How to make eSignatures legally binding

It took years for you to get that perfect flourish on the end of your John Henry, and now the computers are taking it all away. No worries – with the right stylus you can replicate your favorite wet sign online. And with the right software, you can replicate that sign a hundred times a day.

Are you:

• signing multiple copies of the same document?
• initialing every page in your path?
• constantly losing your pens, no matter how many you steal from hotel rooms?

It’s time to get on board with eSignatures. But is signing online as secure as signing on paper?

In short: yes. In long: read on.

What are eSignatures?

A eSignature – also known as a dry signature – is a legally binding way to sign documents digitally. Back in the day we would print our documents, slap a big wet sign on it, dry it and then scan it back onto the computer.

Thankfully, signing technology has caught up with the cloud. Now we can just open a document in everyday document editing software like Lumin or Google Docs and click “add signature”.

You can create your signature with a stylus (or your mouse, if you have a steady hand), upload an image of your signature, or create one by typing in your name and converting it to a nice font.

Can someone change a contract after I’ve signed it?

You’ve written up a contract and everyone’s signed it. Great. But what if the other party goes and tweaks things after the fact? Will you be beholden to this new version of the contract?

If you don’t print the original and store it in a cupboard, you might be concerned you can’t prove the contract has changed.

You can. It’s all thanks to the humble hash.

A “hash” is all the data in your file, pushed through an algorithm and spat out into a unique and unchangeable jumble of characters. Your contract, signed by both parties, has its own unique hash.

If someone tweaks the file after it’s been signed, the file will have a different hash. No-one can edit this.

You might recognize this approach of jumbling things into a garbled and unchangeable form as cryptography, the science of codes.

Lots of things we love use cryptography:

• email, which is encrypted to protect it from being intercepted
• online banking, which uses account numbers and passwords
• the Da Vinci Code, which keeps the lives of Christ’s descendants secure

Can someone copy-paste my digital signature?

What’s to stop someone from copy-pasting your signature into another document?

The answer: cryptography, again.

Imagine you have two keys. One is used to lock your doors, and the other is used by your neighbor to check your mail while you’re on holiday. It only gets them into the mailbox; no further. 

Customers of Lumin Sign have two keys, too:

• the first one – the private key – is used to lock all your document doors. It is the secret algorithm that hashes your document.
• the second one – the public key – is equivalent to the mailbox key. This key is known to Lumin, and we use it to open the hash enough to verify you signed and sent it.

While every document’s hash is different, your private key is always the same. Platforms that enable eSignatures can store private keys for you, but they don’t share them with anyone.

Are all eSignatures created equal?

No. For example, most eSign tools place an image of your signature on the page, making your mark with a simple stamp.

But there are a growing number of compliant eSignature tools that go all the way and use cryptography to secure these stamps.

What legal requirements does an eSignature need to meet?

eSignatures still need to meet legal requirements. While the details of these change from country-to-country, the core necessities are:

• the signature must be made with intent to enter into a legally binding contract
• the signature must be able to be authenticated as legitimate
• the document is stored securely

For these reasons, using a reputable platform like Lumin Sign or DocuSign is legal; drawing up and signing a contract in Microsoft Paint is not. Typing your name at the bottom of an email is also not a legal signature.

Where are eSignatures legal?

Just about everywhere. In the US, two acts recognize eSignatures as equivalent to wet ones in terms of legal status: the Uniform Electronic Transactions Act (UETA) and the Electronic Signatures in Global and National Commerce Act (perfectly acronymed as ESIGN).

Other countries have similar legal recognitions:

• Europe: eIDAS Regulation (regulation on electronic identification and trust services for electronic transactions in the internal market)
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and others
• UK: eIDAS Regulation plus post-Brexit supplementation
• India: the Information Technology Act
• New Zealand: the Electronic Transactions Act
• Australia: the Electronic Transactions Act, the Treasury Laws Amendment 2023
• Singapore: the Electronic Transactions Act

These are just a few examples. If your country isn’t on the list, it’s likely it still recognizes eSignatures as legally valid.

Countries that currently don’t recognize eSignatures include Cuba, Iran, Laos, North Korea, Sudan, Syria and Venezuela. However, this could change. We’ll keep you updated!

Sound like a good idea? Seal more deals with our client-facing signature workflow tool, Lumin Sign.