The CoSign Digital Signature solution automates your signature-based approvals compliantly and affordably, allowing you to cut costs and automate business processes.

1. Digital Signatures
The Law and Best Practices For compliance

2. Electronic/Digital Signature Legislation
Disclaimer: ARX is not a law firm and does not provide legal advice.
We make no warranty, express or implied, concerning any
interpretation of laws and regulations or its reliability as presented
here or of the content on websites cited in this presentation.

3. Electronic vs. Digital Signatures
Electronic signatures:
 Legally defined as an electronic sound, symbol (e.g., a graphic
representation of a person in JPEG file), or process, attached to or
logically associated with a record, and executed or adopted by a person
with the intent to sign the record.
 Some of the solutions that fit this legal definition can be very
problematic with regards to maintaining integrity and security, and
especially a good business policy or practice.
Digital signatures :
 Digital signatures, often referred to as advanced or standard electronic
signatures, provide the highest form of signature and content integrity
as well as universal acceptance.
 Digital signatures help organizations sustain signer authenticity,
accountability, data integrity, and non-repudiation (a signer cannot later
deny their participation in a transaction they signed) of electronic
documents and forms.

4. US/EU Federal and State Statutes
 Legislation
 Uniform Electronic Transactions Act (“UETA”) – 1999
 Electronic Signatures in Global and National Commerce Act (“E-Sign”) –
2000
 EU Directive for Electronic Signatures – 1999
These Acts give legal force and effect to electronic or
digital signatures.

5. Uniform Electronic Transactions Act (UETA)
 UETA http://www.law.upenn.edu/bll/archives/ulc/fnact99/1990s/ueta99.htm
 SECTION 7. LEGAL RECOGNITION OF ELECTRONIC RECORDS,
ELECTRONIC SIGNATURES, AND ELECTRONIC CONTRACTS.
(a) A record or signature may not be denied legal effect or
enforceability solely because it is in electronic form;
(b) A contract may not be denied legal effect or enforceability solely
because an electronic record was used in its formation;
(c) If a law requires a record to be in writing, an electronic record
satisfies the law;
(d) If a law requires a signature, an electronic signature satisfies the
law.

6. E-Sign Act
 ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE
ACT (aka E-Sign) at: http://frwebgate.access.gpo.gov/cgi-
bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106
 Mirrors various provisions of UETA (which preceded it)
 section a) says electronic signatures and documents are legal;
 section b) this act does not override other acts that may mandate use
of paper-based transactions;
 section c) “Consents” outlines what the parties must agree, and
declare they agree(d), to use of electronic signatures/contracts
between them; important in B2C and B2B scenarios.

7. State Compliance with UETA
 46 US States (+ DC, Puerto Rico, and the Virgin Islands) have
adopted UETA. http://www.ncsl.org/programs/lis/CIP/ueta-statutes.htm
 Georgia; Illinois; New York; Washington have other statutes pertaining
to electronic transactions
(GA: Ga. Code Ann., § 10-12-1; IL: 5 ILCS 175/1-101; NY: NY CLS State Technology § 301
et seq.; WA: http://apps.leg.wa.gov/RCW/default.aspx?cite=19.34)
 The US Federal Act, E-Sign, governs if disputes cannot be
settled at the state level.
Note: US courts seem to be so routinely admitting electronic signatures
due to the E-Sign Act that it is unnecessary for them to write a written
opinion actually going through the analysis under the statute. In a sense,
the statute is doing its job by obviating the need for any court to think
twice about whether an electronic signature could be admissible
(assuming it met all the other rules of evidentiary procedure).

8. EU Directive for Electronic/Digital Signatures
 Directive 1999/93/EC Of the European Parliament and of the
Council of 13 December 1999 on a community framework for
electronic signatures:
 The directive indicates standard digital signatures are required,
without explicitly saying so (wanting to appear technology neutral).
 All EU Member States have adopted this directive with local
legislation, as of 2003.
 EU Member States are not allowed to add additional requirements to
those in the directive.
 EU VAT Directive 2001: Council directive 2001/115/EC:
 Directive for electronic invoices calls for electronic signatures as
defined by the 1999 directive for electronic signatures.

9. Legal Summary
 US and EU law accept electronic and digital signatures but state
nothing of specific technology choices.
 US law allows for a broad definition of electronic signature.
 EU law narrows the definition and implies that digital signatures
should be used.
 Regulations in specific industries tend to lean toward digital
signatures.
 The courts are concerned with:
 Admissible evidence
 Was a policy/procedure followed consistently in the
execution of routine business?

10. Best Practices for Digital Signature Deployment
A legally enforceable digitally signed record should have:
 Admissible evidence:
 Attached to signed information
 Uniquely linked to the signer
 Capable of identifying the signer
 Been created using means signer maintains under his/her control
 Verifiable by anyone at anytime
 Anyone at anytime should easily be able to detect changes to signed
information
 Organizational policy:
 Digital signing should be part of a standard automated organizational
policy/process
 There should be a clear audit track

11. When are Digital Signatures Needed?
When proof of identity, intent, and integrity is needed
 Audit and regulatory requirements
 Particular to industry/geography
 Acceptance
 Inside and outside the organization
 Verification
 Now and in the archive

12. CoSign Digital Signature Compliance
 CoSign creates legally enforceable digital signatures in
accordance with UETA, 15 U.S.C. 7001 (E-Sign) and EU
Directives 1999/93/EC and 2001/115/EC
 The Cosign digital signature solution, when implemented with a
proper organizational policy, can comply with:
 FDA Title 21 CFR Part 11 (Life Sciences)
 HIPAA (Healthcare)
 Most states’ PE boards (Engineering)
 Sarbanes Oxley
 EU VAT Directive
 SAFE BioPharma Association
 United States Department of Agriculture (USDA)

13. About CoSign
The CoSign digital signature solution
automates your signature-based approvals
compliantly and affordably, allowing you to
cut costs and expedite business processes.
For more information, please contact
John Marchioni, VP Business Development
johnmarc@arx.com
Tel: (415) 839 8161
www.arx.com