Legal

An electronic signature generally has to meet the same rules as paper and ink signatures. Commonly, this is summarised in law as:

  1. adequately identifies the signatory; and
  2. adequately indicates the signatory’s approval of the information to which the signature relates; and
  3. is as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required

We will discuss both styles of signatures we offer - Single, and Multiple

1. Identification

Single signature

You set the signatory's name and contact email address against the document to be signed. The email address must be a personal account that only the signatory will have access to. This name and contact method is equivalent to (and arguably more robust than) a traditional addressed letter. These details are hard-coded in to the signature itself


Google account method: Highest security. Nothing secret is sent out. The signatory will visit the form and in the process, their Google account asks our service for permission to sign. Only the person who has access to this account can create a signature


Email method: High security. A unique code is created and paired to the email address for the signatory. As the independent third party, we send a unique key to the signatory, so only the person who has access to those emails can enact the signature. This keeps you and them at arm's length

Multiple signatures

No identification mechanism is built-in to the signature. By its nature, the multiple signature style is open and can be signed by anyone.

We equate this to a sign-up sheet. If positive identification comes in to question, the signature, name and email address on record can be compared against the individual's actual details.

2. Approval of the information

Single and Multiple signatures

We place the signature function at the end of your form, so the signatory has read everything by the time they get there. They are asked to approve the entire form

3. Reliability and fit for purpose

An electronic signature is sufficiently reliable if all of the following are achieved:

The means of creating the signature is linked to the person signing and no-one else

Single signature

You set the signatory's email address when requesting a signature. This can't be changed; it can only be cancelled, and a new request issued

Multiple signatures

The Multiple signature feature is open for signatures from any person who uses an enabled Form. In normal use, a person will generate their own means of signing by way of completing the Form. It can generally be assumed that the person who completed the Form also created the related signature, but this is not guaranteed

The means of creating the signature is under the control of the person signing and no-one else

Single signature

Only the controller of the email account is able to create a signature for the document. No other person, including the creator, can create a signature on their behalf

Multiple signatures

The person signing has control over their signature. In-line with the above limitation, that person isn't guaranteed to be anyone in particular

Any changes to the signature are detectable

Any changes to the documents are detectable (data integrity)

Single signature

When a document is signed, we take a SHA256 hash of the content, including the signature. Signed documents can be checked for integrity in-app or on our Verify signature page

Multiple signatures

When a signature is created, we take a SHA256 hash of the Form's content, and a SHA256 hash of the signature image separately as the image isn't stored within the Form. Signatures can be verified individually from within the respective Form's Response Sheet.

For both:

  • Changing a single character in the Document, or pixel in the signature, will make the document fail an integrity check
  • Reverting the change will allow the document to pass the check again
  • Copies made with Google's copy function will pass the check: this is the equivalent of photocopying a paper form
  • A manually re-created document will fail an integrity check

Examples of laws permitting electronic signatures

  • Australia - Electronic Transactions Act 1999
  • New Zealand - Electronic Transactions Act 2002 (and the basis of our notes above)
  • USA - Uniform Electronic Transactions Act (UETA) 1999 and the Electronic Signatures in Global and National Commerce Act (ESIGN) 2000
  • UK - Electronic Communications Act 2000 and Electronic Signature Regulations 2002
  • EU - EU Directive 1999/93/EC on Electronic Signature
  • Canada - Uniform Electronic Commerce Act (UECA)
  • China - Electronic Signature Law of the People's Republic of China
  • Australian Capital Territory -ELECTRONIC TRANSACTIONS ACT 2001
  • Australia, New SouthWales (NSW) - ELECTRONIC TRANSACTIONS ACT 2000
  • Australia, Northern Territory (NT) - ELECTRONIC TRANSACTIONS ACT 2000
  • Australia, QLD - ELECTRONIC TRANSACTIONS (QUEENSLAND) ACT 2001
  • Australia, VIC - ELECTRONIC TRANSACTIONS (VICTORIA) ACT 2000
  • Australia, SA - ELECTRONIC TRANSACTIONS ACT 2000
  • Australia, WA - ELECTRONIC TRANSACTIONS ACT 2003
  • Australia, Tasmania - ELECTRONIC TRANSACTIONS ACT 2000


Most countries have recognised the digital way business is run and have some legislation for electronic signatures