Electronic Signature Complete Guide

Ensure the most seamless and secure electronic signature experience with OneSpan Sign


Across the board, businesses are going digital. They’re transforming customer-facing transactions and the customer experience as a whole by shifting away from paper and toward the adoption of electronic signatures across the enterprise. In addition, processes like contracting, HR, invoicing, and more are achieving rapid gains in efficiency and drastic reductions in cost thanks to widespread acceptance of electronic signature in the market.

What is an electronic signature?

An Electronic signature, or e-signature is a legal concept, much like their paper equivalent, and defined by the US Federal ESIGN Act as ”an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."

The function of an electronic signature is to capture the intent of the signer to be bound by the terms and conditions in a contract. Electronic signature software is designed to capture legally-enforceable signatures online.

Generally, it is about having a lasting record of an individual’s intent. Digital signature refers to the encryption technology used in a number of e-business and e-commerce applications, including electronic signature.

There are generally three types of electronic signatures recognized around the world: Basic, Advanced, and Qualified. See details below.



What are the benefits of electronic signature?

Built on 25 years of best-in-class electronic signature capabilities

  • Great User Experience
    Ensure high user adoption and satisfaction with the most seamless, white-labeled e-signing experience
  • Advanced Security 
    Protect your users and documents against fraud with military-grade digital signature technology.
  • Audit Trails 
    Strengthen your compliance and deter legal disputes with the most comprehensive audit trails in the market
  • Efficient and Scalable 
    Scale electronic signatures across your organization and channels – quickly and cost-effectively
  • Cost Effective 
    Get predictable pricing and a cost-effective solution regardless of your volumes – no nickel and diming.
  • Versions 
    Available as a web or mobile app, developer SDK, 3rd party connector, and specialty solutions for financial services



How do electronic signature work with OneSpan Sign?

  • Step 1: Access
    Email Invitation Link in a customer portal
  • Step 2: Identify / Authenticate
    Email, Login credentials, Challenge-response questions, SMS PIN, 3rd party ID check, Digipass®, Biometrics, Government ID
  • Step 3: Present
    Documents are presented on a desktop or mobile device. Define workflow rules and control which documents are visible to participants in the transaction
  • Step 4: Data Capture
    Capture data at the time of signing and make that data available to downstream systems
  • Step 5: Re-authenticate
    Optionally verify the signer’s identity at the time of signing. For example, signers can use their government-issued electronic ID (eID) to create a Qualified electronic signature (QES)
  • Step 6: Sign
    Click to sign, Click to initial,Hand-scripted, signature capture
  • Step 7: Document Insertion
    Additional documents or images (e.g. a photo of a driver’s license) can be inserted as part of the transaction
  • Step 8: Deliver
    Signed records can be distributed electronically or on paper



What is electronic signature used for?

Processes like sales contracts,  HR, invoicing, and more are achieving rapid gains in efficiency and drastic reductions in cost thanks to widespread acceptance of electronic signature in the market.

  • Procurement and sourcing
  • Contract modifications
  • Credit or loan applications
  • Federal tax returns
  • e-Contracting
  • Service agreements
  • Real estate transactions 
  • Claims and appraisals
  • Account openings
  • Commercial lending
  • Delivery order requests
  • Retail finance

The Beginner's Guide to Electronic Signatures

This comprehensive, 31-page beginner’s guide to electronic signatures introduces important legal concepts and key considerations when creating digital business processes with e-signatures.

Are electronic signature legally binding?

Yes, OneSpan Sign’s electronic signature is legally binding and enforceable in countries that have enacted electronic signature laws.

Electronic signature created using our solution comply with both the U.S. ESIGN Act and UETA. OneSpan Sign electronic signature also comply with Regulation No 910/2014 on Electronic Identification and Trust Services Regulation (eIDAS) in the European Union. 

For a legal opinion on the enforceability of e-signatures in any given country and any local data residency requirements, consult your legal counsel.

Are electronic signatures legal in the United States?

Yes.Today, long after the passing of ESIGN and UETA, there is no longer any question about whether electronic signatures are legal. Federal and state law gives electronic signature the same legal status as handwritten signatures.


The federal Electronic Signatures in Global (ESIGN) and the state Uniform Electronic Transactions Act (UETA) give legal recognition for electronic signature and records to satisfy the “in writing” legal requirements for transactions and permit companies to satisfy statutory record retention requirements solely through the use of electronic records.

These Acts essentially enable organizations to adopt a uniform electronic signature process across nearly every states with the assurance that records cannot be refused by a court of law solely on the basis that they were signed electronically.

These US laws are technology-neutral and do not favor any one type of technology over another, but it is important to note. UETA applies to 47 of 50 states. Washington, Illinois, and New York have developed their own e-signature legislation.

Are electronic signatures legal in Canada?

Yes. Similar to US UETA laws, Canadian provincial electronic signature laws give the same legal status as handwritten signatures.

In a report entitled Electronic Signatures in Canadian Law, Stikeman Elliott LLP states, “All the provinces and territories have stand-alone e-commerce statutes of general application based on model laws promulgated by the U.N. and the Uniform Law Conference of Canada. While there are some variations, the provincial e-commerce statutes generally stipulate that signatures, documents and originals are not invalid or unenforceable by reason only of being in electronic form.” The Canadian provincial laws are technology-neutral.

The Federal Personal Information Protection and Electronic Documents Act (PIPEDA) also documents the processes covered in Federal laws and regulations that apply to federally-regulated entities (FRE), as well as any documents and processes used within the Federal government. The Act provides for use of Basic and Advanced Electronic Signature while limiting secure electronic signature to a small number of applications. Secure Electronic Signature (equivalent to a Qualified Electronic Signature) is required for certain documents and processes, and requires the use of digital certificates in such cases.

Are electronic signatures legal in Europe?

Yes. Directive 1999/93/EC of the European Parliament (also referred to as the EU Directive) was replaced in 2016 by the eIDAS regulation as the prevailing legislation on e-signatures in Europe. The move was made to accelerate the digital transformation of Europe. eIDAS maintains the definitions of the three different kinds of e-signatures outlined earlier in this ebook, but has a few unique characteristics of its own.

  • eIDAS is a regulation. Unlike the Directive, it applies equally to each EU Member State.
  • eIDAS notes that signatures leveraging cloud-based systems can fit under the definition of a Qualified Signature.
  • eIDAS establishes automatic recognition of the Qualified E-Signature across the EU.
  • eIDAS also establishes recognition for the Basic and Advanced signatures as well (as described earlier in the eBook).
  • eIDAS will serve to accelerate digital transformations in countries across Europe.

Additional Resources

Are electronic signatures legal in Australia?

Yes. In 1999, the Australian Parliament passed the Electronic Transactions Act, which was amended in 2011.

The Electronic Transactions Act gives electronic signatures the same legal status as handwritten signatures. According to the Australian government, “If a Commonwealth law requires you to give information in writing, provide a handwritten signature, produce a document in material form, or record or retain information, the Electronic Transactions Act means you can do these things electronically.”

The law is technology-neutral and requires a person’s consent to conduct business electronically. Each state and territory also has their own Electronic Transactions Act, which is very similar to the Commonwealth’s act.

Additional resources

Are electronic signatures legal in Japan?

Yes. Japan’s Law Concerning Electronic Signatures and Certification Services has been in effect since 2001. Japan recognizes the legal enforceability of two types of electronic signature used worldwide:

  • Advanced E-Signatures
  • Qualified E-Signatures

Note that in Japan, using a red seal or stamp instead of a handwritten signature is common practice when signing personal and business documents. However, the law supports the use of electronic signatures without the use of a seal or stamp.



What are the different types of electronic signature?

There are generally three forms of electronic signature recognized around the world: Basic, Advanced, and Qualified.

The Basic electronic signature

The Basic electronic signature is not a standardized term across nations. Depending on the state, some countries may refer to this as a “Simple electronic signature.” However, both terms describe the same concept.

The Basic electronic signature is technology-neutral. Meaning, any electronic form or process is generally accepted so long as the resulting electronic signature meets three basic requirements for signing:

  1. The electronic signature should be applied in a manner that demonstrates the intent of the signer. The electronic signature can be captured by click-to-sign, typing a name, or a handwritten signature
  2. The electronic signature should be applied by the person associated with the signature
  3. The electronic signature should be associated with the document or data the signer intended to sign

OneSpan Sign meets the requirements for Basic electronic signature

The Advanced electronic signature

Advanced electronic signature goes beyond the Basic by tying authentication to the signature and agreement. This mitigates risk in the transaction by providing additional evidence that can be used to verify the authenticity of the signature.

Most organizations and banks opt for the Advanced electronic signature as their standard form of electronic signature. The inclusion of built-in authentication increases signer assurance without a significant impact to the customer experience.

This form of electronic signature adds four additional requirements beyond those of the Basic Electronic Signature. The Advanced electronic signature must:

OneSpan Sign meets the requirements for Advanced electronic signature.

  1. Be uniquely linked to signer
  2. Identify the signer
  3. Be under the sole control of signer
  4. Detect changes to the document or data after the application of the electronic signature

The Qualified electronic signature

The Qualified electronic signature is the legal equivalent to a handwritten ink signature.

The extra security of a Qualified electronic signature can also create friction in the transaction. Your signers are required to procure a signer-held digital ID and meet face to face. These extra steps create a longer signing process and ultimately increase the overall cost beyond what other e-signatures might require.

OneSpan Sign meets the requirements to use a third party digital certificate as an electronic signature, but we do not issue these certificates to users ourselves. Instead, we can assist clients in finding a trusted partner to issue digital certificates.

The term, Qualified electronic signature, is based on the EU regulation known as eIDAS, but it is similar to many other laws around the world that require a certificate issued by an accredited organization.



Security for electronic signatures and electronic transactions: Vendor qualification best practices

User Identity, authentication, and attribution

  • Flexible user identification methods:
    • Remote user identification through third-party databases (i.e., dynamic knowledge-based authentication)
    • Remote user identification through personal information verification (PIV)
  • Ability to upload images as part of the e-sign transaction (e.g. photo of a driver’s license)
  • Flexible user authentication methods:
    • Flexible user authentication methods:
    • Remote user authentication through user ID and password
    • Email address verification through e-sign session invitation
    • Remote user authentication through static knowledge-based authentication (i.e., secret challenge questions)
    • Ability to customize the challenge questions
    • Ability to leverage existing credentials
    • Ability to fully white-label the e-sign process to reinforce an end-to-end trusted experience
  • Ability to configure different authentication methods within the same transaction
  • Flexibility to adapt the authentication method to:
    • The risk profile of your organization
    • EACH process being automated
  • Flexible options for in-person signature attribution:
    • Hand-off affidavits
    • SMS password (PIN) sent to a personal mobile device (smartphone)
  • Integration with strong, multi-factor authentication solutions (i.e., OneSpan's Digipass)
  • Ability to sign using client-side certificates ("qualified certificates" under eIDAS) associated to an individual person

Document and signature security

  • Audit trail information must be securely embedded in the document.

    First, document authenticity can be verified independently of the electronic signature software, meaning you do not need to worry if a verification link back to a server will be valid years from now.

    Whether or not you maintain an account on the e-signature service, or whether your vendor is even still in business, your documents are not affected since you, your customers, and other stakeholders do not have to go online to check the document.
  • The document and EACH signature must be secured with a digital signature
  • A comprehensive audit trail should include the date and time of EACH signature
  • The audit trail must be securely embedded in the document and linked to each signature One-click signature and document verification (e.g., ability to verify documents and signatures offline, without going to a website)
  • Ability to download a verifiable copy of the signed record with the audit trail

Cloud and data security

  • Flexibility in deployment methods to align with your IT and data security policies:
    • On-premises deployment
    • Public and private cloud deployment, hosted on world-class cloud infrastructure platforms such as Amazon, IBM and Microsoft
  • SOC 2 and FedRAMP compliant electronic signature solution
  • Publishes security practices, certifications and the results of security audit
  • Has a consistent track record of keeping customer data secure
  • Global data centers to satisfy in-country data residency requirement

OneSpan Sign Electronic Signature FAQ

What is the difference between an electronic signature and a digital signature?

Though related concepts, digital signatures and electronic signatures are different. An electronic signature is a legal concept. Its captures a person’s intent to be legally bound to an agreement or contract. 


However, a digital signature refers to encryption/decryption technology within an electronic signature. Based on public-key cryptography, digital signatures secure signed documents and allow one to verify the authenticity of a signed record.


In short, a digital signature cannot capture a person’s intent to sign a document. When used with an electronic signature application, digital signature technology secures the e-signed data.

Are OneSpan Sign electronic signatures secure?

Yes. Security is always top-of-mind at OneSpan.


OneSpan Sign follows a variety of regulatory, industry, and IT standards for security and data protection. In addition, OneSpan Sign meets the compliance standards set by ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC2 Type 2, FedRAMP, HIPAA, Skyhigh Enterprise-Ready, GDPR, and more. Please visit the OneSpan Sign Trust Center for additional information.

How is OneSpan Sign different from other electronic signature vendors?

  1. OneSpan Sign processes the most regulated B2B and customer-facing transactions in the world.
  2. We provide our customers the highest levels of support. The latest electronic signature report from G2 Crowd rates OneSpan Sign with the highest customer satisfaction score in the industry.
  3. Our customers can fully white-label the solution to match their brand, so they can provide  a seamless experience for their customers. 
  4. We offer the most deployment options – for any project complexity, budget, or size.
  5. Our solution guarantees the integrity of the signed document by tamper sealing it after each person signs to protect you and your customers. 
  6. We offer the most flexibility for optimizing e-signatures to your processes, workflows, channels, devices and signers.
  7. We are the only electronic signature solution in the market that offers a visual audit trail to easily and quickly prove compliance and support your legal case.

What third-party integrations are available with OneSpan Sign electronic signatures?

To add e-signing workflows to third–party applications such as SalesforceSalesforce CPQBoxSharePointNintex SharePoint, Pega Systems, Laserfiche and Dynamics CRM, as well as industry-specific software solutions, explore our Partners section for a full list of apps and connectors.


For customized e-signature needs and system-to-system integrations, our open API and fully supported SDKs (software development kits) enable developers to add e-signing capabilities to, third party applications, web portals, and legacy and home-grown systems.

How do I get a document e-signed?

All you need to send documents is a web browser and a subscription to the OneSpan Sign Professional Plan. Upload your documents, add recipients, select signature blocks and fields, select a signer authentication method, then click “Send to Sign” to distribute your document for signing. Each recipient will receive an email invitation to sign the document.

How do recipients e-sign documents with OneSpan Sign electronic signatures?

Electronic signature with OneSpan Sign are easy, and signing is always free for recipients. They simply receive an email with a link to a signing ceremony in OneSpan Sign. From there, they can access the electronic signature process through their browser on their device.


Once the signing process is complete, both parties can download the e-signed documents for retention in their own system. Alternatively, those documents can also be stored in OneSpan Sign. Try our Quick Demo to see how easy it is to use OneSpan Sign. 

Can OneSpan Sign electronic signatures be used on mobile devices?

Use our OneSpan Sign mobile app to securely prepare, send, and sign documents on the go from your iOS and Android devices. It includes robust electronic signature features and is available at no extra charge in our Professional and Enterprise Plans. Download the app today.


In addition, OneSpan Sign offers the ability to e-sign anywhere, anytime, and on any web-enabled device.

Does OneSpan Sign support Qualified Electronic Signatures?

Yes. OneSpan Sign provides a solution for Qualified Electronic Signature (QES). We facilitate legally binding Qualified electronic signature through our partnerships with Qualified Trust Service Providers. 

A Qualified Electronic Signature is created using a digital certificate (known as a qualified certificate) assigned to an individual. Think of it as the digital equivalent of a government-issued identity card or passport. 

The qualified certificate and associated key must be obtained from a Qualified Trust Service Provider or Qualified Certificate Authority. It is provided to the individual on a smart card or USB device. That person must connect the smart card or USB device to their computer or mobile device when signing a document, and must enter at least a user ID/password to access their qualified certificate.  

OneSpan Sign fully manages the use of a qualified certificate during the electronic signature workflow. For example: 

  • The signer must enter OneSpan Sign by successful authentication
  • The signer e-signs the document 
  • Their electronic signature is secured using digital signature encryption (the digital signature is created using the qualified certificate and associated key) 
  • This creates a Qualified Electronic Signature

 To learn more, visit our Qualified Electronic Signature page.

Get Started with OneSpan Sign Electronic Signatures

Securely send and e-sign documents ‘out of the box’ or fully integrate electronic signature with your applications or core systems.

No matter which OneSpan Sign plan you choose, you’ll get an electronic signature solution that balances ease of use with the highest levels of security and compliance, while giving you the option to easily customize the electronic signature solution for your brand and unique business and IT requirements.

How can I get started with OneSpan Sign electronic signatures?

OneSpan Sign offers a Professional Plan with out-of-the-box electronic signature features for user-initiated processes as well as an Enterprise Plan to integrate e-signing capabilities into your web applications, mobile apps, and core systems.

To learn more, visit our pricing and editions page.

Get started with electronic signatures

Try our a quick demo to see what the e-signing experience looks like.