How to create an eSignature for a paperless world – Step by step

Acronis
Table of contents
Acronis True Image
formerly Acronis Cyber Protect Home Office
Other languages available: Deutsch Español (Spain)

This article discusses eSignatures, their types, legal status in different regions, and associated regulations and compliance requirements. It also provides a step-by-step guide on creating an eSignature and highlights the associated best practices.

The continued shift toward a digital future has led corporate organizations and individuals alike to search for more efficient and cost-effective tools, one of which is the electronic signature. An electronic signature provides a simple and secure way of electronically signing documents such as contracts, forms, and agreements while eliminating the need for printing and physical signatures. This enables signatories to complete document transactions remotely.

What is an eSignature?

An eSignature is a digital image of an individual’s handwritten signature. It is used to sign electronic documents to confirm a signer's identity, consent, and agreement to a document's terms. Legally recognized in many countries, you can create an eSignature with specialized software or via an online platform.

ESignatures are widely used in modern business environments due to their convenience, security, and environmental benefits. The ability to sign and send documents electronically without a physical ink signature has proven essential for businesses that want to stay competitive in a world gravitating toward remote-first work culture.

Why eSignatures are essential

ESignatures play a key role for individuals and corporate organizations for the following reasons.

Improved efficiency

ESignatures eliminate the need for physical paperwork in the document signing process, allowing for immediate signing and a faster process overall. With eSignatures, documents can be signed and returned electronically, even if the signatories are in different locations.

Reduced paper usage

With the ever-increasing clamor for waste eradication, sustainability, and an eco-friendly business culture, limiting the use of paper has become vital. Moreover, paper documentation can be lost, destroyed, or damaged, leading to operational challenges for organizations. All these concerns can be addressed through the adoption of eSignatures.

Enhanced security

ESignatures, due to their encrypted nature and the use of authentication measures, are more secure than their traditional counterparts (which can be forged with ink). For instance, some platforms require signers to provide additional information, such as a photo ID or a unique code sent to their phone, to confirm their identity.

Improved accessibility

ESignatures can be appended from anywhere and at any time. This makes it easier for signatories who are not physically present or have mobility disorders to sign the needed document. ESignature technology is also relatively simple and straightforward to use, meaning there is no steep learning curve to signing documents.

Cost savings

ESignatures help businesses reduce overhead expenses and increase productivity since they can operate remotely. They also eliminate courier, printing, and storage fees.

Types of eSignatures

There are various types of eSignatures, each with its own level of security and typical use cases. The most common are presented in this section.

Simple electronic signatures

A simple or basic electronic signature is a direct equivalent of a signature that is handwritten. It can be anything from a typed name or scanned image of a physical signature to a checkbox. Signatories may even use a stylus or their finger on a touchscreen device to create an image of their signature.

Although they are the easiest to use, simple eSignatures lack the security features offered by their more advanced alternatives. They are thus best suited for low-risk, non-sensitive documents, such as for signing off on internal memos, accepting website terms and conditions, or confirming online purchases.

Advanced electronic signatures

An advanced electronic signature offers additional layers of security by implementing authentication and verification protocols. These eSignatures are based on public key infrastructure (PKI) technology, which involves a digital certificate issued to an individual or organization and a biometric component to prove the signer's identity.

With this type of eSignature, people can sign documents with unique digital identifiers that include secure digital signatures and seals. An advanced electronic signature will meet most regulatory requirements in various countries and is thus considered legally binding. It is often used for compliance purposes, such as signing contracts or financial documents.

Qualified electronic signatures

These are based on PKI technology and backed by a digital certificate from a trusted certificate authority. A qualified electronic signature provides the highest level of identity verification and security, requiring digital certificates that comply with specific legal requirements. It is superior to an advanced electronic signature in that it verifies the signer's identity and has to be issued by a qualified trust service provider (QTSP).

A qualified eSignature is often used in legal and other high-stakes transactions, such as confidential agreements or financial transactions. It complies with the strictest regulatory requirements worldwide, including the European Union's eIDAS regulation.

Your choice of eSignature type will be determined by the sensitivity of the document, the regulatory compliance requirements, and the level of security necessary. Thus, organizations must carefully evaluate their eSignature needs and select the appropriate technology to meet their specific requirements.

Legal frameworks for eSignatures

There are various international laws and conventions that have established common standards for electronic signatures across different jurisdictions. The legal recognition of eSignatures secures business transactions and enhances cross-country business relationships. Here are some of the existing legal frameworks on eSignatures.

The United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce

This instrument was developed to promote the expansion of electronic commerce and the uniformity of transaction-related legal frameworks worldwide.

The United Nations Convention on the Use of Electronic Communications in International Contracts

This convention sets out rules for using electronic communications, including eSignatures, in international contracts. It seeks to establish the use of electronic signatures, reduce barriers to international trade, and promote legal certainty in digital transactions.

The European Union's eIDAS Regulation

This regulation establishes a legal framework for electronic identification, authentication, and signatures across the EU. Among other obligations, it sets out requirements for the use of eSignatures, provides a consistent legal framework for their recognition in the EU, and creates a secure and interoperable environment for their use.

The U.S. Electronic Signatures in Global and National Commerce Act (ESIGN Act)

This act legalizes eSignatures and contracts in all U.S. states and the District of Columbia. It provides a legal framework for electronic signatures and electronic records in the context of interstate and foreign commerce. It also recognizes electronic signatures as legally binding and admissible in court.

The Uniform Electronic Transactions Act (UETA)

UETA outlines laws related to electronic transactions, including the use of eSignatures. It seeks to establish legal equivalence between electronic records and their paper-based counterparts. UETA recognizes electronic signatures as equivalent to handwritten signatures and sets forth the legal scope of their use in various industries across all U.S. states. It declares that an electronic signature is valid if it is “attributable to a person” and is “intended to serve as a signature.”

UETA does not replace existing laws mandating a physical signature. Thus, UETA does not apply to wills, property title transfers, and other documents that legally require a handwritten signature.

The Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA is a Canadian legal framework for the protection of personal information in the context of e-commerce, including the use of eSignatures. This act outlines the rules for the collection, use, and disclosure of personal information in commerce. It includes provisions for electronic signatures and transactions, recognizing their legal validity in certain circumstances as long as they meet the legal requirements for eSignature usage best practices.

The Singaporean Electronic Transactions Act (ETA)

The Singaporean ETA is a codified law that guides the use of electronic signatures in Singapore. Several countries and continents have their own ETAs. An ETA recognizes electronic signatures as legally valid and enforceable. Within its framework, an electronic signature is defined as any electronic sound, symbol, or process that is attached to or associated with an electronic record and is intended to represent the author’s signature.

The provisions of the ETA are also technology-neutral, meaning that any technology can be used as long as it meets the legislative requirements. One key feature of this ETA is that it provides for the creation of a “secure electronic signature,” which is a digital signature backed by a certification authority recognized by the Infocomm Development Authority of Singapore (IDA). A secure electronic signature is also admissible as evidence in court proceedings.

It is essential to comply with current electronic signature laws, as they provide assurance to all parties that eSignatures are legally valid and can be enforced in court if necessary.

Steps for creating an eSignature

Creating an eSignature is simple and straightforward if done properly. Six important steps to follow are presented below.

Choose an eSignature provider

Do your research to find an eSignature provider with a reliable and secure platform that meets your specific needs.

Create an account

Sign up for an account with your chosen eSignature provider. They will typically ask for your name, email address, and a password.

Verify your identity

Depending on your provider, you may need to verify your identity before you can start signing documents electronically. This could involve providing a government-issued ID or answering security questions.

Upload or create your signature

You can either type out your signature or use your computer's mouse or touchpad to create a signature that looks like your handwritten signature. Alternatively, simply upload a photo or scan of your physical signature.

Upload a document

Once you have a signature created, you can start signing documents electronically. This is done by uploading a document to your eSignature provider's platform. While preparing a document for signing, some platforms allow you to add other required signatories. You will need to input their names and email addresses for verification and authentication purposes.

Sign the document

You can add your signature to the uploaded document by placing or dragging your saved digital signature into the signature box or other space provided. After this, you can send the document back to the original party, or if you created it, send it to other parties to append their signature(s) as well. If you do the latter, they will receive a link to the document via email. Some providers may allow you to add additional information, such as your initials or other identifying information.

Save the document

After the document has been signed by all parties, it will be saved to your account to be accessed and downloaded at any time. You can also print it out if needed.

Best practices for eSignature security

For maximum eSignature security, you should implement the five best practices presented below.

Choose a reputable eSignature provider

It is critical that your provider has a proven track record of proper authentication and encryption services. This ensures that your eSignature solution is reliable, trustworthy, and secure.

Factors to Consider when Choosing an eSignature Provider

The provider's reputation

Conduct thorough research and read reviews from other clients regarding the provider’s reliability and the quality of their service.

The platform’s features

The selected platform must have enough features to fit your business workflows. For instance, bulk signing, cloud storage, and multi-signature workflow features are essential functionalities.

Security

Assess the platform’s security features thoroughly. Check for authentication, encryption, and access control features. Ensure that the service provider has certifications that guarantee data security, like SOC 2 Type II, HIPAA, and PCI DSS.

Compliance with requirements and standards Ensure that the provider meets all compliance requirements and standards, such as the General Data Protection Regulation (GDPR) and Uniform Electronic Transactions Act (UETA).

Integrability

Be sure that your existing business systems, software, databases, workflows, and APIs integrate seamlessly with the eSignature software.

Customer support

In the case of any challenges, the provider’s customer support should be prompt and responsive. Check their response time and support hours via phone, email, and chat. Also take a look at their support guides, tutorials, and forums.

Authenticate a signer’s identity

While using eSignatures, take steps to ensure that the person signing the document is indeed who they claim to be. As such, eSignature solutions must provide multi-factor authentication, including digital certificates and biometrics, to make sure that the signer is verified.

Establish and enforce access policies

Access to eSignatures must be tightly controlled to limit access to authorized individuals only. This will prevent unauthorized individuals from accessing eSignatures and potentially using them in fraudulent or malicious ways.

Create a strong password

Signing or accessing documents through an eSignature platform requires a password. A strong password policy should be in place, mandating that passwords be of sufficient length and complexity.

Use encryption

Encryption is an essential security measure when adopting eSignatures, as it converts data into an unreadable form that is accessible and decodable by authorized individuals only.

FAQs about eSignatures

What types of documents can be signed electronically?

Any document that may be legally signed by hand can also be signed electronically, as long as the documents meet certain legal criteria. Electronic signatures are used for sales and employment contracts, benefit enrollment forms, rental agreements, and healthcare-related documents, as well as real estate documents such as purchase agreements, disclosure forms, and lease agreements. They can also be used for financial documents including loan applications, investment agreements, and insurance policies. It is, however, noteworthy that certain documents may be subject to specific laws or regulations, depending on the industry and jurisdiction.

How are electronic signatures different from digital signatures?

The terms “electronic signatures” and “digital signatures” are used interchangeably, but they are, in fact, two different types of processes for validating and securing electronic documents.

While electronic signatures use electronic symbols, sounds, or processes, digital signatures use a specific type of digital certificate, issued by a trusted third party. Digital signatures are considered to be more secure than electronic signatures because the associated digital certificate guarantees the document has not been altered in any way and verifies the identity of signatories. They are used for highly sensitive documents, which electronic signatures cannot handle due to their lack of legal framework.

In some countries, electronic signatures may thus not meet the legal requirements for certain types of documents, such as wills or real estate transactions. Digital signatures that conform to technical standards under international laws such as eIDAS can be used for such transactions, whereas electronic signatures are more commonly used for everyday documents such as employment contracts and agreements between individuals.

Can electronic signatures be tampered with?

Electronic signatures are secure, but, like any digital information, there is always a risk of tampering or fraud. However, tamper-proof measures can be put in place, including the best practices discussed earlier.

Most electronic signature providers create a detailed log of all signature events, including who signed, when they signed, and what changes were made. This way, inconsistencies can be identified quickly and instances of tampering or fraud can be traced and addressed.

How do you ensure that an eSignature is valid and legally binding?

To ensure that an eSignature is valid and legally binding, it is important to take the following steps.

i. Ensure that you choose a reputable provider that offers user-friendly eSignature solutions backed by reliable security, governance, and technical standards.

ii. Ensure that your eSignature solution complies with relevant legal requirements in your jurisdiction.

iii. Ensure that you provide clear consent or obtain the same from other signatories before signing the document. This can be achieved by including a clear statement in the document requesting the signer's consent to use an electronic signature.

iv. Ensure that the signer's identity is verified through an authentication process.

v. Ensure that your eSignature provider offers an unalterable audit trail that records all actions taken on the document, including when the document was signed, who signed it, and any changes made to it.

Do eSignatures have the same legal value as handwritten signatures?

Electronic signatures have the same legal value as handwritten signatures in most countries. This is because these countries have enacted laws and regulations that recognize electronic signatures as a valid means of signing documents. ESignature solutions that meet the best practices criteria of a given country’s laws are considered legally binding, and documents signed with them are considered admissible in court.

Conclusion

The adoption of eSignatures has significantly transformed how individuals and corporate organizations approach document management. The legally binding nature of eSignatures has been established by various laws globally. With eSignatures, businesses can focus on their core functions, manage processes with ease, eliminate human error, and ensure faster turn-around times when it comes to document signing.

At Acronis, we strive to secure your eSignature with an added layer of security. We offer solutions that provide extra protection and privacy features for your e-signed documents and eSignature provider. This way, you can rest assured that your important and sensitive documents will remain secure, without compromising their integrity or legal validity.

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.

More from Acronis