ProofSpace White Paper

The Principles of Electronic

Agreement Legal Admissibility

Jacques Francoeur, B.A.Sc., M.A.Sc., MBA

(408)-406-6539, jacques@proofspace.com

Notice: This is not legal advice

 ProofSpace White Paper

Table of Contents

Introduction 3
Components of an Electronic Signature 3
Electronic Signature Legislation — A Non Discrimination Act 4
The Principles of Electronic Agreement Admissibility 6
Principle 1: Electronic Signature Reliability 7
Criteria 1: Electronic Signature to Electronic Document Binding 7
Criteria 2: Identity Authentication 8
Criteria 3: Electronic Signature Integrity 8
Criteria 4: Electronic Document Integrity 8
Principle 2: Sole Control over Act of Signing 9
Criteria 5: Privacy of Unique Identifier 9
Criteria 6: Sole Control Over Unique Identifier 9
Criteria 7: Revocation of Unique Identifier 9
Principle 3: A State of Informed Consent in the Act of Signing 10
Criteria 8: Awareness of Engaging in a Process of Agreement Formation 11
Criteria 9: Awareness of Intent and Implications of Act of Signing 11
Criteria 10: Notice of Rights 11
Principle 4: The Digital Chain of Admissibility 11
Criteria 11: Audit Trail of How, Who, What and When 12
Criteria 12: Retention 12
Principle 5: Electronic Agreement Trustworthiness 13
Criteria 13: Level of Electronic Signature Reliability 13
Criteria 14: Degree of Control over the Act of Signing 14
Criteria 15: Extent of a State of Informed Consent 14
Criteria 16: Trustworthiness of the Digital Chain of Admissibility 14
Conclusion: A Trusted Electronic Agreement Process 15
Evaluation Matrix: Criteria for Legal Admissibility
ProofSpace of Electronic Agreements 16
900 Clancy Ave NE
Grand Rapids, MI 49503
(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

Introduction
In its most basic sense, an agreement is a commitment between two or more parties
to perform obligations in exchange for consideration. The agreement cannot be
subject to imperfect memory, competing claims or repudiation. There must be a state
of awareness that an agreement was being entered into and that a state of informed
consent existed during the act of signing. There must be sufficient proof to establish
the identities involved, the specifics of the agreement and the time the agreement was
entered into; all of which must be retained for a prescribed period.
The transformation from a paper-based agreement process to an electronic equivalent
makes no difference to the ongoing need to adhere to legal standards, meet legislative
requirements and comply with regulatory requirements. However, the electronic
paradigm will create many new legal and technical challenges and present risks that
will radically change the methods of meeting the standards and requirements and
demonstrating their adherence and compliance.
This paper will discuss a set of five principles that are essential to the legal admissibility
of an electronic agreement. These principles are prerequisites to enforceable electronic
agreements as required by existing legal standards and electronic signature legislation.
Admissibility can be understood to mean meeting the prerequisite requirements
necessary to hold an individual accountable, to obtain a successful dispute resolution
judgment or to obtain a favorable court adjudication. This paper will also specify sixteen
measurement criteria that can be used as metrics to assess whether the architecture
of an electronic transaction will meet the requirements of admissibility. But first, let
us define the essential components of an electronic signature and discuss the legal
significance of electronic signature legislation — the elimination of a key barrier to
executing end-to-end electronic agreements.

Components of an Electronic Signature

In order to understand the impact of electronic signature legislation and to identity
the minimum requirements necessary to adhere to the act, one must first understand
the legal definition of an electronic signature and identify its essential components.
The most effective way to do this is to understand the fundamentals of electronic
signature laws, as articulated by the United Nations Commission on International
Trade Law (UNCITRAL) Model Law 1 on Electronic Signatures (“UN Model Law”). Then
to understand the intent of a multinational standard such as the European Union
Electronic Signature Directive (“EU Directive”) 2 and finally to consider the specifics
of a national act — the United States Electronic Signatures in Global and National
Commerce Act 3 (“eSign Act”). From these reference sources, a common set of
requirements will become apparent.

1 Model Law and Guide to Enactment: http://www.uncitral.org/english/texts/electcom/ml-elecsig-e.pdf

2 European Union Electronic Signature Directive: DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures.
ProofSpace http://europa.eu.int/ISPO/ecommerce/legal/documents/1999_93/1999_93_en.pdf
900 Clancy Ave NE 3 United States Electronic Signatures in Global and National Commerce Act: http://www.ecommerce.gov/
Grand Rapids, MI 49503 ecomnews/ElectronicSignatures_s761.pdf

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

The definition of an electronic signature as provided by the UN Model Law 4 is:

An electronic signature is “data in electronic form in, affixed to, or logically associated with,
a data message, which may be used to identify the signatory in relation to the data message
and indicate the signatory’s approval of the information contained in the data message.”

The definition as provided by the EU Directive 5 is:

“electronic signature means data in electronic form which are attached to or logically
associated with other electronic data and which serve as a method of authentication…”

Finally, the definition as provided by the US e-Sign Act 6 is:

“The term electronic signature means an electronic sound, symbol, or process, attached to
or logically associated with a contract or other record and executed or adopted by a person
with the intent to sign the record.”

All three definitions require the signature to be affixed to or associated with what is
being signed. Therefore an electronic signature cannot exist without a context and the
specifics of what is being signed. Furthermore, the UN Model Law and the e-Sign Act
definitions add that the act of signing must be an act of approval or intent, respectively
and the EU Directive defines the intent as a method of authentication. Therefore an
electronic signature cannot further exist without the existence of intent. Consequently,
in the most general sense these definitions describe more the formation of an electronic
agreement — a signature in electronic form linked to a record in electronic form with
the act of signing performing a purpose, either approval, authentication or intent.
The objective of electronic signature legislation is then to articulate that these
electronic entities, whether they are called signatures or agreements, are equivalent in
terms of legal effect and validity as their physical counterparts. This is the focus of the
following section.

Electronic Signature Legislation — A Non Discrimination Act

The impact of electronic signature legislation is to provide for the non-discrimination of
electronic signatures and records as compared to their physical counterparts. That is,
no signature or record will be deemed invalid merely because it is in electronic form. In
legal terms this means that the legislation provides the same “legal effect and validity”
to an electronic signature and record as to the legal effect granted a handwritten
signature on a paper record. Note that the legal recognition granted a handwritten
signature, which is that of admissibility in a court of law, is far greater than the legal
recognition granted an electronic signature, which is not to be deemed invalid. The key
challenge is how to get both to have the same legal recognition — that of admissibility.
Electronic signature legislation also articulates a number of requirements that
must be adhered to and makes clear that the need to comply with any and all other
requirements of law is not affected or altered in any way. It only serves to create a fair
playing field between physical and electronic signatures and records in terms of their

4 UNCITRAL Model Law on Electronic Signatures Article 2a

ProofSpace 5 European Union Electronic Signature Directive Article 2.1
900 Clancy Ave NE 6 United States Electronic Signatures in Global and National Commerce Act: Section 106 Definitions (5)
Grand Rapids, MI 49503 Electronic Signature

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

right to exist and be equally considered, subject to specific requirements being met.
These requirements are the focus of the Principles of Legal Admissibility.
The intent of the UN Model Law is to facilitate the creation of a harmonized and
coherent international legal framework for the recognition of electronic signatures.
This international legislative interoperability will consequently result in “frictionless”
international e-business. This enables an agreement executed or formed in one
territory to be legally recognized by another and the creation of a normalized set of
industry best practices and standards governing e-business and e-commerce that can
interoperate.
The UN Model Law 7 states that:
“Where the law requires a signature of a person, that requirements is met… if an electronic
signature is used which is as reliable as was appropriate for the purpose for which the data
message was generated…”

The UN Model Law further states that an electronic signature meets the requirement
of law if it is sufficiently reliable (trustworthy) as required by the significance of the act
of signing. This “level of reliability” requirement is the subject of Principle 5: Electronic
Agreement Trustworthiness and will be further discussed in Section 4.
While UN model law and the e-Sign act are “technology neutral,” the EU Directive
strongly favors cryptographically based electronic signatures, called Digital Signatures,
while still ensuring “neutrality” in terms of the legal effect and admissibility of all
forms of electronic signatures. To accommodate this, the EU Directive has articulated
two classes of electronic signatures with distinct levels of trustworthiness designed to
convey two distinct levels of legal recognition — legal effect and legal admissibility.
The first form of electronic signature that is afforded legal effect and validity
is a General Electronic Signature (GES). However its admissibility in a court of
law is predicated upon its specific ability to meet the requirements of reliability
commensurate with the purpose of the signature. The second form of electronic
signature, called an Advanced Electronic Signature, is granted a much higher legal
recognition. It is guaranteed admissibility in a European Union court of law. This
distinction of legal recognition, the right to exist legally (legal effect) and the right to be
granted equivalence to a handwritten signature (legal admissibility) in a court of law, is
exactly the focus of this paper. It will be further discussed in the following section under
Principle 5: Electronic Agreement Trustworthiness.
The EU Directive 8 articulates the requirements of legal effect and validity and
technology neutrality as follows:
“Member States shall ensure that an [GES] electronic signature is not denied legal
effectiveness and admissibility as evidence in legal proceedings solely on the grounds that
it is in electronic form, or… not based on an Advanced Electronic Signature.”

ProofSpace
900 Clancy Ave NE 7 UNCITRAL Model Law on Electronic Signatures Article 6.1

Grand Rapids, MI 49503 8 European Union Electronic Signature Directive Article 5.2

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

The US e-Sign act 9 ensures the non-discrimination of electronic ensuring their legal
effect and validity, as follows:
1) A signature, contract, or other record relating to such transaction may not be denied
legal effect, validity, or enforce-ability solely because it is in electronic form; and
2) A contract relating to such transaction may not be denied legal effect, validity, or
enforceability solely because an electronic signature or electronic record was used in its
formation.

The key point to recognize is that electronic signature legislation ensures that electronic
signatures and records will not be denied enforceability solely for being electronic.
Rather they place the condition of admissibility squarely on the level of reliability of the
signature and the level of trustworthiness of the agreement formation process.
So the key question becomes, how to get from legal effect and validity, as provided by
electronic signature legislation, to legal admissibility in a court of law, a prerequisite
of enforceable electronic agreements. This is achieved by adhering to the Principles of
Electronic Agreement Admissibility, discussed in the next section.

The Principles of Electronic Agreement Admissibility

This section describes five principles that are essential to meeting the prerequisite
requirements of admissibility, as required by electronic signature legislation
and established legal standards. These principles are broken down into sixteen
measurement criteria that can be used to assess whether the design of an electronic
agreement formation process will generate legally admissible electronic agreements.
The principles of electronic agreement admissibility are:
Principle 1: Electronic Signature Reliability relates to the technical reliability of the
electronic signature itself.
Principle 2: Sole Control Over the Act of Signing relates to whether the signature
applied was in fact applied by the signatory.
Principle 3: A State of Informed Consent in the Act of Signing relates to the state of
mind of the signatory at the time the signature was applied.
Principle 4: The Digital Chain of Admissibility relates to whether the level of
trustworthiness of the agreement formation process was sufficient for the purpose of
the agreement.
Principle 5: Electronic Agreement Trustworthiness relates to the capture and
preservation of the electronic forensic evidence of the agreement formation process.
These principles are addressed below.

ProofSpace
900 Clancy Ave NE
Grand Rapids, MI 49503 9 United States Electronic Signatures in Global and National Commerce Act: Section 101 General Rule of Validity

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

Principle 1: Electronic Signature Reliability

The reliability of an electronic signature is a critical requirement to its legal
admissibility. Aspects of reliability relate to the technical robustness attributes of the
electronic signature and record. To identify the set of requirements as articulated the
UN Model Law, the EU Directive and the e-Sign Act, consider the following table that
breaks out the components of an electronic signature:

Electronic Signature Components

United Nations Model European Union U.S. Global and
Electronic Signature Electronic Signature National e-Commerce
Law Directive Act
Electronic Nature of “data in electronic “data in electronic “an electronic sound,
Signature form form symbol, or process
in, affixed to, or which are attached to attached to or
Link of Electronic
logically associated or logically associated logically associated
Signature
with with with
a contract or other
What is Being Signed a data message, other electronic data
record
which may be used to
Identification of the identify the signatory and executed or
Signatory in relation to the data adopted by a person
message and which serve
and indicate the as a method of
signatory’s approval authentication...”
with the intent to sign
Purpose of Signing of the information
the record.”
contained in the data
message.”

From these three definitions, one can identify the common attributes of an electronic
signature that determines its reliability. Note that the one essential requirement falls
outside of the technical realm and to informal notions of informed consent — approval
and intent, which relates more to the agreement formation process. This will be
addressed further in the discussion on Principle 3: A state of Informed Consent in the
Act of Signing.
The technical robustness attributes of an electronic signature in the form of
measurement criteria are:

Criteria 1: Electronic Signature to Electronic Document Binding

The robustness of the method used to link the electronic signature to the electronic
record being signed is a factor in determining the reliability of an electronic signature
and in fact the electronic agreement. Its robustness relates to the ease to which it may
be manipulated or falsified. Different levels of robustness are obtained from transaction
architectures that embed an electronic signature in the record being signed, affix
or attach the electronic signature to the record, or logically associate the electronic
signature with the record.
ProofSpace
900 Clancy Ave NE
Grand Rapids, MI 49503
(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

Criteria 2: Identity Authentication

The “chain of trust” that establishes the link between an electronic signature, a secure
private identifier, a registered identity and finally to a physical individual acting as a
Signatory can only lead to one unique individual.
The UN Model Law 10 requirement is articulated as follows:
“An electronic signature is considered to be reliable for the purpose of satisfying the
requirement [of law] if the signature creation data [unique identifier] are,…, linked to the
signatory and no other person;”

How can the true identity of the signatory be established and the basis of denial
controlled to the necessary level? This chain of trust is derived from the architecture of
the processes involved in identity management. It starts with the method of vetting the
true identity of the individual and generating a unique private identifier 11 that can only
be associated with the individual. The chain of trust is then derived from the method
of binding the public electronic credential 12 to the registered identity, the method used
to transmit with confidentiality the private identifier to the individual and the method
of protecting and accessing the private identifier to perform the act of signing. This
complex chain of trust is called the Digital Chain of Accountability™ 13 and is outside the
scope of this paper. For more information, see www.trustera.com.

Criteria 3: Electronic Signature Integrity

The ability to maintain the integrity of an electronic signature is critical to its reliability.
It is not only a matter of its capture, but also the ability to preserve, verify the integrity
of, and render the signature in human readable form when and where required. The
reliability is associated with the ability detect any alteration or modification of the
signature after it has been generated.
The UN Model Law 14 articulates this requirement as follows:
“An electronic signature is considered to be reliable for the purpose of satisfying the
requirement [of law] if any alteration of the electronic signature, made after the time of
signing, is detectable;”

Criteria 4: Electronic Document Integrity

The purpose of an electronic signature as an act of approval of content or intent to be
bound is predicated on the ability to maintain and verify the integrity of the content to
which the electronic signature is affixed to, associated with or embedded in. That is,
the ability to detect any alteration or modification to the content after the record has
been signed.

10 UNCITRAL Model Law on Electronic Signatures Article 6.3.a

11 A Private Identifier is a technology neutral term that means the electronic code that is private and uniquely
associated with one individual and that is used to create an electronic signature. The EU Directive uses the
term Signature Creation Data. Other forms are passwords and private cryptographic keys.
12 An Electronic Credential is a technology neutral term that means the public registered identifier that is used
to link the identity of an individual with the private unique identifier. The EU Directive uses the term Signature
Verification Data. Other forms are User IDs and Digital Certificates (Public Cryptographic Keys).
13 The Digital Chain of Accountability is an architectural construct that measures the trustworthiness of identity
ProofSpace management processes. See Technical Brief 2: Digital Chains of Trust at www.trustera.com. The Digital Chain
900 Clancy Ave NE of Accountability is a trademark of trustEra, Inc.

Grand Rapids, MI 49503 14 UNCITRAL Model Law on Electronic Signatures Article 6.3.c

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

The UN Model Law 15 articulates this requirement as follows:

“An electronic signature is considered to be reliable for the purpose of satisfying the
requirement [of law] if, … any alteration made to that information [record] after the time of
signing is detectable;”

The reliability of an electronic signature is a necessary but insufficient requirement for

legal admissibility. It is also requires that the Signatory have sole control over the act of
signing, the focus of the nextprinciple.

Principle 2: Sole Control over Act of Signing

The sole control over the unique identifier is one of the most critical principles as it
is subject to less interpretation. A breach in sole control invalidates the reliability of
any subsequent electronic signature. The concept of “sole control” embodies three
critical aspects — the privacy, security and unique access to the unique identifier — the
effective “signature” of an individual.

Criteria 5: Privacy of Unique Identifier

During the identity registration process, an identifier is generated that must be both
unique to the individual and only known by the individual — private. Therefore the
admissibility of an electronic signature is predicated on maintaining the confidentiality
of the unique identifier during its validity period. This is accomplished through
appropriate security measures that protect the identifier from unauthorized access or
unintended disclosure.

Criteria 6: Sole Control Over Unique Identifier

The admissibility of an electronic signature is predicated on the registered individual
being the only person who has access to and control over the unique identifier and is
the only individual who can exercise the act of signing. Access to the unique identifier
and sole control over the act of signing is also achieved by the use of appropriate
security measures that ensure only the registered individual is the person who can gain
access to the identifier.
The UN Model Law 16 articulates this requirement as follows:
“An electronic signature is considered to be reliable for the purpose of satisfying the
requirement [of law] if the signature creation data [unique identifier] were, at the time of
signing, under the control of the signatory and no other person;”

Criteria 7: Revocation of Unique Identifier

The individual is not only responsible for maintaining the privacy and of the unique
identifier but also notifying the issuer of any breach so that its loss of reliability can be
conveyed to any subsequent relying party.

ProofSpace
900 Clancy Ave NE 15 UNCITRAL Model Law on Electronic Signatures Article 6.3.d

Grand Rapids, MI 49503 16 UNCITRAL Model Law on Electronic Signatures Article 6.3.b

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 
 ProofSpace White Paper

The UN Model Law 17 articulates this requirement as follows:

(1) Where signature creation data [unique identifier] can be used to create a signature that
has legal effect, each signatory shall:
(a) exercise reasonable care to avoid unauthorized use of its signature creation data;
(b) without undue delay, utilize means made available by the certification service
provider pursuant to article 9 [Conduct of the Certification Service Provider], or
otherwise use reasonable efforts, to notify any person that may reasonably be
expected by the signatory to rely on or to provide services in support of the electronic
signature if:
(i) the signatory knows that the signature creation data have been compromised;
or
(ii) the circumstances known to the signatory give rise to a substantial risk that
the signature creation data may have been compromised;

It should be noted that failure to provide immediate notification of a breach could result
in an individual’s liability for any damages suffered by a party’s reliance on a breached
identity or fraudulent electronic signature.
The UN model law 18 articulates this notion of liability as follows:
(2) A signatory shall bear the legal consequences of its failure to satisfy the requirements
of paragraph (1).

In summary, the sole control over the act of signing is dependent on ensuring that
the unique identifier remains confidential, that the registered individual has the sole
ability to execute the act of signing and measures are in place to notify the issuer of any
breach to privacy or access to the identifier. The reliability of an electronic signature
and the sole control over the act of signing are necessary but insufficient requirements
for legal admissibility. It is also dependent on ensuring the act of signing is an act of
informed consent, the focus of the next principle.

Principle 3: A State of Informed Consent in the Act of Signing

An admissible electronic agreement must indicate the signatory’s approval of the
information in the document being signed and intent to be bound by its terms. This
clearly falls outside of the technology of capturing and preserving an electronic
signature and into the domain of awareness of what is being signed and acceptance of
the implications of the act of signing — being bound by its terms.
This is embodied in what is called Legal Sufficiency 19, which is an established legal
standard ensuring that a state of informed consent is present during the act of signing.
Legal Sufficiency involves two basic concepts referred to as “Writing” and “Signature,”
which combine measurable parameters such as notice and content with less
demonstrable notions of context, intent and consent.

17 European Union Electronic Signature Directive Article 8.1

ProofSpace 18 European Union Electronic Signature Directive Article 8.2
900 Clancy Ave NE 19 US Department of Justice, “Legal Considerations in Designing and Implementing Electronic Processes: A
Grand Rapids, MI 49503 guide for Federal Agencies”, November 2000. http://www.cybercrime.gov/eprocess.htm

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 10
 ProofSpace White Paper

Criteria 8: Awareness of Engaging in a Process of Agreement Formation

Legal Sufficiency requires that certain transactions, such as agreements (i.e.,
contracts), must be reduced to writing on paper to be legally enforceable. The
requirement of “writing” is an established legal standard whose “functional purpose”
must be respected in the execution of an electronic agreement. The requirement of
writing is important as it forces a type of ceremony that builds awareness that a process
of agreement formation is taking place and appreciation as to the obligations under the
agreement and the consequences for failing to fulfill the obligations.

Criteria 9: Awareness of Intent and Implications of Act of Signing

Therefore, the method of electronic agreement execution must clearly establish a state
of awareness that a process of agreement formation is taking place and an appreciation
as to the obligations under the agreement. The process must produce verifiable records
of the obligations that are not subject to manipulation or falsification so that the risks of
imperfect memory and competing claims can be mitigated.
The second component of Legal Sufficiency is called “Signature.” Legal Sufficiency
requires that certain transactions, such as contracts, must not only be reduced to
writing but also contain a signature in order to be legally enforceable. The act of
signing meeting the requirement of “signature” must clearly establish the identity
of the signatory, established by the application of the individual’s unique mark, a
clear expression of awareness as to the intent of signing and a clear expression of
understanding as to the content and, most importantly obligations of the agreement.
The requirement of “signature” is an established legal standard whose “functional
purpose” must be respected in the execution of an electronic agreement.

Criteria 10: Notice of Rights

In the execution of electronic agreements with consumers, additional requirements to
provide clear and unambiguous notice of rights may be necessary. For example, the
e-Sign Act 20 imposes the additional requirement to provide clear and unambiguous
notice of rights to the consumer, including the right to withdraw consent, and to obtain
consent to transact electronically — in a form that demonstrates their ability to receive
information electronically.
The reliability of an electronic signature, the sole control over the act of signing and
a state of informed consent during the act of signing are necessary but insufficient
requirements for admissibility. It is also dependent on ensuring that the overall
trustworthiness of the electronic agreement is sufficient for its purpose, the focus of
the next principle.

Principle 4: The Digital Chain of Admissibility

The Digital Chain of Admissibility™ 21 relates to the capture and preservation of information
related to all material events involved in the electronic transaction, the audit trail of the
how, who, what and when, and the ability to verify and demonstrate its integrity.

ProofSpace
900 Clancy Ave NE 20 United States Electronic Signatures in Global and National Commerce Act: Section 101 General Rule of
Grand Rapids, MI 49503 Validity subsection c on Consumer Disclosures

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 11
 ProofSpace White Paper

Criteria 11: Audit Trail of How, Who, What and When

An electronic agreement involves at a minimum, the electronic signatures of two or
more parties; the specifics of the agreement and the time signatures were affixed. The
process of reaching an agreement may also involve contextual information related to
the intent of the parties, historic information related to the negotiation or case history of
the agreement, prerequisite information such as credit checks or electronic credential
validity checks and other information that is material to the agreement formation
process. Depending on the nature of the agreement, the risks involved, and the level
to which an organizations wishes to protect its rights and control the assignment of
liability, a specific subset of the agreement activity will constitute material information
which may need to be captured and preserved.

Criteria 12: Retention

The accurate and complete retention and rendering in human readable form of the
electronic signature and record and the audit trail preserving the how of the who, what
and when is critical to the admissibility and subsequent enforceability of any electronic
agreement.
The e-Sign Act 22 articulates this requirement as follows:
“Notwithstanding [General Rule of ES Validity], if a statute, … requires that a contract or
other record… be in writing, [its] legal effect, validity, or enforceability… may be denied
if such electronic record is not in a form that is capable of being retained and accurately
reproduced for later reference by all parties or persons who are entitled….”

There is also the issue of Retention Period, which is a significant legal requirement
irrespective of the form of the contract — electronic or paper. All electronic agreements
must be retained for the legally required Retention Period in a form that can be
demonstrated to be accurate and complete. Retention periods can be as short as one
week, and as long as a several decades.
The e-Sign Act 23 articulates this requirement as follows:
“If a… rule of law requires that a… record relating to a transaction… be retained, that
requirement is met by… an electronic record… that: accurately reflects the information
set forth in the contract or other record [transaction]; remains accessible to all persons
entitled to access… for the period required… in a form that is capable of being accurately
reproduced…”

The reliability of an electronic signature, the sole control over the act of signing, a
state of informed consent during the act of signing and the capture and preservation
of the electronic forensic evidence of the agreement are necessary but insufficient
requirements for admissibility. It is also dependent on ensuring that the required level
of overall trustworthiness of the agreement formation process is met, the focus of the
final principle.

ProofSpace 21 The Digital Chain of Admissibility is a trademark of trustEra, Inc.

900 Clancy Ave NE 22 United States Electronic Signatures in Global and National Commerce Act: Section 101 (e)

Grand Rapids, MI 49503 23 United States Electronic Signatures in Global and National Commerce Act: Section 101 (d)

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 12
 ProofSpace White Paper

Principle 5: Electronic Agreement Trustworthiness

This principle relates to all previous principles in terms of their degree of
trustworthiness. That is, the level of reliability of the electronic signature, the degree
of sole control over the act of signing, the extent of state of informed consent during
the act of signing and the forensic grade of the audit trail. The key question becomes —
what level of trustworthiness is required? In general, the level of trustworthiness of all
aspects of the electronic execution process must be appropriate for the purpose of the
agreement, the legal significance of the act of signing, and the nature and level of the
risks, including consideration of the damages that can ensue from the failure of any
party to fulfill its obligations.
This may be different depending on the nature of the transaction, the environment in
which it is being conducted and the requirements of law and regulations. Consequently,
this is a case-by-case set of requirements.

Criteria 13: Level of Electronic Signature Reliability

The reliability of an electronic signature is predicated on the level of reliability of the
attributes discussed in Principle 1: Electronic Signature Reliability. The key question
then becomes — to what level of reliability?
The UN Model Law 24 articulates the level of reliability as follows:
“Where the law requires a signature of a person, that requirements is met… if an electronic
signature is used which is as reliable as was appropriate for the purpose for which the data
message [agreement] was generated…”

Without a context of what is being signed, the purpose of a signature is undetermined.

The “level of reliability” is associated with the purpose of the act of signing – the intent
of what is being signed. The act of signing has a number of intended effects, some with
more legal significance than others. Consider the following intended effects of signing.
• Contract • Authorship • Notice
• Assignment • Initial • Origin
• Witnessing • Endorsement • Presence
• Notarization • Approval • Association
Clearly one can see a significant difference in the legal significance between signatures
with the intent to assign legal ownership of intellectual property (Assignment) as
compared to a log of an attendance to an event (Presence).
Consequently, the legal significance of the act of signing establishes its commensurate
level of reliability. The “appropriate” bar must be met – the requirement of law is met if
an electronic signature formation method is sufficiently reliable commensurate with the
legal significance of the act of signing.
The EU Directive 25 has defined a special class of electronic signature (i.e., digital
signature) called Advanced Electronic Signature (AES) with a guaranteed level of legal
recognition — admissibility as evidence in a European Union court of law, as follows:

ProofSpace
900 Clancy Ave NE 24 UNCITRAL Model Law on Electronic Signatures Article 6.1

Grand Rapids, MI 49503 25 European Union Electronic Signature Directive Article 5.1

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 13
 ProofSpace White Paper

“Member States shall ensure that advanced electronic signatures that are based on a
qualified certificate and that are created by a secure signature creation device:
a) satisfy the legal requirements of a signature in relation to data in electronic form in
the same manner as a handwritten signature satisfies that requirement in relation to
paper-based data; and
b) are admissible as evidence in legal proceedings.”
An AES involves a very high prescribed level of reliability with specified compliance
requirements for all aspects of the electronic signature formation process including its
corresponding support infrastructure. It exchanges a measurable level of “reliability,”
for a guaranteed level of legal recognition — legal admissibility in a court of law.

Criteria 14: Degree of Control over the Act of Signing

Sufficient security procedures must be put in place and maintained that provide
reasonable assurance that the privacy of the unique identifier will be preserved, the
registered individual is the only person that can access to the unique identifier and
that the signatory is the only individual able to execute the act of signing. The level of
security must be based on the highest level required for all uses of the unique identifier.

Criteria 15: Extent of a State of Informed Consent

To control the basis of repudiation, the design of the agreement execution process
must be able to reliably establish and demonstrate that the “softer” requirements of
admissibility had been met — to a level of certainty. That is, the agreement formation
process must clearly demonstrate by design, notice, or response that the individual 1)
had been informed as to all their rights and choices, 2) had to of been fully aware that
a agreement formation process was taking place, 3) clearly understood the intent of
the agreement and that binding obligations were being undertaken, 4) was fully aware
of their obligations, and 5) had to of performed the act-of signing in a state of informed
consent. The “level of certainty” must be commensurate with the legal significance of
the agreement and the nature and risks of the process executing the agreement.

Criteria 16: Trustworthiness of the Digital Chain of Admissibility

There are two components to the trustworthiness of an audit trail. The trustworthiness
of the information it contains and the trustworthiness of the audit trail itself. This is
collectively referred to as the trustworthiness of the Digital Chain of Admissibility.
The trustworthiness of the information contained in the audit trail is based on the level
of reliability of the electronic signatures, as discussed under Criteria 13, the ability to
demonstrate the authenticity of the electronic records and the accuracy and auditability
of the electronic time stamps. The later is based on the ability to demonstrate how the
legal source of time was obtained from a National Timing Authority, how the network
was synchronized, how the application accesses time from the network and finally how
a time stamp is embedded or affixed to the record. For more information please consult
www.trusterr.com for a white paper 26 on the subject. The level of reliability, authenticity
and auditability of the information contained in the audit trail should be sufficient as for
the legal significance of the agreement and the environment in which it was executed.
The trustworthiness of the audit trail is also related to the technical mechanisms
used to preserve and protect its content over time and the ability to verify its integrity
ProofSpace
900 Clancy Ave NE
Grand Rapids, MI 49503 26 “Trusted Time: Essential to eBusiness Risk Mitigation” white paper, published December 2000.

(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 14
 ProofSpace White Paper

at any future time. Methods should be used to verify and demonstrate that the audit
trail has not been altered or manipulated in any way since it was created - that is,
its integrity been maintained. This is a fundamental prerequisite. If this cannot be
demonstrated, it invalidates any audit trail irrespective of the level or reliability of the
information it contains.

Conclusion: A Trusted Electronic Agreement Process

A Trusted Electronic Agreement Process is one whose design and method of execution
results in the legal admissibility of the agreement. Admissibility means meeting
the prerequisite requirements necessary to hold an individual accountable for their
electronic signature, to obtain a successful dispute resolution judgment or to obtain
favorable court adjudication.
There are five principles that contribute directly to the legal admissibility of an
electronic agreement. The first principle is the reliability of an electronic signature, in
terms of the robustness of how the signature is linked to the record, the reliability of the
chain of trust related to identity authentication and the ability to verify the integrity of
the signature and record after the signature is affixed. The second principle relates to
reliability of the act of signing itself — the ability of the signatory to be the only one that
can exercise sole control over the act of signing. The third principle relates to the state
of mind of the individual at the time of signature; that is, whether a state of informed
consent did exist during the act of signing. Was the individual aware that they were
engaged in an agreement formation process, were they fully aware of their rights, were
they aware of their obligations under the agreement and were they aware that they
were affixing their legally binding signature that will result in enforceable obligations.
The fourth principle relates to the requirement to capture, preserve and retain for as
long as necessary all material information related to the transaction in a way that can
be verified and shown to be accurate and complete. The final principle relates to the
need to design and operate an agreement formation process that is sufficiently reliable
and trustworthy commensurate with the legal significance of the act of signing and the
nature and risk of the transaction.
Legal
Electronic Systems Admissibility
and Processes that Comply
with Regulations

eCompliance
Electronic Transactions
that Adhere to Legal Standards
& eSign Legislation

eAdmissibility
Reliable Electronic
Signatures
Authentic Records eIntegrity
& Time Stamps

Legal Effect
& Validity

These five principles are collectively sufficient to ensure that the electronic agreement,
ProofSpace its electronic signature and records will be granted legal admissibility in a court of law.
900 Clancy Ave NE This framework of requirements for legal admissibility is illustrated in the figure above.
Grand Rapids, MI 49503
(312) 933.8823
www.proofspace.com The Principles of Electronic Agreement Legal Admissibility — Revised March 2003 15
 ProofSpace White Paper

The paper also specified sixteen criteria that can be used as a guide to assess the
degree of confidence that an electronic agreement executed by a particular agreement
formation process will be deemed legally admissible in a court of law. These criteria are
presented in an evaluation table as follows:

Evaluation Matrix: Criteria for Legal Admissibility of Electronic Agreements

Agreement Intent:
Define the
Nature Legal Significance of Signatures:
of the
Environment of Agreement Execution:
Agreement
and its Nature of Risks and Liabilities:
Risks Basis of Repudiation:
Method Level of Trust-
Description worthiness
Principle 1: Electronic Signature Reliability
Electronic Signature to Electronic Document
Criteria 1:
Binding
Criteria 2: Identity Authentication
Criteria 3: Electronic Signature Integrity
Criteria 4: Electronic Document Integrity
Principle 2: Sole Control over Act of Signing
Criteria 5: Privacy of Unique Identifier
Criteria 6: Sole Control Over Unique Identifier
Criteria 7: Revocation of Unique Identifier
Principle 3: A State of Informed Consent in the Act of Signing
Awareness of Engaging in A Process of
Criteria 8:
Agreement Formation
Awareness of Intent and Implications of Act of
Criteria 9:
Signing
Criteria 10: Notice of Rights
Principle 4: The Digital Chain of Admissibility
Criteria 11: Audit Trail of How, Who, What and When
Criteria 12: Retention
Principle 5: Electronic Agreement Trustworthiness
Criteria 13: Level of Electronic Signature Reliability
Criteria 14: Degree of Control over the Act of Signing
Criteria 15: Extent of a State of Informed Consent
Trustworthiness of the Digital Chain of
Criteria 16:
Admissibility

ProofSpace
900 Clancy Ave NE
Grand Rapids, MI 49503
(312) 933.8823

©2007 ProofSpace. All Rights Reserved. ProofSpace, Transient Key, the ProofSpace logo, ProofMark and the ProofMark
System are trademarks of ProofSpace Inc. All other trademarks are owned by their respective companies. 16