United States: ESIGN and UETA
The United States uses two complementary statutes. The federal Electronic Signatures in Global and National Commerce Act (ESIGN, 2000) applies to transactions affecting interstate or foreign commerce and provides that a signature, contract, or record cannot be denied legal effect solely because it is electronic. The Uniform Electronic Transactions Act (UETA, 1999) is a model state law adopted by 49 states and the District of Columbia, with New York applying its own comparable statute; it governs electronic transactions at the state level where the parties have agreed to transact electronically. Both require the same essentials: an intent to sign, attribution of the signature to the signer, association of the signature with the record, and the ability to retain a copy. ESIGN adds consumer-protection steps, including disclosing the hardware and software a consumer needs to access and keep electronic records before obtaining their consent. Some documents are excluded from both, such as wills, many family-law documents, and court orders.
European Union and EEA: eIDAS and its three tiers
Across the EU and EEA, the eIDAS Regulation (EU) No. 910/2014 (updated by eIDAS 2.0, Regulation (EU) 2024/1183) applies directly and defines three tiers. A simple electronic signature (SES) is any electronic data used to sign; it is admissible under the non-discrimination principle but carries no special evidentiary presumption. An advanced electronic signature (AES), under Article 26, must be uniquely linked to and capable of identifying the signatory, created under their sole control, and able to detect any later change. A qualified electronic signature (QES) is an AES created with a qualified signature-creation device and a qualified certificate from an EU-listed trust service provider. Only a QES has the legal effect of a handwritten signature across the entire EU (Article 25(2)). Most commercial contracts need no particular form and can use an SES or AES; a QES or wet ink is required only where national law prescribes a specific written or notarial form.
Do you need a digital certificate?
In most countries, no certificate is required to form a binding contract by electronic signature. A typed name, a drawn signature, or a click-to-sign capture can be valid where intent and attribution are clear. A certificate-backed or qualified signature is not usually mandatory, but it is materially harder to challenge, so it is recommended for high-stakes, regulated, or government-facing documents. The right tier depends on the document and the jurisdiction.
E-signature law is not data-protection law
Validity and privacy are separate questions. eIDAS, ESIGN, and UETA decide whether a signature is legally effective. Data-protection laws such as the EU and UK GDPR, Canada's PIPEDA, and US state privacy laws govern the personal data created when someone signs, including names, email addresses, and audit records. Under the GDPR, when a provider processes personal data on your behalf, you generally need a Data Processing Agreement with that provider. The two bodies of law work together: a signature can be perfectly valid under eIDAS while the underlying data handling must still satisfy the GDPR.
Which assurance level do you need?
Match the method to the risk. For routine business agreements (NDAs, vendor and SaaS contracts, HR paperwork) where no special form is required, a standard electronic signature with a strong audit trail is typically appropriate. For regulated, high-value, or government-facing matters, or where national law mandates a specific form, use a higher-assurance method (an advanced or qualified signature, or wet ink and notarization where required). When signers are in different countries, the strictest applicable jurisdiction usually drives the choice.
Frequently asked questions
What is the difference between ESIGN and UETA?
ESIGN is the US federal law covering transactions in interstate or foreign commerce; UETA is a model state law adopted by 49 states and the District of Columbia, with New York using its own comparable statute. Both make electronic signatures legally effective and require intent to sign, attribution, association with the record, and the ability to retain a copy.
What is the difference between SES, AES, and QES under eIDAS?
A simple electronic signature (SES) is any electronic signature; it is admissible but has no special evidentiary presumption. An advanced electronic signature (AES) is uniquely linked to and identifies the signatory, is under their sole control, and detects later changes (Article 26). A qualified electronic signature (QES) is an AES made with a qualified device and a qualified certificate, and it is the only tier with the legal effect of a handwritten signature across the EU (Article 25(2)).
Does an electronic signature need a digital certificate?
Usually not to form a contract. A typed, drawn, or click-to-sign signature can be valid where intent and attribution are clear. A certificate-backed or qualified signature is recommended for high-stakes, regulated, or government-facing documents because it is harder to challenge.
Is a Data Processing Agreement the same as e-signature law?
No. E-signature law (eIDAS, ESIGN, UETA) governs whether a signature is valid. Data-protection law (such as the GDPR and PIPEDA) governs the personal data created when someone signs, and a Data Processing Agreement is the contract that covers a provider's processing of that data on your behalf.
Disclaimer: This guide is general information, not legal advice, and is not a guarantee that any signature will be enforceable for a particular document, transaction, or jurisdiction. E-signature and data-protection laws change frequently. Confirm the requirements for your specific document and parties, and consult a licensed lawyer in the relevant country before relying on electronic signing.
Last reviewed: 2026-06-15