E-Signatures & the Law

Is an electronic signature valid under the ESIGN Act?

7 min read  ·  Last updated June 2026

Yes — and the law is clearer on this than most people realize. The ESIGN Act has been federal law since 2000, and it says unambiguously that an electronic signature cannot be denied legal effect simply because it's electronic. But "valid" comes with conditions worth understanding, because they affect how you sign and what records you keep.

What the ESIGN Act actually says

The Electronic Signatures in Global and National Commerce Act (ESIGN) was signed on June 30, 2000. The core provision:

"A signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form." — 15 U.S.C. § 7001(a)

That "solely" is doing important work. The law doesn't say electronic signatures are automatically valid in every situation. It says you can't reject them just because they're electronic. If a signature is invalid for another reason — say, the signer was coerced, or the document was altered after signing — the electronic nature of the signature isn't what protects it.

The ESIGN Act covers interstate commerce. For state-level transactions, most states have adopted the Uniform Electronic Transactions Act (UETA), which mirrors ESIGN's protections at the state level. 49 states have adopted UETA. New York has its own equivalent (Electronic Signatures and Records Act, or ESRA). The result: electronic signatures are legally valid throughout the US.

The four conditions ESIGN requires

1. Intent to sign

The electronic action has to be deliberate. Clicking "I Agree" after reading a clickwrap agreement satisfies this. Accidentally hitting a button that signs something does not. For contracts, this is almost always satisfied as long as the signing interface makes clear what you're agreeing to.

2. Consent to use electronic records

ESIGN requires that the parties have consented to transact electronically. For most contracts between businesses, this is implicit — you're both using an online tool, you've both agreed to receive and sign documents this way. For consumer transactions, the consent requirements are more explicit: you may need to affirmatively opt in, and the platform may need to disclose the option to receive paper copies.

3. Association of the signature with the record

The signature needs to be linked to the specific document being signed. This is what an audit trail provides — a cryptographic record connecting your signature action to the exact version of the document at the exact moment you signed it. Without this, you have a signature floating in space with no provable connection to the document.

4. Record retention

ESIGN requires that electronic records be capable of being retained and reproduced accurately. A PDF you can print is fine. A signature entered into a form that generates no stored record is not.

What this means in practice: The method that satisfies all four conditions is a proper e-signature platform with an audit trail. A typed name in a text field satisfies conditions 1 and 2. A platform that hashes the document and logs the signing event satisfies 3 and 4. That's the difference between technically valid and practically defensible.

What ESIGN doesn't cover

The law explicitly excludes certain documents from its scope:

For everything else in commercial and personal life — NDAs, employment agreements, service contracts, leases, bills of sale, freelance agreements — ESIGN covers it.

What about international deals?

ESIGN only applies to US transactions. Most developed countries have their own equivalent laws — the EU's eIDAS regulation, the UK's Electronic Communications Act, Canada's PIPEDA, etc. The core principle (electronic signatures are valid) is common across them. But the level of signature required varies: eIDAS distinguishes between simple, advanced, and qualified electronic signatures, with different legal weights. For international contracts, confirm what the applicable law requires, not just whether e-signatures are allowed.

The audit trail is what makes it stick

Courts have upheld e-signatures in disputes for 25 years. The cases that go badly for one party usually have the same problem: they can't prove what was signed, when, or by whom. The audit trail is your answer to all three. It's not just nice-to-have — it's what transforms "I think we had a deal" into "here is the documented evidence of our deal."

filefriend generates a SHA-256 hash of every document at signing, logs the signer's IP and timestamp, and issues a completion certificate — all stored in your vault alongside the executed PDF. That's the audit trail ESIGN expects. See how signing works →

filefriend is a software tool, not a law firm. This article is general information, not legal advice. For high-stakes or international agreements, consult a lawyer.