Sign in
Free trial
Free trial
 
 

Compliance & legal

 

Brief: Contracts sent through eSignatures.com are legally binding in the U.S., EU, UK, Canada, Australia, and most other major jurisdictions. We are ISO 27001 certified, and the service is designed to support GDPR, HIPAA, and 21 CFR Part 11 workflows. The sections below outline how this is achieved.

 
 
CA UECA Compliant
ISO 27001 Certified
US UETA & ESIGN Act Compliant
HIPAA Compliant
EU eIDAS/GDPR Compliant
AU ET Act Compliant
 
 

What makes a signature enforceable

 

The enforceability of an electronic signature relies on key evidentiary elements: the identity of the signer, the integrity of the document, the time of execution, and confirmation that no changes were made after signing. eSignatures.com is built around these principles, with a strong focus on security, privacy, and compliance.

 
QuestionHow eSignatures.com answers it
Who signed?IdentityAuthenticationEach signer’s name, email, and IP address are recorded at the time of signing and linked to the final document. Where additional assurance is required, SMS or live Photo ID verification can be applied.
What did they sign?DocumentIntegrityThe exact document presented to each signer is preserved without alteration, together with the signatures. The archived data reflects precisely what was shown at the time of signing.
When did they sign?TimestampsAudit trailEvery action is recorded with precise timestamps, including when the document was sent, opened, signed, and completed, and stored in the audit trail alongside the signature.
Has anything changed since?Tamper-evidentRecord retentionEach signed document includes a tamper-evident record. Any post-signing modification is detectable, and the audit trail provides visibility into the document’s integrity over time.
 
 

Legal validity, country by country

 

Contracts signed through eSignatures.com are legally valid for most standard business and personal agreements in the jurisdictions below. Every document carries a tamper-evident audit trail, so if a signature is ever questioned, you have the evidence to back it up.

 

United States

ESIGN Act · UETA

Under the federal ESIGN Act and state UETA laws, electronic signatures carry the same legal weight as handwritten ones across all 50 states for most business and consumer contracts.

European Union

eIDAS Regulation · Electronic Signature level

Our signatures are provided at the Simple Electronic Signature (SES) level under eIDAS, covering the vast majority of everyday commercial agreements. Additional authentication, including SMS and live Photo ID verification, can be applied where stronger assurance is needed.

United Kingdom

UK eIDAS · Electronic Communications Act 2000

Under UK eIDAS and the Electronic Communications Act 2000, electronic signatures are legally recognized for most business and consumer agreements.

Canada

UECA · PIPEDA

The Uniform Electronic Commerce Act, adopted across the provinces, recognizes electronic signatures for commercial transactions. PIPEDA governs how personal data is handled during the signing process.

Australia

Electronic Transactions Act 1999

Under the federal Electronic Transactions Act 1999 and corresponding state legislation, electronic signatures are legally recognized for most business and consumer agreements.

New Zealand

Electronic Transactions Act 2002

Under the Contract and Commercial Law Act 2017, which incorporates the Electronic Transactions Act 2002, electronic signatures are legally recognized for most business and consumer agreements.

South Africa

ECTA · POPIA

Under the Electronic Communications and Transactions Act 2002, electronic signatures are legally recognized for most business and consumer agreements.

Other jurisdictions

Varies by jurisdiction

Electronic signatures are recognized for ordinary commercial use in most most developed jurisdictions, and eSignatures.com is designed to support the common evidentiary and security requirements shared across those jurisdictions. The list above covers the most common ones.

A few documents you still can't sign electronically.

Most jurisdictions exclude a small category of documents, typically wills, certain trusts, some powers of attorney, court filings, and specific family law matters. The exact scope varies by country and state. If your use case may fall into these categories, you should seek local legal advice before relying on an electronic signature.

 
 

Security

 

eSignatures.com is ISO 27001 certified and built on AWS infrastructure, with encryption in transit and at rest, tamper-evident audit trails on every contract, and your choice of data center region.

 
ISO 27001
We are ISO 27001 certified.
Regular independent audits verify both our information security controls and our compliance processes.
Choose your data center
Choose the most suitable data center: US East (N. Virginia), Canada (Central), Asia Pacific (Sydney), EU (Frankfurt), or UK (London).
Encrypted in transit and at rest
TLS in transit, AES-256 at rest. while it's sitting. Every document also gets a tamper-evident record, so any change after signing shows up.
Signer authentication
Email, SMS and live Photo ID verification are built in. Match the check to the risk. Simple email for a routine NDA, live Photo ID verification for high-stakes documents.
Audit trail on every document
Every contract carries a full audit trail: each party's name, email, IP address, and the exact timestamp of every action: sent, opened, signed, completed. Designed to support evidentiary requirements and retained for the life of the contract.
Privacy
Contract content is used solely for providing the signing service. We do not sell, share, or use document content for advertising, data brokerage, or AI training.
 
 

If you work in a regulated industry

 

eSignatures.com supports the specific regimes these industries need to meet, without making the signing flow any harder for your customers.

 

HIPAA

Healthcare · United States

Ask us for a Business Associate Agreement (BAA) to support HIPAA-compliant workflows, including patient consent forms, treatment authorizations, and onboarding documentation.

GDPR

Data protection · EU and UK

EU or UK data residency, with Data Processing Addendum, sub-processor list published in our Privacy Policy, and support available for data subject requests. Personal data is processed in line with GDPR requirements.

21 CFR Part 11

FDA · Life sciences

Designed to support FDA expectations for electronic records and signatures, including audit trails, user identification, and tamper-evident controls.

Financial services

Finance · Insurance

Account agreements, insurance applications, consents all supported with stronger authentication options, IP and timestamp logging, and long-term storage of the signed record.

 

What's on us, and what's on you

 

Compliance isn’t delivered by a platform alone. We provide the infrastructure and core safeguards; you remain responsible for how they’re applied to your contracts, workflows, and customers.

On us

  • ISO 27001–certified infrastructure
  • A tamper-evident audit trail for every contract
  • Choice of regional data hosting
  • Authentication options from email to live Photo ID
  • A standard DPA and a published sub-processor list
  • Uptime, backups, and encryption

On you

  • Selecting the appropriate authentication level for each contract
  • Obtaining signer consent in line with your use case
  • Confirming that the document is eligible for electronic signing in your jurisdiction
  • Retaining any additional records beyond what we store
  • Meeting industry-specific requirements (e.g. executing a BAA where HIPAA applies)
 

Resources

 

ISO 27001 certification (JAS-ANZ registry)View registry

Data Processing Addendum (DPA)Download

Terms of ServiceDownload

Privacy PolicyDownload