E-Signatures and the Law

The Short Answer

Yes, electronic signatures are legally binding. In the UK, EU, and US, electronic signatures have the same legal standing as handwritten signatures for the vast majority of documents. The law does not discriminate against a signature simply because it is in electronic form.

UK Law

Electronic Communications Act 2000

The Electronic Communications Act 2000 (ECA) provides the legal foundation for electronic signatures in the UK. Section 7 establishes that electronic signatures are admissible as evidence in legal proceedings regarding the authenticity or integrity of a communication or data.

Law Commission Confirmation

In September 2019, the Law Commission published a detailed report confirming that electronic signatures are valid for the execution of documents under English law, including deeds (when witnessed electronically). This provides strong legal certainty for businesses using e-signatures.

Exceptions in UK Law

A small number of documents still require wet-ink signatures:

• Wills and codicils (Wills Act 1837 requires the testator's physical signature)
• Certain real property transactions (land registry transfers may require specific electronic signature forms)
• Powers of attorney for property and financial affairs
• Documents required to be notarised

EU Law — eIDAS Regulation

The EU's eIDAS Regulation (Electronic Identification, Authentication and Trust Services) establishes a comprehensive framework for electronic signatures across all EU member states. It defines three tiers of electronic signature:

Simple Electronic Signature (SES)

Any data in electronic form attached to or associated with other electronic data, used by the signatory to sign. This includes clicking "I agree", typing your name, or pasting an image of your signature. SES is legally valid but offers the lowest level of assurance.

Advanced Electronic Signature (AES)

An electronic signature that meets additional requirements under Article 26 of eIDAS:

• Uniquely linked to the signatory
• Capable of identifying the signatory
• Created using data that the signatory can use under their sole control
• Linked to the signed data in such a way that any subsequent change is detectable

Squigggle's standard AES signatures (£1/doc) meet these requirements through ECDSA P-256 cryptographic signing, email OTP verification, consent recording, tamper-evident document hashing, and PAdES B-LT long-term validation. For everyday contracts — employment offers, NDAs, supplier agreements — AES provides strong legal standing and is sufficient for the vast majority of business documents.

AES with Identity Verification (AES+IDV) — Coming Soon

For situations where identity assurance beyond email OTP is required, Squigggle will offer AES+IDV. This tier adds a real-time identity document check — passport or driving licence verification — on top of the standard AES cryptographic signing and audit trail.

AES+IDV is appropriate for higher-value contracts, regulated industries (financial services, legal, healthcare), cross-border agreements where parties are unknown to each other, and any scenario where you need to prove the signatory's identity was verified against a government-issued document.

Qualified Electronic Signature (QES) — Coming Soon

The highest tier — an advanced electronic signature created by a qualified electronic signature creation device, based on a qualified certificate for electronic signatures issued by a qualified trust service provider (QTSP). QES has the legal equivalent of a handwritten signature in all EU member states and cannot be denied legal effect.

Squigggle will offer QES signatures backed by a qualified certificate issued by a QTSP, with PAdES B-LTA archival-grade long-term validation. QES is required for certain regulated transactions across the EU, and is the only electronic signature type that carries automatic legal equivalence to a handwritten signature under eIDAS without requiring additional evidence.

US Law — ESIGN Act and UETA

ESIGN Act (2000)

The Electronic Signatures in Global and National Commerce Act (ESIGN) is a federal law that gives electronic signatures the same legal status as handwritten signatures. It applies to interstate and foreign commerce and covers most types of contracts and agreements.

UETA (1999)

The Uniform Electronic Transactions Act has been adopted by 49 US states (all except New York, which has its own Electronic Signatures and Records Act). UETA provides state-level legal recognition of electronic signatures and records.

US Exceptions

• Wills, codicils, and testamentary trusts
• Family law (adoption, divorce — varies by state)
• Court orders and notices
• Cancellation of utilities or insurance
• Product recalls and safety notices

What Makes an E-Signature Enforceable?

Regardless of jurisdiction, courts look for these elements when evaluating the enforceability of an electronic signature:

1. Intent to sign: Evidence that the signer intended to sign the document (consent recording, affirmative action)
2. Identity verification:Reasonable steps to verify the signer's identity (email verification, OTP, knowledge-based authentication)
3. Document integrity:Proof that the document hasn't been altered after signing (cryptographic hashing, tamper-evident seals)
4. Audit trail: A comprehensive record of the signing process (timestamps, IP addresses, user agents, event log)
5. Consent to electronic process: Evidence that all parties agreed to conduct business electronically

How Squigggle Ensures Compliance

Every document signed through Squigggle includes the following safeguards:

• ECDSA P-256 cryptographic signatures:Each signer generates a unique key pair. The private key never leaves the signer's browser, ensuring sole control.
• SHA-256 document hashing: A cryptographic hash of the document is computed before signing. Any post-signing modification is immediately detectable.
• Email OTP verification: All signers verify their identity via a one-time passcode sent to their email address. This provides signer authentication and a verifiable link between the signatory and the signing event.
• Consent recording: Signers must explicitly consent to signing electronically before proceeding.
• Comprehensive audit trail: Every action is logged with timestamps, IP addresses, and user agents.
• PAdES long-term validation: AES signatures use PAdES B-LT format for long-term validation. QES signatures use PAdES B-LTA for archival-grade validation with embedded timestamps.
• Certificate of completion: A tamper-evident certificate is appended to the signed PDF, including all signer details and verification information.
• PKCS#7 platform seal:The completed document is sealed with Squigggle's platform certificate, providing an additional layer of authenticity verification.

When AES+IDV and QES tiers launch, additional safeguards will be available: identity document verification for AES+IDV, and a qualified certificate issued by a QTSP for QES. These additional verification steps will be recorded in the audit trail and certificate of completion.

Industries Using E-Signatures

Electronic signatures are widely accepted across industries:

• Real estate: Tenancy agreements, property management, letting agent contracts
• Financial services: Account openings, loan agreements, insurance policies
• Employment: Offer letters, contracts of employment, NDAs
• Legal: Client engagement letters, settlement agreements, witness statements
• Healthcare: Patient consent forms, supplier agreements
• Technology: SaaS agreements, vendor contracts, partnership agreements

Choosing the Right Signature Level

The right signature tier depends on the document type, the regulatory environment, and the level of identity assurance required:

• AES (£1/doc): Suitable for the majority of business documents — employment contracts, NDAs, supplier agreements, tenancy agreements, and general commercial contracts. Email OTP verification provides strong signer authentication for everyday use.
• AES+IDV (coming soon): Recommended for higher-value contracts, regulated industries (financial services, legal, healthcare), transactions where parties have no prior relationship, and any scenario requiring identity assurance beyond email verification. Will add passport or driving licence verification.
• QES (coming soon): Required for transactions that mandate qualified signatures under eIDAS, or where automatic legal equivalence to a handwritten signature is needed without additional evidence. Common in cross-border EU transactions, public procurement, and highly regulated sectors.

Frequently Asked Questions

Can e-signatures be used for employment contracts?

Yes. Employment contracts can be validly executed using electronic signatures in the UK, EU, and US. ACAS guidance confirms that employment contracts do not need to be in writing to be legally binding, and when they are written, electronic signatures are valid.

Are e-signatures valid for NDAs?

Yes. Non-disclosure agreements are standard contracts that can be executed electronically. NDAs are among the most common documents signed electronically.

Can I use e-signatures for international contracts?

Yes, in most cases. Electronic signature laws exist in over 60 countries. For cross-border contracts, the governing law clause will determine which jurisdiction's e-signature rules apply. Both eIDAS (EU) and ESIGN (US) provide strong legal backing.

What if the other party disputes the signature?

The audit trail and cryptographic evidence provided by Squigggle serve as strong evidence of the signing event. The SHA-256 hash proves document integrity, the ECDSA signature proves the signer's participation, and the event log documents every step of the process.