Every electronic signature executed in the United States is governed by one of two laws — or both at the same time — and most business owners have no idea which. That ambiguity doesn't matter when things go smoothly. It matters enormously the moment a contract is disputed, an auditor shows up, or a signer claims they never actually agreed.
The good news: the two laws are deliberately aligned, the core requirements are identical, and once you understand the 80/20 you can stop worrying about them. This guide walks through what ESIGN and UETA actually say, how they interact, where the edge cases live, and exactly what your business needs to do to stay on the right side of both.
The 10-second answer
The ESIGN Act is a 2000 federal law that makes electronic signatures legally equivalent to handwritten ones across the United States, specifically for transactions in interstate and international commerce.
UETA (the Uniform Electronic Transactions Act) is a model state law, adopted in 49 states, that does the same thing at the state level.
They overlap almost entirely. Both require the same four conditions — intent to sign, consent to do business electronically, association of the signature with the record, and proper record retention. ESIGN generally defers to UETA where a state has adopted it. Where a state hasn't adopted UETA (historically, just New York), ESIGN fills the gap.
In practice: if your electronic signature satisfies the four conditions, it's valid under both laws, in every U.S. jurisdiction. The rest of this guide explains the nuances that occasionally matter.
A brief history (you'll be glad you know this)
Before 2000, nobody knew whether a typed name at the bottom of an email counted as a signature. Courts ruled inconsistently. Businesses couldn't execute contracts electronically without risking enforceability disputes.
Two things happened in parallel to fix this.
1999 — The Uniform Law Commission drafted UETA. A model statute designed to be adopted by each state individually. It gives electronic signatures and records the same legal effect as paper, governs the rules of signing and retention, and creates consistency across state borders as more states adopt it.
2000 — Congress passed ESIGN. The federal backstop. It applies to any transaction "in or affecting interstate or foreign commerce" — which, in 2026, is essentially all commerce — and preempts state laws that would deny electronic signatures legal effect. Critically, ESIGN contains a "reverse preemption" clause: if a state has adopted UETA (or a substantially similar law), UETA governs and ESIGN steps back.
That second clause is the reason most businesses can operate under a single framework. UETA has been adopted by 49 states (all but New York, which has its own comparable law — the Electronic Signatures and Records Act). So in nearly every U.S. state, UETA is the operative law, with ESIGN in the background as a federal floor.
The four requirements (the only thing you really need to remember)
Both ESIGN and UETA converge on the same four requirements. An electronic signature is valid when:
1. Intent to sign. The signer must have clearly intended to sign the document. A typed name followed by a click of a "Sign" button demonstrates intent. A pre-checked box buried in a 40-page terms-of-service dialog does not.
2. Consent to do business electronically. Both parties must agree — either explicitly or through their conduct — to transact electronically. In most workflows, this is satisfied by a brief disclosure at the top of the signing screen: "By signing electronically, you agree that your electronic signature has the same legal effect as a handwritten one." For consumer transactions, ESIGN adds additional consumer-consent requirements (more on this shortly).
3. Association of the signature with the record. The signature must be logically tied to the document it signs. A standalone text message saying "I agree" is weak. A signature captured in-line on a specific page of a specific version of a specific document, with an audit trail linking them, is strong.
4. Record retention. The signed record, including any audit trail, must be stored in a form that can be accurately reproduced later. "Accurately reproduced" is the key phrase — the retention system must preserve the document's content and the evidence that it was signed.
Meet all four, and your electronic signature is enforceable under both ESIGN and UETA. Fail any one of them, and you've created a legal exposure that a sophisticated counterparty can exploit.
For a deeper look at how these four requirements interact with the underlying cryptographic technology, see our guide on electronic signature vs. digital signature.
Key differences between ESIGN and UETA
The laws are 95% aligned. Here's the 5% where they diverge — and where it occasionally matters.
Jurisdiction. ESIGN is federal and applies to interstate and foreign commerce. UETA is state-level and governs transactions within a single state. If your transaction crosses state lines (most do, in 2026), ESIGN is in play. If it's purely intrastate, UETA governs alone in states that have adopted it.
Consumer protections. ESIGN contains specific consumer-protection language that UETA does not. Before an individual consumer can electronically receive a record that's required by law to be in writing, ESIGN requires a specific "UETA consumer consent disclosure" — including informing the consumer of their right to receive the record on paper, the hardware and software requirements to access the record, and how to withdraw consent. This matters most for regulated consumer disclosures — credit agreements, insurance notices, certain HR documents.
Scope of exclusions. Both laws carve out certain document types that cannot be electronically signed: wills, testamentary trusts, adoptions, divorces, and similar. The lists differ slightly, and some states have narrowed or widened their carve-outs.
Reverse preemption. ESIGN yields to UETA in states that have adopted UETA. If a state has modified UETA substantially, or adopted a different law (like New York), the interaction gets more complicated and usually requires legal advice for high-value transactions.
Court interpretation. UETA has been interpreted consistently across most states, but a few have developed state-specific precedents that can shape how signature disputes are resolved. ESIGN is interpreted at the federal level with some regional variation among circuit courts.
For most SMB and HR use cases, these differences are academic — meet the four requirements, and you're covered by whichever law applies.
Which law applies to your contracts?
Here's the decision tree, simplified.
Is the transaction purely within one state? If yes, that state's electronic signature law (typically UETA) applies alone.
Does the transaction cross state lines, involve federal law, or affect interstate commerce? Almost certainly yes in any modern business. ESIGN applies. If both parties are in UETA states, UETA may also apply concurrently; ESIGN defers.
Is the transaction with a consumer regarding a record required by law to be in writing? Apply ESIGN's consumer-consent disclosure requirements on top of everything else.
Is the document in an excluded category? Wills, certain family-law matters, and some court documents still require wet signatures in most jurisdictions.
For 90% of contracts flowing through an SMB or HR team, the answer to "which law applies?" is "both — and they require the same four things."
Documents you cannot electronically sign under ESIGN or UETA
Both laws exclude certain document types. The exclusions exist because policy makers decided the solemnity or specific legal formalities of these documents warranted preserving wet signatures. The core exclusions:
Wills and testamentary trusts. Some states have enacted specific electronic-will statutes, but the default position under ESIGN and UETA is that wills require traditional execution.
Family-law documents. Adoptions, divorces, and related proceedings. Exclusions vary by state.
Certain court documents. Depends on the court; many courts now accept electronic filing, but signatures on specific filings may require traditional execution.
Notices of cancellation or termination of utility services. Consumer-protection carve-out.
Default notices and eviction notices under a credit agreement or rental agreement. Another consumer-protection carve-out.
Product recall notices affecting health or safety.
Documents accompanying hazardous material transport.
If you're signing in any of these categories, consult a lawyer — electronic execution is often technically possible but procedurally complicated.
How to structure your signing process to satisfy both laws
The operational translation of the four requirements is straightforward. A compliant electronic signing process does five things:
1. Obtains and records consent. Display a clear disclosure at the start of the signing process: "By proceeding, you consent to conduct this transaction electronically and agree that your electronic signature has the same legal effect as a handwritten signature." Capture the click or agreement in your audit log.
2. Captures the signing act. Let the signer type, draw, or otherwise affirmatively indicate their signature. The act itself — click "Sign," type your name, draw a signature — must happen intentionally.
3. Produces an audit trail. Every signer action is logged: envelope opened, document viewed, signature placed, completion confirmed. Each log entry should include a timestamp, IP address, and device fingerprint at minimum. This is the evidence that answers the "did the signer really intend to sign?" question if it's ever disputed.
4. Binds the signature to the document. The signature and audit trail must be cryptographically or logically associated with the specific document signed, not a general record of "John agreed to something." Modern platforms do this automatically by embedding a digital signature and hash into the completed PDF.
5. Retains the record for as long as the underlying transaction is enforceable. This usually means at least seven years for most commercial contracts, longer for employment records, indefinitely for corporate records. Retention means preserving both the document and the audit trail in a form that can be accurately reproduced on demand.
A platform that does all five — and hands you the resulting document with an embedded digital signature and QR-linked certificate of authenticity — is effectively bulletproof under ESIGN and UETA.
The evidentiary difference that catches people out
Here's a subtle point that surprises business owners when it matters: ESIGN and UETA tell you when an electronic signature is legally valid. They don't tell you how to prove it was signed by the person you think signed it, if that's ever challenged.
Proof is an evidentiary question, separate from validity. The two laws are permissive about what can count as a signature. They're silent on the evidence quality you'll need if the signer later claims "I never signed that."
Practical implication: an e-signature with a thin audit trail (just a name and timestamp) is legally valid but hard to defend. An e-signature with a rich audit trail — email verification, IP, device fingerprint, multiple confirmation steps, and an embedded digital signature — is legally valid and effectively unchallengeable.
Build for the second. In a world where AI-generated document forgeries are exploding, the strength of your audit trail is the strength of your enforceability.
State-level nuances worth knowing
Some states have added their own flavor on top of UETA that occasionally matters.
New York has its own electronic signature law — the Electronic Signatures and Records Act (ESRA) — rather than UETA. It's aligned with UETA in substance but differs in some procedural details. If you operate primarily in New York, have a lawyer confirm your process satisfies ESRA specifically.
Illinois has the Uniform Electronic Transactions Act but also maintains some older precedents around specific regulated documents.
California has adopted UETA but layered additional consumer-protection requirements on top for certain regulated industries.
Washington added specific provisions around blockchain-based signatures in 2019, explicitly recognizing them under UETA.
None of these state variations change the four core requirements. They occasionally affect the procedural details of how the requirements are satisfied.
- International signatures from U.S. businesses
What happens when a U.S. business signs a contract with a counterparty in the EU, UK, or Canada?
EU counterparties bring eIDAS into play. eIDAS recognizes three tiers of electronic signatures — simple, advanced, and qualified — and high-value or regulated contracts sometimes require the advanced or qualified tier. A U.S. e-signature that satisfies ESIGN may not automatically satisfy eIDAS's tier requirements for specific document types.
UK counterparties are covered by a UK-adapted version of eIDAS following Brexit, largely similar.
Canadian counterparties are governed by PIPEDA (federal) and provincial e-signature laws. Requirements are broadly aligned with ESIGN.
Practical rule: for international contracts, default to the highest common denominator. An electronic signature with an embedded digital signature, a full audit trail, and an issuer-verified certificate of authenticity is accepted under ESIGN, UETA, eIDAS, PIPEDA, and most other modern frameworks simultaneously.
- Frequently asked questions
Are electronic signatures legally binding in all 50 states?
Yes. UETA has been adopted in 49 states; New York has its own equivalent law (ESRA). ESIGN provides a federal backstop. In every U.S. state, an electronic signature satisfying the four core requirements is legally binding.
Which is stronger: ESIGN or UETA?
Neither is "stronger." ESIGN is federal; UETA is state-level. In UETA states, UETA generally governs (ESIGN defers). In non-UETA jurisdictions, ESIGN applies. Both require the same four conditions for validity.
Can my business get away with just a typed name at the bottom of an email?
Technically, yes — if you can later prove intent, consent, association, and retention. Practically, no — the evidentiary burden is high and the audit trail is weak. Use a proper e-signature platform for any document that matters.
Do I need a digital signature (cryptographic) to satisfy ESIGN/UETA?
No. Neither law requires a digital signature. Both are technology-neutral. However, modern platforms combine electronic and digital signatures by default, which both satisfies the laws and provides much stronger evidence in a dispute.
What happens if the signer claims they didn't actually sign?
Your audit trail is your defense. A strong audit trail — email verification, IP, device, timestamped actions, embedded digital signature — makes repudiation extremely difficult. A weak audit trail makes repudiation easy.
How long do I need to retain signed electronic records?
At least as long as the underlying transaction is enforceable. Common defaults: seven years for commercial contracts, seven years or longer for tax and financial records, longer still for employment records, indefinitely for key corporate records. Check industry-specific retention rules.
Are there documents I can never electronically sign?
Yes — both laws exclude wills, certain family-law documents, specific court documents, and some consumer-protection notices. The exclusion list varies by state.
Does ESIGN or UETA apply to signatures by non-U.S. parties?
Both laws apply to U.S.-based transactions. For cross-border contracts, also consider the counterparty's home jurisdiction — eIDAS in the EU, PIPEDA in Canada, similar frameworks elsewhere.
The bottom line
ESIGN and UETA exist so you can stop wondering whether electronic signatures are "really legal." They are, in all 50 states, for nearly every commercial document, when four simple conditions are met.
Your operational job is to use a signing platform that satisfies all four conditions automatically — with a proper audit trail, an embedded digital signature, and retention you can count on. The legal question then takes care of itself, and you can focus on the question that actually matters in 2026: can a third party independently verify your documents are real without calling you?
For the full playbook on how electronic signatures, digital signatures, and QR-verified certificates of authenticity fit together into a single document trust stack, start with our pillar guide: How to Verify Document Authenticity in 2026.
Want to sign documents that satisfy ESIGN, UETA, and eIDAS simultaneously — with a certificate of authenticity any recipient can verify in one scan? Try VerifyDoc.ai free and execute your first document the right way in under five minutes.
