电子签名的终极指南
关于电子签名和数字签名在美国,欧盟及以后的所有内容。
Implementing a digital signing process into your business can provide tremendous benefits, but they may have questions about processes and legal ramifications of digital signing.
That’s why we wrote this guide.
下面,您将找到关于电子签名,数字签名和在线签名过程所需的所有内容。
1. What is an electronic signature?
电子签名承载自己的法律定义。虽然此定义可能略有不同于国家/地区,但本指南将重点关注电子签名法在美国和欧盟的解释。
在美国,电子签名的法律定义来自于2000年联邦伊斯嘉法案:
电子签名- 术语“电子签名”是指与合同或其他记录相关联的电子声音,符号或过程,与合同或其他记录相关联,并由一个人被签署记录的人执行或采用。
美国的许多国家也通过了Uniform Electronic Transactions Act(UETA),它定义了电子签名,如:
“an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”
In the European Union, the definition of an electronic signature is derived from the外塔斯法规which states:
“电子签名”意味着以电子形式的其他数据附加或逻辑相关的电子形式的数据,并且由签字人使用符号。
这些定义是基础的一部分,确定电子签名如何在大部分西部世界签署的业务合同。
不仅仅是手写签名
来自上述法律定义的一个重要外卖器是电子签名不仅仅是类似于手写签名的图像文件。
In fact, an electronic signature doesn’t even need to look like the handwritten signature of the person signing the document.
While this is a feature that many e-signature software providers include in their offering, it carries limited legal weight when signing documents electronically.
相反,电子签名使用电子识别方法,例如连接到签名者身份的数字证书,个性化登录和访问代码,以及不对称加密,以为销售合同和签名的业务文档创建非拒绝。
These enhanced security measures mean that — when executed correctly — electronic signatures are difficult to forge. These safety measures add to the legality of electronic signatures when used to sign digital documents and make electronic signatures safe for business use.
2. Who uses electronic signatures?
Electronic signatures are used by organizations large and small for a wide range of documentation. This includes:
- Fortune 500 corporations
- Hospitals
- Insurance providers
- Banks and credit unions
- 学校
- 政府办公室
- Nonprofits
- Small businesses
- 自由职业者和顾问
And the number of businesses using electronic signatures is always growing. In fact,P&S市场研究预测市场将在CAGR中扩展大约35%,直到2023年,因为全球采用率继续上升和发展。
许多电子签名解决方案也足够灵活,可以与在机密性要求的空间中运营的企业集成,例如法律,金融和卫生部门。
However, because e-signing technology is so universal, nearly every company, regardless of size or industry, can benefit from adopting electronic signatures.
3. What are electronic signatures used for?
Electronic signatures could include any of the following:
- Sales proposals
- Purchasing contracts
- 招聘和绞刑棚
- 不披露协议(NDA)
- 非竞争协议(NCC)
- Timesheets
- Leases & rental agreements
- Tax documents
- Bank forms
- 保险文书工作
- School forms
- 权限卸货
- Model and product releases
概述电子签名过程
When a business wants to implement an e-signature solution, they must first digitize their existing documentation and convert it into a recognizable document format (.docx, PDF, PNG, etc.). After this process is complete, the business can add an e-signature solution to their digital document.
从那里,组织将文件发送到签名者并请求电子签名。签名者将遵循创建数字签名所需的过程。此过程因签名过程中使用的软件而异。
许多电子签名解决方案使用手写签名插图显示他们应在合同中签署的签名者。有些人甚至帮助您创建签名的数字图像,但签名法律并不严格要求。
一旦文件签署了签名者的独特电子识别,就无法改变。任何更改文档的尝试都将使签名无效,要求签名者在审核对文档的任何更改后再次完成此过程。
了解有关如何实现电子签名解决方案的更多信息Section 9。
4. Why should my business use electronic signatures?
Businesses have adopted electronic signatures and document digitization for a number of reasons:
- 电子签名完成比手写签名请求更快,这些请求通常由邮件完成。
- Electronically-signed documents are recognized as legal replacements for handwritten signatures.
- 数字文件减少纸张废物,更容易存储。
- 数字签名通常比手写签名更安全
- Digitization reduces printing and mailing costs while optimizing contract workflows.
- 数字起草文件更容易修改,减少签署之前的合同谈判负担。
特别是对于使用有限员工生成和处理文书工作的业务,发送和接收电子签名文书的能力可以减少错误和缓解工作负载。
5. Are electronic signatures legal?
是的。电子签名在世界各地作为手写的法律替代品。
虽然电子签名的合法性可能根据管理机构的略有不同,但在正确捕获时,电子签名是合法的。
In many (not all) cases, electronic signatures are considered the equivalent of a handwritten signature. This is especially true when audit trails can trace the signing process back to the intended recipient.
这些审计跟踪和安全检查站以及应用签名解决方案后锁定文档的能力,创造了不拒绝 - 保证文件的有效性无法拒绝 - 围绕合同。
Some methods used to create non-repudiation include:
- 数字证书
- 不对称或公钥加密
- IP Address capture
- Account creation and login requirements
- 签名者和签署者的两步验证
Combined, these methods increase the level of security surrounding the document signing process and boost the enforceability of digital contracts in courts.
下面,我们将讨论电子签名背后的法律以及它们如何在其特定区域内应用。
6.欧盟的电子签名
在欧盟,电子签名的有效性和合法性受EIDAS和GDPR的管辖。
公司寻求与欧盟各地的个人和企业做生意的公司应寻求遵守这些法律机构,以便通过任何电子签名要求获得法定地位。
eidas.
EIDAS(电子识别,认证和信任服务)于2014年7月成为欧盟规定,广泛地涵盖了电子识别,数字证书,电子密封,时间戳和电子签名的合法性的法律。
Eidas背后的想法是创造一个统一的法律,适用于欧盟内的每个成员国,以便可以从每个欧盟成员国接受电子识别信息。
关于电子签名,EIDAS将数字签名分为三个单独的类别,每个类别比上一个更安全。这些列出如下,您可以找到有关它们的其他信息EIDAS规则第4节。
1. Standard Electronic Signature (SES)
如指南顶部所提到的,EIDAS以这种方式定义了电子签名:
“电子签名”意味着以电子形式的其他数据附加或逻辑相关的电子形式的数据,并且由签字人使用符号。
这是EIDAS定义的电子签名的最基本形式。它没有基本的安全要求并依赖于逻辑假设来假设意图。
TheUnited Kingdom’s Guide on Electronic Signatures and Trust Servicescites a “scanned signature” or “tickbox plus declarations” as examples of this type of signature.
While a standard electronic signature might hold up in court (assuming the sender can prove that the signer was the one who actually signed the contract), the legal framework here is loose.
This type of electronic signaturedoes not具有手写签名的等同法律效应。
2. Advanced Electronic Signature (AES)
A step above standard electronic signatures, eIDAS qualifies advanced electronic signatures based on a higher standard of legal requirements(在第26条中找到)。
An advanced electronic signature shall meet the following requirements:
- it is uniquely linked to the signatory;
- 它能够识别签字人;
- it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- 它与其签名的数据相关联,这种方式可以检测到数据的任何后续变化。
With AES, the escalation of requirements lends itself to enforceability and non-repudiation. By eliminating the potential for fraud and creating a system where only the intended signer can access and/or sign a legal contract, the legal standing of the contract increases.
但是,如标准电子签名,这种类型的电子签名does not具有手写签名的等同法律效应。
3.合格的电子签名(QES)
电子签名的最严格协议包括高级电子签名的要求(上面列出)以及提供签名的设备的其他要求。
这意味着必须由欧盟从授权证书颁发机构获取设备并在签名过程中使用。虽然这是广泛的宽容的第29条通过外所多组第34条, theUnited Kingdom’s Guide on Electronic Signatures and Trust Services提供简化的定义:
an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
使用QES,数字安全协议和创建签名的设备会增加电子签名和签名文档的真实性和完整性。
The addition of the digital certificate further reduces the potential for fraud or tampering and creates stronger non-repudiation around the digital contract.
只有合格的电子签名携带装备ivalent legal effect of a handwritten signature.
The GDPR
The EU’s一般数据保护规范(GDPR) aims to harmonize data privacy laws across Europe.
虽然规定不具体目标是电子签名,但它增加了实施电子签名解决方案的公司应该考虑的公司。这包括:
- Data security
- 加密
- Consent
- 加工
寻求利用电子签名解决方案的组织应该了解欧盟对这些主题的立场,因为它们将负责以合同和数字协议的形式捕获和维护私人信息。
7.美国电子签名
在美国,电子签名受到了Uniform Electronic Transactions Act(ueta)和全球和国家商务法的电子签名(E-Sign Act).
结合,这两条立法维持了美国电子签名的基础。他们已经被几乎所有国家采用,并在当地和联邦一级实施。
ueta.
1999年由全国统一州法律大会创建,UETA旨在为电子签名定义条款和基本法律框架。
ueta.defines an electronic signature as “an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”
While the law also provides a list of rules and regulations for each state, it must be adopted on a state-by-state basis. This is different from the E-Sign Act (below), which has been implemented at a federal level.
UETA提供了类似于电子签署法案的指导原则,但增加了一些使其独特的规定。这些包括如何归因于如何处理合同文件中的错误,以及如何在发送和接收信息时定义信息处理系统的错误。
Perhaps most importantly, the UETA states in Section 13 that “evidence of a record or signature may not be excluded solely because it is in electronic form.”
This provides legal standing to electronic signatures, which may be disproven but can’t be dismissed simply because of their digital format.
非参与状态
To date, 47 states have adopted the UETA as a legal framework for how electronic signatures are handled. The outlying states are Illinois, New York, and Washington.
You can find their UETA-alternative legal documentation below.
- 伊利诺伊州:Electronic Commerce Security Act
- 纽约:电子签名和记录行为
- Washington:Washington Electronic Authentication Act
电子签署行为
2000年实施作为电子签名和数字签名解决方案的联邦解决方案,电子签署法案在所有50个州都处于活跃状态。
本法提供了各种主题的联邦指引,包括签署和签署签名的意图,具有图形或文本记录。与UETA一样,电子签署法案定义了用于确定整个签署过程中有效性和规定的法律定义。
除了保护围绕电子签名捕获的消费者同意之外,电子签署行为为消费者提供了更喜欢纸张签名或数字替代品的消费者的余地。它还要求企业积极保留与电子交易相关的合同和记录。
这些措施确保消费者有权通过笔和纸张或“替代,非电子形式”以及消费者如何撤销同意利用电子格式。
Limited exclusions
Collectively, the UETA and E-Sign Act cover the legal groundwork regarding electronic documents and the e-signing process in the US. However, there are some notable exceptions. Neither law accepts the validity of electronic signatures in the following circumstances:
- The creating and execution of wills
- 家庭法领域,包括采用和离婚
- 统一商业代码
- 法庭文件
In these circumstances, documentation must be physically signed.
8. How do advanced electronic signatures and digital signatures work?
除了EIDAS(上图)定义的简单电子签名之外,大多数电子签名都受到某种级别的安全性和加密的保护。
这可以追溯到不可抵赖性的想法- the need for the organization issuing the contract to ensure that the authenticity of that contract is impossible to deny. Once the integrity of a contract and its attached electronic signature are no longer in doubt, the enforceability of the contract as a record of a transaction is much harder to deny.
这些加密的签名通过各种名称进行。在艾迪亚和欧盟,他们被称为先进的电子签名。在美国,他们经常被称为digital signatures来吧a specialized set of standardsthat differentiate them from simple electronic signatures. These names carry special significance because they imply that some measure of digital security has been applied to the signing process.
以下是两种类型的数据安全性最常应用于电子签名解决方案。
不对称加密
签署和发送电子文件时,涉及的双方都需要一些保证,在签署过程完成后,合同的内容不会改变。现代软件使用公钥加密来执行此任务。
Asymmetric key cryptographyallows parties to independently verify the authenticity of a contract by using the encrypted keys to validate a digitally-signed contract across multiple versions (or digests) of the document.
在大多数软件解决方案中,如果合同匹配的所有版本,该文档仅打开正确(并且没有警告或警报)。如果签名过程中存在错误,或者如果从签署文档的时间发生了变化,则此过程失败,所有涉及的方必须再次签署文档。
These extra checks and safeguards create electronic identification and audit trails that make documents more authentic. And, because this is a widely-accepted practice, many modern business solutions (such as Microsoft Word) come equipped with pre-built digital signing solutions.
基于证据的身份验证
这种类型的身份验证专注于确保合同上的电子签名是真实的。这通常是通过将文档发送到设备或帐户所知,在需要辅助密码的同时控制预期的签字,以便访问文档本身。
以下是基于证据的身份验证的两个常见示例:
- 公司向签名者的电子邮件发送文档,但他们将文本发送到由她必须使用的签名者控制的数字,以便访问该文档。
- 签名者通过在线文档服务通知需要他签名的合同。但是,为了访问它,他必须创建一个帐户并通过在可以签名之前通过身份证明验证该帐户。
With evidence-based authentication, companies are trying to ensure the identity of the signer. When combined with public-key encryption, it’s possible to ensure the authenticity and enforceability of a paperless signature.
9. How can I create an electronic signature?
There are multiple ways for individuals, as well as businesses of any size, to create electronic signatures. Below, we’ve listed the two most common ways to complete this task:
使用Word处理器或PDF软件
许多现代软件解决方案,如Microsoft Word或Adobe Acrobat,携带板载签名解决方案,以帮助用户创建数字签名。
However, the solutions are created using a process known as “self-signing”. Aself-signed安全证书简单易于制作,通常是免费的。但是,自签名证书还缺乏许多验证真实性的安全功能,并构建非拒绝的情况。
虽然有可能使用签名权限创建真实的数字签名,这可能超出大多数用户的范围,这两个用户都在复杂性和成本方面。
使用在线磁性解决方案
一个更好的解决方案,尤其是对于可能发送和/或接收许多签名文档的组织,是一种像在线的那样Pandadoc.。
These online document companies already own the necessary certifications needed to create authentic signatures and often come equipped with everything you need to ensure compliance and non-repudiation from the moment you sign up.
如果创建,发送,签名和维护多个合同文件,听起来像是组织的管理负担,请尝试在线文档解决方案。他们的价格实惠,大多数提供各种选择,以满足您的个人或业务需求。
10.进一步阅读
在这里,您将在美国和欧盟的电子签名中找到一份法律文档来源列表。
You can also check out oure-signature legalities pagefor additional information on electronic signatures in other countries.
United States
欧洲联盟
- eiDAS Regulation
- United Kingdom Department for Business, Energy & Industrial Strategy on Electronic Signatures and Trust Services
- 一般数据保护规范(GDPR)
Additional questions
您是否对电子签名或电子签名过程有更多疑问?
有一个想法如何让这一终极导向更好?
Contact us和let us know!