Editing Electronic signature

{{Short description|Data in electronic form, which is logically associated with other data in electronic form}}
{{Use mdy dates|date=February 2023}}
An '''electronic signature''', or '''e-signature''', is [[data]] that is logically associated with other data and which is used by the [[signature|signatory]] to sign the associated data.<ref name="Cryptomathic_WHATISADIGITALSIGNATURE" /><ref name="eIDAS_Reference" /><ref>{{Cite news|url=https://www.signable.co.uk/what-are-e-signatures|title=What Are E-Signatures? {{!}} Signable {{!}}|access-date=December 20, 2016|archive-date=July 31, 2017|archive-url=https://web.archive.org/web/20170731150250/https://www.signable.co.uk/what-are-e-signatures|url-status=live}}</ref> This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created (e.g., [[eIDAS]] in the [[European Union]], [[Digital Signature Standard|NIST-DSS]] in the [[United States|USA]] or [[ZertES]] in [[Switzerland]]).<ref name="Cryptomathic_MajorStandardsDigSig" /><ref>{{cite web |url=https://www.law.cornell.edu/rules/fre/rules.htm#Rule1001 |title=Federal Rules of Evidence &#124; Federal Rules of Evidence &#124; LII / Legal Information Institute |publisher=Law.cornell.edu |access-date=March 6, 2015 |archive-date=November 25, 2011 |archive-url=https://web.archive.org/web/20111125142039/http://www.law.cornell.edu/rules/fre/rules.htm#Rule1001 |url-status=live }}</ref>

Electronic signatures are a legal concept distinct from [[digital signature]]s, a cryptographic mechanism often used to implement electronic signatures. While an electronic signature can be as simple as a name entered in an electronic document, digital signatures are increasingly used in [[e-commerce]] and in regulatory filings to implement electronic signatures in a [[Cryptography|cryptographically protected]] way. Standardization agencies like [[NIST]] or [[ETSI]] provide standards for their implementation (e.g., [[Digital Signature Algorithm|NIST-DSS]], [[XAdES]] or [[PAdES]]).<ref name=Cryptomathic_MajorStandardsDigSig>{{cite web|last1=Turner|first1=Dawn|title=Major Standards and Compliance of Digital Signatures - A World-Wide Consideration|url=http://www.cryptomathic.com/news-events/blog/major-standards-and-compliance-of-digital-signatures-a-world-wide-consideration|publisher=Cryptomathic|access-date=January 7, 2016|archive-date=February 9, 2016|archive-url=https://web.archive.org/web/20160209203857/http://www.cryptomathic.com/news-events/blog/major-standards-and-compliance-of-digital-signatures-a-world-wide-consideration|url-status=live}}</ref><ref name=CryptomathicDigSigServicesAshiqJA>{{cite web|last1=JA|first1=Ashiq|title=Recommendations for Providing Digital Signature Services|url=http://www.cryptomathic.com/news-events/blog/recommendations-for-providing-digital-signature-services|publisher=Cryptomathic|access-date=January 7, 2016|archive-date=February 9, 2016|archive-url=https://web.archive.org/web/20160209203856/http://www.cryptomathic.com/news-events/blog/recommendations-for-providing-digital-signature-services|url-status=live}}</ref> The concept itself is not new, with [[common law]] jurisdictions having recognized [[telegraph]] signatures as far back as the mid-19th century and [[fax]]ed signatures since the 1980s.

==Description==
The USA's [[Electronic Signatures in Global and National Commerce Act|E-Sign Act]],<ref name="Alicia Prince">{{cite web
|title=Electronic Signatures in Global and National Commerce Act
|date=June 17, 2000 }}</ref><ref name="Alicia Prince 2">{{cite news |newspaper=[[The New York Times]]
|url=https://www.nytimes.com/2000/06/17/technology/electronic-signatures-in-global-and-national-commerce-act.html
|date=June 17, 2000 |title=Electronic-Signature Bill Is Approved by the Senate
|author1=Lizette Alvarez |author2=Jeri Clausing}}</ref> signed June 30, 2000 by [[Bill Clinton|President Clinton]] was described months later as "more like a seal than a signature."<ref name=BadSIGNs>{{cite magazine=[[The Industry Standard]]
|date=October 30, 2000 |page=116 |author=Bruce Schmier |title=Bad Signs}}</ref>

An electronic signature is intended to provide a secure and accurate identification method for the signatory during a transaction.
Definitions of electronic signatures vary depending on the applicable [[jurisdiction (area)|jurisdiction]]. A common denominator in most countries is the level of an [[advanced electronic signature]] requiring that:
# The [[signature|signatory]] can be uniquely identified and linked to the signature
# The signatory must have sole control of the [[Public-key cryptography|private key]] that was used to create the electronic signature
# The signature must be capable of identifying if its accompanying data has been tampered with after the message was signed
# In the event that the accompanying data has been changed, the signature must be invalidated<ref name="Turner-AdvancedESig" />

Electronic signatures may be created with increasing levels of security, with each having its own set of requirements and means of creation on various levels that prove the validity of the signature. To provide an even stronger [[Relevance (law)|probative value]] than the above described advanced electronic signature, some countries like member states of the European Union or Switzerland introduced the qualified electronic signature. It is difficult to challenge the authorship of a statement signed with a [[qualified electronic signature]] - the statement is [[non-repudiation|non-repudiable]].<ref name="Turner-Understanding-eIDAS">{{cite web|last1=Turner|first1=Dawn M.|title=Understanding eIDAS|url=http://www.cryptomathic.com/news-events/blog/understanding-eidas|publisher=Cryptomathic|access-date=7 June 2016|archive-date=April 20, 2016|archive-url=https://web.archive.org/web/20160420084105/http://www.cryptomathic.com/news-events/blog/understanding-eidas|url-status=live}}</ref>  Technically, a qualified electronic signature is implemented through an advanced electronic signature that utilizes a digital certificate, which has been encrypted through a security signature-creating device<ref name="Turner-QualifiedElectronicSignature">{{cite web|last1=Turner|first1=Dawn M.|title=Qualified Electronic Signatures for eIDAS|url=http://www.cryptomathic.com/news-events/blog/qualified-electronic-signatures-for-eidas|publisher=Cryptomathic|access-date=7 June 2016|archive-date=May 23, 2016|archive-url=https://web.archive.org/web/20160523061250/http://www.cryptomathic.com/news-events/blog/qualified-electronic-signatures-for-eidas|url-status=live}}</ref> and which has been authenticated by a [[Qualified electronic signature#Qualified trust service providers|qualified trust service provider]].<ref name="Turner-TSPs">{{cite web|last1=Turner|first1=Dawn M.|title=Trust Service Providers according to eIDAS|url=http://www.cryptomathic.com/news-events/blog/trust-service-providers-according-to-eidas|publisher=Cryptomathic|access-date=23 June 2016|archive-date=July 11, 2016|archive-url=https://web.archive.org/web/20160711110548/http://www.cryptomathic.com/news-events/blog/trust-service-providers-according-to-eidas|url-status=live}}</ref>

==In contract law==
Since well before the [[American Civil War]] began in 1861, [[morse code]] was used to send messages electrically via the telegraph. Some of these messages were agreements to terms that were intended as enforceable [[contract]]s. An early acceptance of the enforceability of telegraphic messages as electronic signatures came from a [[New Hampshire Supreme Court]] case, Howley v. Whipple, in 1869.<ref>Howley v. Whipple, 48 N.H. 487, 488 (1869)</ref><ref>{{cite web|url=http://crawls-wm.us.archive.org/katrina/20051022073309/http://www.cato.org/speeches/sp-ss031799.html#1b |website=Cato Institute |first1= Solveig |last1=Singleton  |date= March 17, 1999 |title=Privacy Issues In Federal Systems: A Constitutional Perspective |access-date=2015-03-06 |url-status=dead |archive-url=https://web.archive.org/web/20200503153712/http://crawls-wm.us.archive.org/katrina/20051022073309/http://www.cato.org/speeches/sp-ss031799.html#1b |archive-date= May 3, 2020 }}</ref>

In the 1980s, many companies and even some individuals began using fax machines for high-priority or time-sensitive delivery of documents. Although the original signature on  the original document was on paper, the image of the signature and its transmission was electronic.<ref name="ib">{{cite web |url=http://www.isaacbowman.com/the-history-of-electronic-signature-laws |title=The History of Electronic Signature Laws |publisher=Isaac Bowman |date=March 16, 2009 |access-date=2015-03-06 |archive-url=https://web.archive.org/web/20150311072559/http://www.isaacbowman.com/the-history-of-electronic-signature-laws |archive-date=2015-03-11 |url-status=dead }}</ref>

Courts in various jurisdictions have decided that enforceable legality of electronic signatures can include agreements made by email, entering a [[personal identification number]] (PIN) into a bank [[Automated teller machine|ATM]], signing a credit or debit slip with a digital pen pad device (an application of [[graphics tablet]] technology) at a [[point of sale]], installing software with a [[clickwrap]] [[software license agreement]] on the package, and signing electronic documents online.

The first agreement signed electronically by two sovereign nations was a Joint Communiqué recognizing the growing importance of the promotion of electronic commerce, signed by the United States and Ireland in 1998.<ref>{{Cite web |date=September 1998 |title=International Law In Brief |url=http://www.asil.org/ilib/ilib0104.htm#04 |url-status=dead |archive-url=https://web.archive.org/web/20120331012531/http://www.asil.org/ilib0104.cfm |archive-date=Mar 31, 2012 |website=American Society of International Law}}</ref>

=== Enforceability ===
In 1996 the [[United Nations]] published the UNCITRAL Model Law on Electronic Commerce.<ref>{{cite web |url=http://www.uncitral.org/pdf/english/texts/electcom/05-89450_Ebook.pdf |title=UNCITRAL : Model Law on Electronic Commerce with Guide to Enactment 1996 with additional article 5 ''bis'' as adopted in 1998 |date=1999 |publisher=UNCITRAL |access-date=2015-03-06 |archive-date=2012-09-12 |archive-url=https://web.archive.org/web/20120912143439/http://www.uncitral.org/pdf/english/texts/electcom/05-89450_Ebook.pdf |url-status=dead }}</ref> Article 7 of the UNCITRAL Model Law on Electronic Commerce was highly influential in the development of electronic signature laws around the world, including in the US.<ref>{{cite web|url=http://www.unidroit.org/english/publications/review/articles/2000-4-gabriel-e.pdf|title=The New United States Uniform Electronic Transactions Act: Substantive Provisions, Drafting History and Comparison to the UNCITRAL Model Law on Electronic Commerce|last1=Gabriel|first1=Henry|publisher=International Institute for the Unification of Private Law |access-date=30 April 2011|archive-date=September 29, 2011|archive-url=https://web.archive.org/web/20110929055237/http://www.unidroit.org/english/publications/review/articles/2000-4-gabriel-e.pdf|url-status=live}}</ref> In 2001, UNCITRAL concluded work on a dedicated text, the UNCITRAL Model Law on Electronic Signatures,<ref>{{cite web |url=http://www.uncitral.org/pdf/english/texts/electcom/ml-elecsig-e.pdf |title=UNCITRAL : Model Law on Electronic Signatures with Guide to Enactment 2001 |publisher=UNCITRAL |date=2002 |access-date=2015-03-06 |archive-date=2012-08-02 |archive-url=https://web.archive.org/web/20120802172559/http://www.uncitral.org/pdf/english/texts/electcom/ml-elecsig-e.pdf |url-status=dead }}</ref> which has been adopted in some 30 jurisdictions.<ref>{{cite web |url=http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce/2001Model_status.html |title=Status - UNCITRAL Model Law on Electronic Signatures (2001) |publisher=UNCITRAL |access-date=2015-03-06 |archive-date=February 22, 2014 |archive-url=https://web.archive.org/web/20140222040526/http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce/2001Model_status.html |url-status=dead }}</ref> Article 9, paragraph 3 of the [[United Nations Convention on the Use of Electronic Communications in International Contracts]], 2005, which establishes a mechanism for functional equivalence between electronic and handwritten signatures at the international level as well as for the cross-border recognition. The latest UNCITRAL text dealing with electronic signatures is article 16 of the UNCITRAL Model Law on the Use and Cross-border Recognition of Identity Management and Trust Services (2022).

Canadian law ([[Personal Information Protection and Electronic Documents Act|PIPEDA]]) attempts to clarify the situation by first defining a generic electronic signature as "a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document," then defining a secure electronic signature as an electronic signature with specific properties. PIPEDA's secure electronic signature regulations refine the definition as being a digital signature applied and verified in a specific manner.<ref>[http://laws.justice.gc.ca/en/showtdm/cr/SOR-2005-30//?showtoc=&instrumentnumber=SOR-2005-30] {{webarchive|url=https://web.archive.org/web/20110605050917/http://laws.justice.gc.ca/en/showtdm/cr/SOR-2005-30//?showtoc=&instrumentnumber=SOR-2005-30|date=June 5, 2011}}</ref>

In the [[European Union]], EU [[Regulation (European Union)|Regulation]] No 910/2014 on electronic identification and trust services for electronic transactions in the European [[European Single Market|internal market]] ([[eIDAS]]) sets the legal frame for electronic signatures. It repeals [[Directive (European Union)|Directive]] 1999/93/EC.<ref name="eIDAS_Reference" /> The current and applicable version of eIDAS was published by the [[European Parliament]] and the [[European Council]] on July 23, 2014. Following Article 25 (1) of the eIDAS regulation, an [[advanced electronic signature]] shall “not be denied legal effect and admissibility as evidence in legal proceedings". However it will reach a higher [[Relevance (law)|probative value]] when enhanced to the level of a [[qualified electronic signature]]. By requiring the use of a [[Secure signature creation device|qualified electronic signature creation device]]<ref>eIDAS regulation Article 3 (12)</ref> and being based on a certificate that has been issued by a qualified trust service provider, the upgraded advanced signature then carries according to Article 25 (2) of the eIDAS Regulation the same legal value as a handwritten signature.<ref name="eIDAS_Reference" /><ref name="Turner-AdvancedESig">{{cite web|last1=Turner|first1=Dawn M.|title=Advanced Electronic Signatures for eIDAS|url=http://www.cryptomathic.com/news-events/blog/advanced-electronic-signatures|publisher=Cryptomathic|access-date=7 June 2016|archive-date=June 30, 2016|archive-url=https://web.archive.org/web/20160630080430/http://www.cryptomathic.com/news-events/blog/advanced-electronic-signatures|url-status=live}}</ref> However, this is only regulated in the European Union and similarly through [[ZertES]] in [[Switzerland]]. A qualified electronic signature is not defined in the United States.<ref name="TurnerDSS">{{cite web|last1=Tuner|first1=Dawn M.|title=Is the NIST Digital Signature Standard DSS legally binding?|url=http://www.cryptomathic.com/news-events/blog/is-the-nist-digital-signature-standard-dss-legally-binding|publisher=Cryptomathic|access-date=12 May 2016|archive-date=June 30, 2016|archive-url=https://web.archive.org/web/20160630053820/http://www.cryptomathic.com/news-events/blog/is-the-nist-digital-signature-standard-dss-legally-binding|url-status=live}}</ref><ref name="DSS-Ref">{{cite web|last1=Information Technology Laboratory National Institute of Standards and Technology|title=FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION (FIPS PUB 186 -4): Digital Signature Standard (DSS)|url=http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|access-date=12 May 2016|archive-date=December 27, 2016|archive-url=https://web.archive.org/web/20161227093019/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|url-status=live}}</ref>

The U.S. Code defines an electronic signature for the purpose of US law as "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."<ref name="US ESIGN Act of 2000">{{cite web |url=http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106.pdf |title=Public Law 106-229 : June 30, 2000 : Electronic Signatures in Global and National Commerce act |publisher=Frwebgate.access.gpo.gov |access-date=2015-03-06 |archive-date=May 22, 2011 |archive-url=https://web.archive.org/web/20110522212411/http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106.pdf |url-status=live }}</ref> It may be an electronic transmission of the document which contains the signature, as in the case of [[facsimile]] transmissions, or it may be encoded message, such as [[telegraphy]] using [[Morse code]].

In the United States, the definition of what qualifies as an electronic signature is wide and is set out in the [[Uniform Electronic Transactions Act]] ("UETA") released by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in 1999.<ref>{{cite web |url=http://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htm |title=Biddle Law Library: Library: • Penn Law |publisher=Law.upenn.edu |access-date=2015-03-06 |archive-url=https://web.archive.org/web/20140814230534/https://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htm |archive-date=2014-08-14 |url-status=dead }}</ref> It was influenced by [[American Bar Association|ABA]] committee white papers and the uniform law promulgated by NCCUSL. Under UETA, the term means "an electronic sound, symbol, or process, attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." This definition and many other core concepts of UETA are echoed in the U.S. [[Electronic Signatures in Global and National Commerce Act|ESign Act]] of 2000.<ref name="US ESIGN Act of 2000"/> 48 US states, the District of Columbia, and the US Virgin Islands have enacted UETA.<ref name="nccusl.org">[http://www.nccusl.org/Update/uniformact_factsheets/uniformacts-fs-ueta.asp]  {{webarchive|url=https://web.archive.org/web/20110115172742/http://www.nccusl.org/Update/uniformact_factsheets/uniformacts-fs-ueta.asp|date=January 15, 2011}}</ref> Only New York and Illinois have not enacted UETA,<ref name="nccusl.org"/> but each of those states has adopted its own electronic signatures statute.<ref>[http://www.cio.ny.gov/Policy/ESRA/esra.htm] {{webarchive|url=https://web.archive.org/web/20110506185818/http://www.cio.ny.gov/Policy/ESRA/esra.htm|date=May 6, 2011}}</ref><ref>{{cite web |url=http://apps.leg.wa.gov/RCW/default.aspx?cite=19.34 |title=Chapter 19.34 RCW: WASHINGTON ELECTRONIC AUTHENTICATION ACT |publisher=Apps.leg.wa.gov |access-date=2015-03-06 |archive-date=February 28, 2015 |archive-url=https://web.archive.org/web/20150228123121/http://apps.leg.wa.gov/rcw/default.aspx?cite=19.34 |url-status=live }}</ref><ref>{{cite web |url=http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=89&ChapterID=2 |title=5 ILCS 175/ Electronic Commerce Security Act |publisher=Ilga.gov |date=2003-10-17 |access-date=2015-03-06 |archive-date=October 26, 2011 |archive-url=https://web.archive.org/web/20111026053719/http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=89&ChapterID=2 |url-status=live }}</ref> As of June 11, 2020, Washington State Office of CIO adopted UETA.<ref>{{Cite web |date=1 April 2016 |title=Electronic Signature Guidelines |url=https://ocio.wa.gov/policy/electronic-signature-guidelines |url-status=live |archive-url=https://web.archive.org/web/20230131014833/https://ocio.wa.gov/policy/electronic-signature-guidelines |archive-date=31 January 2023 |access-date=6 February 2023 |publisher=Washington State Office of the Chief Information Officer}}</ref>

In Australia, an electronic signature is recognised as "not necessarily the writing in of a name, but maybe any mark which identifies it as the act of the party.”<ref>{{cite AustLII|litigants=Legal Services Board v Forster|court=VSC|num=102|year=2010|pinpoint=para. 41|date=April 13, 2010|courtname=[[Supreme Court of Victoria|SC]]|juris=Vic}}</ref> Under the Electronic Transactions Acts in each Federal, State and Territory jurisdiction, an electronic signature may be considered enforceable if (a) there was a method used to identify the person and to indicate that person’s intention in respect of the information communicated and the method was either: (i) as reliable as appropriate for the purpose for which the electronic communication was generated or communicated, in light of all the circumstances, including the relevant agreement; or (ii) proven in fact to have fulfilled the functions above by itself or together with further evidence and the person to whom the signature is required to be given consents to that method.<ref>{{Cite web|last=AG|title=Electronic Transactions Act 1999|url=http://www.legislation.gov.au/Details/C2011C00445/Html/Text|access-date=2021-06-02|website=www.legislation.gov.au|language=en|archive-date=June 3, 2021|archive-url=https://web.archive.org/web/20210603092606/https://www.legislation.gov.au/Details/C2011C00445/Html/Text|url-status=live}}</ref>

===Legal definitions===
Various laws have been passed internationally to facilitate commerce by using electronic records and signatures in interstate and foreign commerce. The intent is to ensure the validity and legal effect of contracts entered electronically. For instance,

;[[PIPEDA]] (Canadian federal law)
:(1) An electronic signature is "a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an [[electronic document]]";
:(2) A secure electronic signature is an electronic signature that
::(a) is unique to the person making the signature;
::(b) the technology or process used to make the signature is under the sole control of the person making the signature;
::(c) the technology or process can be used to identify the person using the technology or process; and
::(d) the electronic signature can be linked with an electronic document in such a way that it can be used to determine whether the electronic document has been changed since the electronic signature was incorporated in, attached to, or associated with the electronic document.

;[[Electronic Signatures in Global and National Commerce Act|ESIGN Act]] Sec 106 (US federal law)<ref>{{cite web |url=http://www.isaacbowman.com/electronic-signatures-in-global-and-national-commerce-act-esign |title=Electronic Signatures in Global and National Commerce Act ("ESIGN") |publisher=Isaac Bowman |access-date=2015-03-06 |archive-url=https://web.archive.org/web/20150311225345/http://www.isaacbowman.com/electronic-signatures-in-global-and-national-commerce-act-esign |archive-date=2015-03-11 |url-status=dead }}</ref>
:(2) ELECTRONIC- The term 'electronic' means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
:(4) ELECTRONIC RECORD- The term 'electronic record' means a contract or other record created, generated, sent, communicated, received, or stored by electronic means.
:(5) ELECTRONIC SIGNATURE- The term 'electronic signature' means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.

;[[EIDAS|Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market]] Art 3 (European Union regulation)
:(10) ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
:(11) ‘advanced electronic signature’ means an electronic signature which meets the requirements set out in Article 26;
:(12) ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures;

;[[gpea|GPEA]] Sec 1710 (US federal law):
:(1) ELECTRONIC SIGNATURE.—the term "electronic signature" means a method of signing an electronic message that—
:(A) identifies and authenticates a particular person as the source of the electronic message; and
:(B) indicates such person's approval of the information contained in the electronic message.

;[[Uniform Electronic Transactions Act|UETA]] Sec 2 (US state law):
:(5) "Electronic" means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
:(6) "Electronic agent" means a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part, without review or action by an individual.
:(7) "Electronic record" means a record created, generated, sent, communicated, received, or stored by electronic means.
:(8) "Electronic signature" means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.

;[[Federal Reserve]] 12 CFR 202 (US federal regulation): refers to the ESIGN Act

;[[Commodity Futures Trading Commission]] 17 CFR Part 1 Sec. 1.3 (US federal regulations):
:(tt) Electronic signature means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.

;[[Food and Drug Administration]] 21 CFR Sec. 11.3 (US federal regulations):
:(5) Digital signature means an electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the signer's identity and the integrity of the data can be verified.
:(7) Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature.

;[[United States Patent and Trademark Office]] 37 CFR Sec. 1.4 (federal regulation)
:(d)(2) ''S-signature.'' An S-signature is a signature inserted between forwarding slash marks, but not a handwritten signature ... (i)The S-signature must consist only of letters, or Arabic numerals, or both, with appropriate spaces and commas, periods, apostrophes, or hyphens for punctuation... (e.g., /Dr. James T. Jones, Jr./)...
:(iii) The signer's name must be:
:(A) Presented in printed or typed form preferably immediately below or adjacent to the S-signature, and
:(B) Reasonably specific enough so that the identity of the signer can be readily recognized.<ref name="USPTO Manual of Patent Examining Procedures (MPEP) §501">{{cite web| title=MPEP §501| url=http://www.uspto.gov/web/offices/pac/mpep/documents/0500_501.htm#sect501%7Cpublisher=USPTO| work=USPTO Manual of Patent Examining Procedures (MPEP)| access-date=October 5, 2017| archive-date=February 17, 2012| archive-url=https://web.archive.org/web/20120217103600/http://www.uspto.gov/web/offices/pac/mpep/documents/0500_501.htm#sect501%7Cpublisher=USPTO| url-status=live}}</ref>

=== Laws regarding their use ===
{{See also|Electronic signatures and law}}
* Australia - [http://www.comlaw.gov.au/Details/C2011C00445 Electronic Transactions Act 1999] (which incorporates amendments from Electronic Transactions Amendment Act 2011), [http://www.comlaw.gov.au/Details/C2011C00445/Html/Text#_Toc296406959 Section 10 - Signatures] specifically relates to electronic signatures.
* Azerbaijan - [https://e-qanun.az/framework/5916 Electronic Signature and Electronic Document Law (2004)]
* Brazil - [http://www.planalto.gov.br/ccivil_03/_ato2019-2022/2020/lei/l14063.htm 2020 Electronic signature Law (Lei de assinaturas eletrônicas)]; [http://www.planalto.gov.br/ccivil_03/MPV/Antigas_2001/2200-2.htm Brazil's National Public Key Certificate Infrastructure Act (Infraestrutura de Chaves Públicas Brasileira - ICP-Brasil)]
* Bulgaria - [https://www.mlsp.government.bg/uploads/3/zakonodatelstvo/zakon-za-elektronniq-dokument-i-elektronnite-udostoveritelni-uslugi-zagl-izm-dv-br-85-ot-2017-g.pdf Electronic Document and Electronic Certification Services Act]
* Canada - [http://laws.justice.gc.ca/eng/acts/P-8.6/index.html PIPEDA], [http://laws-lois.justice.gc.ca/eng/regulations/SOR-2005-30/?showtoc=&instrumentnumber=SOR-2005-30  its regulations], and the [http://laws-lois.justice.gc.ca/eng/acts/c-5/ Canada Evidence Act].
* China - Law of the People's Republic of China on Electronic Signature (effective April 1, 2005)
* Costa Rica - [http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?nValor1=1&nValor2=55666 Digital Signature Law 8454] (2005)
* Croatia 2002, updated 2008
* Czech Republic – currently directly applicable [[eIDAS]] and [https://aplikace.mvcr.cz/sbirka-zakonu/ViewFile.aspx?type=z&id=61057 Zákona o službách vytvářejících důvěru pro elektronické transakce - 297/2016 Sb.] (effective from 19 September 2016), formerly [https://aplikace.mvcr.cz/sbirka-zakonu/ViewFile.aspx?type=c&id=3456 Zákon o elektronickém podpisu - 227/2000 Sb.] (effective from 1 October 2000 until 19 September 2016 when it was derogated)
* Ecuador – [https://www.telecomunicaciones.gob.ec/wp-content/uploads/downloads/2012/11/Ley-de-Comercio-Electronico-Firmas-y-Mensajes-de-Datos.pdf Ley de Comercio Electronico Firmas y Mensajes de Datos]
* European Union - [[eIDAS]] regulation on implementation within the EU is set out in the [[Digital signatures and law#European Union and the European Economic Area|Digital Signatures and the Law]].
* India - [[Information Technology Act]]
* Indonesia - [https://peraturan.bpk.go.id/Details/37589/uu-no-11-tahun-2008 Law No. 11/2008 on Information and Electronic Transactions]
* Iraq - Electronic Transactions and Electronic Signature Act No 78 in 2012
* Ireland - [http://www.irishstatutebook.ie/2000/en/act/pub/0027/index.html Electronic Commerce Act 2000]
* Japan - [[Digital signatures and law#Japan|Law Concerning Electronic Signatures and Certification Services, 2000]]
* Kazakhstan - [https://adilet.zan.kz/rus/docs/Z030000370_ Law on Electronic Document and Electronic Signature (07.01.2003)]
* Lithuania -  [https://e-seimas.lrs.lt/portal/legalAct/en/TAD/c5174772ecd011e89d4ad92e8434e309 Law on Electronic Identification and Trust Services for Electronic Transactions]
* Mexico - E-Commerce Act [2000]
* Malaysia - Digital Signature Act 1997 and Digital Signature Regulation 1998 (https://www.mcmc.gov.my/sectors/digital-signature)
* Moldova - Privind semnătura electronică şi documentul electronic (http://lex.justice.md/md/353612/)
* New Zealand - [http://www.legislation.govt.nz/act/public/2017/0005/21.0/whole.html Contract and Commercial Law Act 2017]
* Paraguay - [https://web.archive.org/web/20140413140957/http://www.gacetaoficial.gov.py/uploads/pdf/2013/2013-11-07/gaceta_777_FBEJJFBGFADFCKFFGECAGEBJKIDKKHCFIHEGBFCH.pdf Ley 4017: De validez jurídica de la Firma Electrónica, la Firma Digital, los Mensajes de Datos y el Expediente Electrónico (12/23/2010)] {{in lang|es}}, [https://web.archive.org/web/20150924020425/http://www.gacetaoficial.gov.py/uploads/pdf/2013/2013-10-30/gaceta_384_HFBIHEFKACGHEIACGCEEKCAKJIJIAAIHGJFCDKBE.pdf Ley 4610: Que modifica y amplia la Ley 4017/10 (05/07/2012)] {{in lang|es}}
* Peru - [http://www.congreso.gob.pe/ntley/Imagenes/Leyes/27269.pdf Ley Nº 27269. Ley de Firmas y Certificados Digitales (28MAY2000)] {{Webarchive|url=https://web.archive.org/web/20140429162134/http://www.congreso.gob.pe/ntley/Imagenes/Leyes/27269.pdf |date=2014-04-29 }} {{in lang|es}}
* the Philippines - [https://web.archive.org/web/20160331115837/http://www.ncc.gov.ph/files/Ra8792.pdf Electronic Commerce Act of 2000]
* Poland - Ustawa o podpisie elektronicznym (Dziennik Ustaw z 2001 r. Nr 130 poz. 1450) <ref>[http://www.abc.com.pl/serwis/du/2001/1450.htm] {{webarchive|url=https://web.archive.org/web/20110927073911/http://www.abc.com.pl/serwis/du/2001/1450.htm|date=September 27, 2011}}</ref>
* Romania - LEGE nr. 214 din 5 iulie 2024 privind utilizarea semnăturii electronice, a mărcii temporale și prestarea serviciilor de încredere bazate pe acestea <ref>{{cite web | url=https://gazetajuridica.ro/index.php/2024/07/08/legea-nr-214-2024-privind-utilizarea-semnaturii-electronice-a-marcii-temporale-si-prestarea-serviciilor-de-incredere-bazate-pe-acestea/#:~:text=%C3%8En%20Monitorul%20Oficial%20al%20Rom%C3%A2niei,%20Partea%20I,%20nr | title=Legea nr. 214/2024 privind utilizarea semnăturii electronice, a mărcii temporale şi prestarea serviciilor de încredere bazate pe acestea – GAZETA JURIDICA | date=July 8, 2024 }}</ref>
* Russian Federation - [http://pravo.gov.ru/proxy/ips/?docbody=&nd=102146610 Federal Law of Russian Federation about Electronic Signature (06.04.2011)]
* Singapore - [https://sso.agc.gov.sg/Act/ETA2010 Electronic Transactions Act (2010)] ([https://www.imda.gov.sg/regulations-licensing-and-consultations/acts-and-regulations/electronic-transactions-act-and-regulations background information], [https://www.imda.gov.sg/regulations-licensing-and-consultations/acts-and-regulations/electronic-transactions-act-and-regulations/differences-between-eta-1998-and-eta-2010 differences between ETA 1998 and ETA 2010])
* Slovakia - [http://www.zbierka.sk/zz/predpisy/default.aspx?PredpisID=16414&FileName=02-z215&Rocnik=2002 Zákon č.215/2002 o elektronickom podpise]
* Slovenia - Slovene Electronic Commerce and Electronic Signature Act
* South Africa - [https://www.gov.za/sites/default/files/gcis_document/201409/a25-02.pdf <nowiki>Electronic Communications and Transactions Act [No. 25 of 2002]</nowiki>]<ref>{{Cite web|title=Electronic Communications and Transactions Act 25 of 2002|url=https://www.gov.za/documents/electronic-communications-and-transactions-act|url-status=live|archive-url=https://web.archive.org/web/20211118072909/https://www.gov.za/documents/electronic-communications-and-transactions-act|archive-date=2021-11-18|access-date=2021-11-18|website=South African Government}}</ref>
* Spain - [https://www.boe.es/buscar/act.php?id=BOE-A-2020-14046 Ley 6/2020, de 11 de noviembre, reguladora de determinados aspectos de los servicios electrónicos de confianza]
* Switzerland - [[ZertES]]
* [[Republika Srpska]] (entity of the [[Bosnia and Herzegovina]]) 2005
* Thailand - Electronic Transactions Act B.E.2544 (2001) [https://www.mdes.go.th/law/detail/3616-ELECTRONIC-TRANSACTIONS-ACT--B-E--2544--2001-]
* Turkey - [https://web.archive.org/web/20070927203050/http://www.kamusm.gov.tr/en/Electronic_Signature_Law.pdf Electronic Signature Law]
* Ukraine - [https://web.archive.org/web/20071005001335/http://www.ucrf.gov.ua/uk/doc/laws/1149760377/ Electronic Signature Law, 2003]
* UK - s.7 [[Electronic Communications Act 2000]]
* U.S. - [[Electronic Signatures in Global and National Commerce Act]]
* U.S. - [[Uniform Electronic Transactions Act]] - adopted by 48 states
* U.S. - [[Government Paperwork Elimination Act]] (GPEA)
* U.S. - [[Uniform Commercial Code|The Uniform Commercial Code (UCC)]]

===Usage===
In 2016, [[Aberdeen Strategy and Research]] reported that 73% of "best-in-class" and 34% of all other respondents surveyed made use of electronic signature processes in [[supply chain]] and [[procurement]], delivering benefits in the speed and efficiency of key procurement activities. The percentages of their survey respondents using electronic signatures in [[accounts payable]] and [[accounts receivable]] processes were a little lower, 53% of "best-in-class" respondents in each case.<ref>Barry, M., [https://www.aberdeen.com/featured/e-signature-in-procurement/ The Speed & Efficiency of E-Signature in Procurement] {{Webarchive|url=https://web.archive.org/web/20210422050002/https://www.aberdeen.com/featured/e-signature-in-procurement/ |date=April 22, 2021 }}, Aberdeen Strategy and Research, published 1 April 2016, accessed 22 April 2021</ref>

==Technological implementations (underlying technology)==
=== Digital signature ===
{{further|Digital signature}}
[[Image:Digital Signature diagram.svg|thumb|right|280px|A diagram showing how a digital signature is applied and then verified]]
Digital signatures are [[Cryptography|cryptographic]] implementations of '''electronic signatures''' used as a proof of [[authenticity (philosophy)|authenticity]], [[data integrity]] and [[non-repudiation]] of communications conducted over the [[Internet]]. When implemented in compliance to digital signature standards, digital signing should offer end-to-end privacy with the signing process being user-friendly and secure. Digital signatures are generated and verified through standardized frameworks such as the [[Digital Signature Algorithm]] (DSA)<ref name=CryptomathicDigSigServicesAshiqJA /><ref name="NIST_DigitalSignatureStandardDSS" /> by [[NIST]] or in compliance to the [[XAdES]], [[PAdES]] or [[CAdES (computing)|CAdES]] standards, specified by the [[ETSI]].<ref name="Turner_Diff-Electronic-Digital-Sig">{{cite web|last1=Turner|first1=Dawn M.|title=THE DIFFERENCE BETWEEN AN ELECTRONIC SIGNATURE AND A DIGITAL SIGNATURE|url=http://www.cryptomathic.com/news-events/blog/the-difference-between-an-electronic-signature-and-a-digital-signature|publisher=Cryptomathic|access-date=21 April 2016|archive-date=May 8, 2016|archive-url=https://web.archive.org/web/20160508200451/http://www.cryptomathic.com/news-events/blog/the-difference-between-an-electronic-signature-and-a-digital-signature|url-status=live}}</ref>

There are typically three algorithms involved with the digital signature process:
* Key generation – This algorithm provides a private key along with its corresponding public key.
* Signing – This algorithm produces a signature upon receiving a private key and the message that is being signed.
* Verification – This algorithm checks for the message's authenticity by verifying it along with the signature and public key.<ref name="Turner-what-is-a-digsig">{{cite web|last1=Turner|first1=Dawn|title=What is a digital signature - what it does, how it work|url=http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|publisher=Cryptomathic|access-date=7 June 2016|archive-date=February 9, 2016|archive-url=https://web.archive.org/web/20160209203857/http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|url-status=live}}</ref>

The process of digital signing requires that its accompanying public key can then authenticate the signature generated by both the fixed message and private key. Using these cryptographic algorithms, the user's signature cannot be replicated without having access to their private key.<ref name="Turner-what-is-a-digsig" /> A [[secure channel]] is not typically required. By applying asymmetric cryptography methods, the digital signature process prevents several common attacks where the attacker attempts to gain access through the following attack methods.<ref name=Cryptomathic_WHATISADIGITALSIGNATURE>{{cite web|last1=Turner|first1=Dawn|title=What is a Digital Signature - What It Does, How It Works|url=http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|publisher=Cryptomathic|access-date=7 January 2016|archive-date=February 9, 2016|archive-url=https://web.archive.org/web/20160209203857/http://www.cryptomathic.com/news-events/blog/what-is-a-digital-signature-what-it-does-how-it-works|url-status=live}}</ref>

The most relevant standards on digital signatures with respect to size of domestic markets are the [[Digital Signature Algorithm|Digital Signature Standard (DSS)]]<ref name=NIST_DigitalSignatureStandardDSS>{{cite web|title=FIPS PUB 186-4: Digital Signature Standard (DSS)|url=http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|publisher=National Institute of Standards and Technology|access-date=7 January 2016|archive-date=December 27, 2016|archive-url=https://web.archive.org/web/20161227093019/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf|url-status=live}}</ref> by the [[National Institute of Standards and Technology]] (NIST) and the [[eIDAS]] Regulation<ref name=eIDAS_Reference>{{cite web|title=REGULATION (EU) No 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC|url=http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG|publisher=THE EUROPEAN PARLIAMENT AND OF THE COUNCIL|access-date=7 January 2016|archive-date=January 15, 2018|archive-url=https://web.archive.org/web/20180115001229/http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG|url-status=live}}</ref> enacted by the [[European Parliament]].<ref name=Cryptomathic_MajorStandardsDigSig />  [[OpenPGP]] is a non-proprietary protocol for email encryption through [[public key cryptography]]. It is supported by [[Pretty Good Privacy|PGP]] and [[GnuPG]], and some of the [[S/MIME]] [[IETF]] standards and has evolved into the most popular email encryption standard in the world.<ref name=OpenPGPAllianceReference>{{cite web|title=Welcome to The OpenPGP Alliance|url=http://openpgp.org/|publisher=OpenPGP Alliance|access-date=7 January 2016|archive-date=January 11, 2016|archive-url=https://web.archive.org/web/20160111032333/http://openpgp.org/|url-status=live}}</ref>

===Biometric signature===

An electronic signature may also refer to electronic forms of processing or verifying identity through the use of biometric "signatures" or biologically identifying qualities of an individual. Such signatures use the approach of attaching some biometric measurement to a document as evidence. Biometric signatures include fingerprints, [[hand geometry]] (finger lengths and palm size), [[iris recognition|iris patterns]], [[speaker recognition|voice characteristics]], retinal patterns, or any other human body property. All of these are collected using electronic sensors of some kind.

Biometric measurements of this type are useless as [[passwords]] because they can't be changed if compromised. However, they might be serviceable, except that to date, they have been so easily deceived that they can carry little assurance that the person who purportedly signed a document was actually the person who did. For example, a replay of the electronic signal produced and submitted to the computer system responsible for 'affixing' a signature to a document can be collected via wiretapping techniques.{{citation needed|date=August 2020}} Many commercially available fingerprint sensors have low resolution and can be deceived with inexpensive household items (for example, [[gummy bear]] candy gel).<ref>{{cite conference |citeseerx=10.1.1.100.8172 |title=Impact of artificial gummy fingers on fingerprint systems |author=Matsumoto |date=2002|book-title=Proceedings of SPIE |pages=275–289}}</ref> In the case of a user's face image, researchers in Vietnam successfully demonstrated in late 2017 how a specially crafted mask could beat [[Apple Inc.|Apple's]] [[Face ID]] on [[iPhone X]].<ref name="BkavBkav17">{{cite web |url=http://www.bkav.com/news-in-focus/-/view_content/content/103968/bkav%E2%80%99s-new-mask-beats-face-id-in-twin-way-severity-level-raised-do-not-use-face-id-in-business-transactions |title=Bkav's new mask beats Face ID in "twin way": Severity level raised, do not use Face ID in business transactions |work=News In Focus |publisher=Bkav Corporation |date=27 November 2017 |access-date=8 May 2018 |archive-date=May 8, 2018 |archive-url=https://web.archive.org/web/20180508221113/http://www.bkav.com/news-in-focus/-/view_content/content/103968/bkav%E2%80%99s-new-mask-beats-face-id-in-twin-way-severity-level-raised-do-not-use-face-id-in-business-transactions |url-status=live }}</ref>

== See also==
* [[Authentication]]
* [[Long-term validation]]
* [[UNCITRAL Model Law on Electronic Signatures]] ([[MLES]])

==References==
{{Reflist|colwidth=30em}}

==External links==
{{wikibooks|Legal and Regulatory Issues in the Information Economy}}

* [http://ec.europa.eu/information_society/eeurope/2005/all_about/security/electronic_sig_report.pdf E-Sign Final Report] (2005, [[European Union]])
* [https://web.archive.org/web/20090408073109/http://www.jsboard.co.uk/publications/digisigs/index.htm Judicial Studies Board Digital Signature Guidelines]
* [http://biometrics.gov/Documents/DynamicSig.pdf Dynamic signatures]

{{Authority control}}

{{DEFAULTSORT:Electronic Signature}}
[[Category:Authentication methods]]
[[Category:Biometrics]]
[[Category:Cryptography]]
[[Category:Computer law]]
[[Category:Electronic identification]]
[[Category:Signature]]
[[Category:Records management technology]]