Information on this web site is preserved for legacy purposes only. The OASIS PKI Member Section transitioned to the OASIS IDtrust Member Section in 2007. OASIS Technical Committees affiliated with the Member Section remain active.
  About PKI Forum PKI Members Join PKI Forum PKI News PKI Events OASIS Members Only  


PKI Resources
 White Papers

Technical Process
 IPR Policy
 TC Process

Technical Committees
 Current TC List

OASIS Network
 CGM Open

OASIS Info Channels
 Cover Pages

PKI Home / Electronic Signature Laws and Regulations /

Electronic Signature Laws and Regulations

Useful legal resources:
Baker & McKenzie E-Commerce Law Resources
McBride Baker & Coles Spotlight on e-commerce - Easy to use and comprehensive directory of international legislation and regulations. A little out of date in places.
PKI and the Law - Out of date by four or five years, but nevertheless a rich source of historical documents and references.

The following sections list US state and international e-signature legislation, organised according to the type of law -- Technology Neutral, Prescriptive, or Two Tier.
 Technology Neutral E-Signature Laws
 Prescriptive E-Signature Laws
 Two Tier E-Signature Laws

Technology Neutral E-Signature Laws

Back to Top
Technology-neutral (aka Light Touch) laws have little or nothing to say on the merits of particular security technologies, but instead tend to bestow broad equivalence on documents, whether in electronic or paper form. Technology neutrality puts the onus on users, designers and service providers to select authentication technology on a risk-managed basis, agreeing on what is fit for purpose. The United Nations Commission on International Trade Law (UNCITRAL) developed a Model Electronic Commerce Law which has informed technology-neutral legislation around the world. Some analysts bemoan a lack of legal certainty under these types of laws, although in most jurisdictions, contract law allows for 'scheme rules' to adequately manage e-commerce risks without any real need for overarching e-signature sanctions. Examples include the U.S., Canada and Australia. The technology neutral UNCITRAL definition of "electronic signature" is: data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory's approval of the information contained in the data message.
The United Nations Commission on International Trade Law (UNCITRAL) develops "model laws" or templates upon which governments can develop their own particular legislation.
UNCITRAL Model Law on Electronic Commerce - with Guide to Enactment 1996. The peak model law for technology neutral electronic signature legislation.
UNCITRAL Model Law on Electronic Signatures - with Guide to Enactment 2001
US Federal Acts
E-SIGN - Electronic Signatures in Global and National Commerce Act 2000
UETA - Uniform Electronic Transactions Act, a model law for US states.
Asian Nations
Australia: Electronic Transactions Act - 2000
New Zealand: Electronic Transactions Act - 2003
Singapore: Electronic Transactions Act - 1998
US State Legislation
Note that further work is needed to check our classifications of US state laws against more authoritative sources such as the ILPF E-Signature Law Survey.
Alaska - AS 09.25.510. Electronic Records and Signatures
Delaware - TITLE 6 Commerce and Trade SUBTITLE II Other Laws Relating to Commerce and Trade CHAPTER 12A. Uniform Electronic Transactions Act
District of Columbia - 2001 Uniform Electronic Transactions Act
Hawaii - Chapter 489E Uniform Electronic Transaction Act
Idaho - Title 28 Commercial Transactions Chapter 50 Uniform Electronic Transactions Act
Indiana - Chapter 8. Uniform Electronic Transactions Act
Montana - "An Act Adopting The Uniform Electronic Transactions Act" Note that this draft bill was cancelled. More research needed into current status.
New York - Electronic Signatures and Records Act
Oklahoma 1998 - Electronic Records and Signature Act
Pennsylvania - 1999 Senate Bill 555 Regulating electronic transactions Act
Rhode Island - 2000 Chapter 127.1 The Uniform Electronic Transactions Act. This Act superseded the previous Chapter 42-127 of the General Laws "Electronic Signatures and Records Act".
Vermont - Chapter 20. Uniform Electronic Transactions Act
Virginia - HB 2412 Computer Information Transactions Act
West Virginia - Chapter 39A. Electronic Commerce Article 1. Uniform Electronic Transactions Act

Prescriptive E-Signature Laws

Back to Top
Prescriptive legislation seeks to somehow constrain the types of signature technologies that are acceptable. These types of laws can go so far as to deny legal rights to electronic transactions unless they are secured using an approved technology, typically government-licensed PKI. Further, there can be legal sanctions against operating unlicensed certificate authorities in these places. Critics say prescriptive legislation can stifle innovation and restrict free trade. Examples include the U.S. state of Utah, Malaysia, Italy, Korea and India.
Asian Nations
India: Information Technology Act - 2000
Malaysia: Digital Signatures Act - 1997
US State Legislation
The pieces of legislation listed below are classified as "prescriptive" even though they exhibit a range of degrees of prescriptiveness. If a law is seen to deviate from the accepted international UNCITRAL definition of electronic signature, then it is classified here as prescriptive. Note that further work is needed to check our classifications of US state laws against more authoritative sources such as the ILPF E-Signature Law Survey.
Arkansas - The definition of "electronic signature" in the bill is not standard, as it requires changes to signed data to invalidate the signature. This clause is absent in internationally accepted technology neutral formulations. The Arkansas law also puts constraints on "electronic signature verification companies".
Georgia - 1997 Georgia Electronic Records and Signatures Act
Michigan - Senate Bill 204. The link provides some discussion about the Bill prior to its passing. Status unknown. Language is indicative of a prescriptive digital signature approach.
Minnesota - Permanent Rules Governing Electronic Authentication Chapter 8275. Detailed rules for the licensing of CAs in Minnesota.
Missouri - SB 0708 Digital Signatures Act
Nevada - Chapter 720 - Digital Signatures
New Mexico - 1999 SB0146 Electronic Authentication of Documents Act. Involves a centralised service for authenticating digitally signed documents.
Oregon - 1997 Digital Signature Act. See also dig sig
Oregon - Division 780 Electronic Signatures Act
Texas - Chapter 203 Management Of Electronic Transactions And Signed Records
Utah - Title 46 - Chapter 03 - Utah Digital Signature Act Note that Utah has also enacted a version of UETA. It is not know at this time how Utah's
"UETA" - relates to its prescriptive Digital Signatures Act.
Wisconsin - 1997 Act 306. While the definition of Electronic Signature is neutral, the Act qualifies the use of Electronic Signatures requiring them to be invalidated if the signed data changes (see para 137.06(d)).

Two Tier E-Signature Laws

Back to Top
Two-tier laws recognize that the intrinsic characteristics of some authentication technologies provide for better risk management; these laws, therefore, provide stronger legal presumptions to users of approved technologies. UNCITRAL's Uniform Rules on Electronic Signatures characterize qualified signature technologies in terms of their ability to ensure integrity of content as well as identity of origin. Today, only public key technologies qualify. Users under these laws remain free to agree on any other authentication technology that suits their purposes, and to manage their legal risks via contract. Two-tier laws have been enacted by the European Commission, Japan, Hong Kong and Singapore.
European Nations
EU Directive 1999/93/EC - of the European Parliament: Community framework for electronic signatures
EU Notification Procedure - whereby EU member states provide information to the European Commission on voluntary national PKI accreditation schemes under Directive 1999/93/EC.
FAQ - for European Electronic Signature Standards.
UK: Electronic Communications Act - 2000 Chapter c.7
UK: Electronic Signatures Regulations - 2002
Germany: Law Governing Framework Conditions for Electronic Signatures (Signatures Law - SigG) - 2001
Austria: Federal Electronic Signature Act - (SigG), BGBl I 1999/190. NB: In German. See also in English Austria claimed to be the first EU member state to comply with Directive 1999/93/ED.
Finland: Act on Electronic Signatures (14/2003)
Asian Nations
Hong Kong: Electronic Transactions Ordinance
US State Legislation
Note that further work is needed to check our classifications of US state laws against more authoritative sources such as the ILPF E-Signature Law Survey. The states of Illinois, Kansas and New Jersey all boast state-wide PKIs but it is not clear if these states' legislation is prescriptive; that is, we do not know if the states mandate the use of their PKIs. More research is needed in these areas.
Arizona - The Arizona Secretary of State maintains a list of Approved CAs which would indicate some sort of second tier of control.
New Jersey
Washington - Chapter 19.34 RCW Washington Electronic Authentication Act. The Definitions in the Act distinguish Electronic and Digital Signatures, suggestive of a two tier approach. More research needed to be sure.


Copyright © OASIS Open 2006. All rights reserved.