 |
About
Join
Governance
Members
Resources
White Papers
FAQ
IPR Policy
TC Process
Current TC List
PKI
OASIS
CGM Open
DCML
ebXML
LegalXML
UDDI
Cover Pages
XML.org
Sponsorship
|
|
Electronic Signature Laws and Regulations
|
| The following sections list US state and international e-signature legislation, organised according to the type of law -- Technology Neutral, Prescriptive, or Two Tier. |
Technology Neutral E-Signature Laws
|
|
| Technology-neutral (aka Light Touch) laws have little or nothing to say on the merits of particular security technologies, but instead tend to bestow broad equivalence on documents, whether in electronic or paper form. Technology neutrality puts the onus on users, designers and service providers to select authentication technology on a risk-managed basis, agreeing on what is fit for purpose. The United Nations Commission on International Trade Law (UNCITRAL) developed a Model Electronic Commerce Law which has informed technology-neutral legislation around the world. Some analysts bemoan a lack of legal certainty under these types of laws, although in most jurisdictions, contract law allows for 'scheme rules' to adequately manage e-commerce risks without any real need for overarching e-signature sanctions. Examples include the U.S., Canada and Australia. The technology neutral UNCITRAL definition of "electronic signature" is: data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory's approval of the information contained in the data message. |
| The United Nations Commission on International Trade Law (UNCITRAL) develops "model laws" or templates upon which governments can develop their own particular legislation. |
| E-SIGN - Electronic Signatures in Global and National Commerce Act 2000 |
| UETA - Uniform Electronic Transactions Act, a model law for US states. |
| Note that further work is needed to check our classifications of US state laws against more authoritative sources such as the ILPF E-Signature Law Survey. |
| Alaska - AS 09.25.510. Electronic Records and Signatures |
| Delaware - TITLE 6 Commerce and Trade SUBTITLE II Other Laws Relating to Commerce and Trade CHAPTER 12A. Uniform Electronic Transactions Act |
| District of Columbia - 2001 Uniform Electronic Transactions Act |
| Hawaii
- Chapter 489E Uniform Electronic Transaction Act |
| Idaho - Title 28 Commercial Transactions Chapter 50 Uniform Electronic Transactions Act |
| Indiana - Chapter 8. Uniform Electronic Transactions Act |
| Montana - "An Act Adopting The Uniform Electronic Transactions Act" Note that this draft bill was cancelled. More research needed into current status. |
| New York - Electronic Signatures and Records Act |
| Oklahoma 1998 -
Electronic Records and Signature Act |
| Pennsylvania
- 1999 Senate Bill 555 Regulating electronic transactions Act |
| Rhode
Island - 2000 Chapter 127.1 The Uniform Electronic Transactions Act. This
Act superseded the previous Chapter 42-127 of the General Laws "Electronic Signatures
and Records Act". |
| Vermont
- Chapter 20. Uniform Electronic Transactions Act |
| Virginia
- HB 2412 Computer Information Transactions Act |
| West
Virginia - Chapter 39A. Electronic Commerce Article 1. Uniform Electronic
Transactions Act |
Prescriptive E-Signature Laws
|
|
| Prescriptive legislation seeks to somehow constrain the types of signature
technologies that are acceptable. These types of laws can go so far as to deny
legal rights to electronic transactions unless they are secured using an approved
technology, typically government-licensed PKI. Further, there can be legal sanctions
against operating unlicensed certificate authorities in these places. Critics
say prescriptive legislation can stifle innovation and restrict free trade. Examples
include the U.S. state of Utah, Malaysia, Italy, Korea and India. |
| The pieces of legislation listed below are classified as "prescriptive" even
though they exhibit a range of degrees of prescriptiveness. If a law is seen to
deviate from the accepted international UNCITRAL definition of electronic signature,
then it is classified here as prescriptive. Note that further work is needed
to check our classifications of US state laws against more authoritative sources
such as the ILPF E-Signature Law
Survey. |
| Arkansas
- The definition of "electronic signature" in the bill is not standard, as it
requires changes to signed data to invalidate the signature. This clause is absent
in internationally accepted technology neutral formulations. The Arkansas law
also puts constraints on "electronic signature verification companies". |
| California |
| Georgia -
1997 Georgia Electronic Records and Signatures Act |
| Michigan
- Senate Bill 204. The link provides some discussion about the Bill prior to its
passing. Status unknown. Language is indicative of a prescriptive digital signature
approach. |
| Minnesota
- Permanent Rules Governing Electronic Authentication Chapter 8275. Detailed rules
for the licensing of CAs in Minnesota. |
| Missouri
- SB 0708 Digital Signatures Act |
| Nevada - Chapter
720 - Digital Signatures |
| New
Mexico - 1999 SB0146 Electronic Authentication of Documents Act. Involves
a centralised service for authenticating digitally signed documents. |
| Oregon - 1997 Digital
Signature Act. See also dig sig
|
| Oregon
- Division 780 Electronic Signatures Act |
| Texas
- Chapter 203 Management Of Electronic Transactions And Signed Records |
| Utah - Title
46 - Chapter 03 - Utah Digital Signature Act Note that Utah has also enacted a
version of UETA. It is not know at this time how Utah's |
| "UETA" - relates
to its prescriptive Digital Signatures Act. |
| Wisconsin
- 1997 Act 306. While the definition of Electronic Signature is neutral, the Act
qualifies the use of Electronic Signatures requiring them to be invalidated if
the signed data changes (see para 137.06(d)). |
Two Tier E-Signature Laws
|
|
| Two-tier laws recognize that the intrinsic characteristics of some authentication
technologies provide for better risk management; these laws, therefore, provide
stronger legal presumptions to users of approved technologies. UNCITRAL's Uniform
Rules on Electronic Signatures characterize qualified signature technologies
in terms of their ability to ensure integrity of content as well as identity of
origin. Today, only public key technologies qualify. Users under these laws remain
free to agree on any other authentication technology that suits their purposes,
and to manage their legal risks via contract. Two-tier laws have been enacted
by the European Commission, Japan, Hong Kong and Singapore. |
| Hong Kong: Electronic Transactions Ordinance |
| Note that further work is needed to check our classifications of US state
laws against more authoritative sources such as the ILPF
E-Signature Law Survey. The states of Illinois, Kansas and New Jersey
all boast state-wide PKIs but it is not clear if these states' legislation is
prescriptive; that is, we do not know if the states mandate the use of their PKIs.
More research is needed in these areas. |
| Arizona - The
Arizona Secretary of State maintains a list of Approved CAs which would
indicate some sort of second tier of control. |
| Illinois |
| Kansas |
| New Jersey |
| Washington - Chapter
19.34 RCW Washington Electronic Authentication Act. The Definitions in the Act
distinguish Electronic and Digital Signatures, suggestive of a two tier approach.
More research needed to be sure. |
|
|
|
|
