
Many different types of electronic signatures have been introduced, depending on the legal requirements.
Simple Electronic Signature (SES)
This "everyday" transaction signature type is the most basic model for processes that don't require signer authentication or verification. For processes that can use this type of signature, it is sufficient to know the signer's e-mail address or that they received a unique access code by e-mail before signing.
Sample: Sales agreements.
Advanced Electronic Signature (AES)
AES includes additional user authentication steps where users are asked to provide a valid document as proof of their identity. Additionally, a unique access code is generated after the signing process. For advanced signatures, a digital certificate must also be generated as part of this transaction for attachment to the document or envelope.
The eIDAS defines that the signature must be:
- is uniquely linked to the signatory.
- able to identify the signer of the document.
- created using data to create an electronic signature that can be used by the signer with a high degree of confidence and under his or her sole control.
- linked to the data signed with it so that any subsequent changes to the data can be detected.
Qualified Electronic Signature (QES)
This type of electronic signature is exclusive to the EU and has no equivalent in the United States.
A qualified electronic signature includes the above requirements of SES and AES, but adds additional requirements to the device that is used to sign. This implies that the devices must be purchased from a certificate authority that is authorized by the EU and used in the signing process.
Developer Libraries from Text Control
What is Covered by TX Text Control
TX Text Control provides the technical implementation for capturing signers' electronic signatures and applying them, including digital signatures (certificates), to documents, including PDFs. Some of the parts that are required by the above mentioned laws are not automatically covered by the TX Text Control. The reason for this is that the TX Text Control libraries are used for the creation of software solutions and are not themselves end-user software.
In order to implement a legally compliant electronic signature workflow, the following aspects must be implemented in the end-user software or portal:
- Creation of digital certificates (that are applied to signature fields by TX Text Control)
- IP address capture (to attach additional data to the envelope)
- Requirements for account creation and login
- Two-step verification for the signer
Compliant Sample Implementation
A sample implementation that complies with the law discussed above can be found here: