If your business operates internationally, understanding the legal frameworks that govern electronic signatures is essential. The two most influential regulations—the ESIGN Act in the United States and eIDAS in the European Union—take fundamentally different approaches to achieving the same goal: making digital agreements legally enforceable.
The ESIGN Act (United States)
The Electronic Signatures in Global and National Commerce Act was enacted in 2000: a remarkably forward-thinking piece of legislation. Its core principle is simple: a signature or contract cannot be denied legal effect solely because it is in electronic form.
Key Provisions
- Technology-neutral: The ESIGN Act does not mandate any specific technology. Whether you use a typed name, a drawn signature on a touchscreen, or a PKI-based certificate, it qualifies as an e-signature.
- Consumer consent: Before using e-signatures with consumers, businesses must obtain the consumer's affirmative consent to conduct transactions electronically. Consumers must also be informed of their right to receive paper records.
- Record retention: Electronic records must remain accessible and reproducible for all parties. If a document is required by law to be retained, the electronic version must be accurately preserved.
- Pre-emption: The ESIGN Act pre-empts state laws that deny e-signatures legal effect, but it works alongside UETA (Uniform Electronic Transaction Act) which has been adopted by 47 states.
Exceptions
Certain documents are explicitly excluded from the ESIGN Act's scope: wills, codicils, and testamentary trusts; family law matters (adoption, divorce); court orders and notices; cancellation of utility services; recall notices for products posing health or safety risks; and documents related to hazardous materials transportation.
eIDAS (European Union)
The Electronic Identification, Authentication, and Trust Services Regulation came into force in 2014 and was fully applicable from July 2016. Unlike the ESIGN Act's permissive approach, eIDAS establishes a tiered framework with explicitly defined levels of assurance.
The Three Tiers
Simple Electronic Signature (SES)
Any data in electronic form attached to or associated with other data used by the signatory to sign. No specific technical requirements. Cannot be denied legal effect solely because it is electronic.
Advanced Electronic Signature (AES)
Must be uniquely linked to the signatory, capable of identifying the signatory, created under the signatory's sole control, and linked to the data in such a way that any change is detectable. Provides stronger evidentiary value.
Qualified Electronic Signature (QES)
An AES created by a Qualified Electronic Signature Creation Device (QSCD), based on a qualified certificate issued by a Trust Service Provider. Has the legal equivalent of a handwritten signature across all EU member states. This is the highest level of assurance under eIDAS.
Side-by-Side Comparison
| Feature | ESIGN Act (US) | eIDAS (EU) |
|---|---|---|
| Enacted | 2000 | 2014 (effective 2016) |
| Approach | Technology-neutral, permissive | Tiered framework (SES/AES/QES) |
| Identity verification | Not required by law | Required for AES and QES |
| Highest assurance level | No formal tiers; all e-signatures treated equally | QES (equivalent to handwritten) |
| Cross-border recognition | No international mutual recognition | QES recognised across all EU member states |
| Trust Service Providers | No formal TSP framework | Supervised TSP list maintained by EU |
| Consumer consent | Required before electronic transactions | Covered under GDPR separately |
The UK After Brexit
Following Brexit, the UK retained the EU's eIDAS framework through the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016, often referred to as "UK eIDAS." The three-tier structure (SES, AES, QES) remains intact. Qualified Electronic Signatures under UK eIDAS have the same legal standing as handwritten signatures in England, Wales, Scotland, and Northern Ireland.
However, UK-issued QES certificates are no longer automatically recognised in the EU, and vice versa. Businesses operating across both jurisdictions should consider using e-signature platforms that support both frameworks—ensuring compliance regardless of where the signatory is located.
Other Key Jurisdictions
- Canada: PIPEDA and provincial electronic transaction acts recognise e-signatures. No tiered framework; similar to the ESIGN Act's permissive approach.
- Australia: The Electronic Transactions Act 1999 accepts e-signatures, with exceptions for migration-related documents and citizenship certificates.
- India: The IT Act 2000 recognises both electronic signatures and Aadhaar-based e-signatures, which use the national identity platform for verification.
- Singapore: The Electronic Transactions Act provides a technology-neutral framework, with secure electronic signatures receiving a higher evidentiary presumption.
Practical Recommendations
- US-only businesses: Simple electronic signatures are sufficient for most transactions. Ensure you obtain consumer consent for B2C agreements.
- EU-focused businesses: Use SES for low-risk documents, AES for contracts with significant value, and QES when specifically mandated by regulation.
- International businesses: Choose a platform that supports all three eIDAS tiers and complies with the ESIGN Act. Maintain audit trails that satisfy both frameworks.
eSignHub supports global compliance
Our platform is designed to meet the requirements of both the ESIGN Act and eIDAS, with built-in audit trails, identity verification options, and tamper-evident document sealing.
Sign Up Now