Skip to main content
No items found.
logo dropboxsign
Why Dropbox Sign?
Expand or collapse accordion

What you can do

Sign documents online
Create electronic signatures
Choose or create templates
Fill and sign PDFs
Complete online contracts
Document management
Explore features
icon arrow right

Use cases

Sales and business development
Human resources
Startups
Financial technology
Real estate
On-demand services
Products
Expand or collapse accordion
icon dropbox
Sign
Make it easy to send and sign
icon dropbox
Sign API
Integrate eSign in your workflow
icon dropbox fax
Fax
Send faxes without a fax machine
icon dropbox integrations
Integrations
We meet you where you work
Resources
Expand or collapse accordion
Blog
Workflow expertise & product news
Customer stories
Real-world stories with real results
Help center
In-depth guidance for our products
Resource library
Reports, videos, and info sheets
Developers
Pricing
Expand or collapse accordion
Dropbox Sign pricing
Find the right plan for you
Dropbox Sign API pricing
Real-world stories with real results
Contact sales
Sign up
Contact Sales
Sign in
Expand or collapse accordion
Dropbox Sign
Dropbox Forms
Dropbox Fax
Free trial
Blog
/
eSignatures fundamentals

Understanding ECA 2000 and Its Impact on International eSignatures

by 
Tina Eaton
May 13, 2020
5
minute read
"Understanding ECA 2000 and Its Impact on International eSignatures" header image
icon tooltip

New look, same great product! HelloSign is now Dropbox Sign.

icon close

From the ciphers carved into the tomb of Egyptian nobleman Khnumhotep II in 1900 BC to the Turing machine that’s credited with saving millions of lives after cracking German code and shortening WWII, there is no doubt that what David Kahn wrote in The Codebreakers is true: Wherever language and writing spring up, cryptography is sure to follow.

‍

While that’s interesting and all, you came here to learn about eSignatures, didn’t you?

‍

No, you’re not in the wrong place. And yes, you’re going to learn about eSignatures.

‍

But first, let’s talk about the foundation upon which eSignatures are built and some of the important legislation that has helped make them a cornerstone in global business.

First Things First: Understanding Cryptography

Cryptography may sound a little mysterious, but at its core, it’s simply the practice of transforming data to hide its content, establish its authenticity, prevent its repudiation, and protect it from unauthorized modification and use.

‍

In practice, that means a person can send a written message to someone that they may never have met over a public channel (such as the internet) without anyone else being able to access that message — all thanks to cryptography.

‍

If you’ve heard of “encryption” and “decryption,” these are processes that employ cryptography to keep data safe.

What Does Cryptography Have to Do With eSignatures?

Cryptography is just as important to modern society as it was to ancient Egyptians. That’s because, today, cryptographic processes are used to secure the communications (social media messaging, email, etc.) and the transactions (digital banking, automated online bill pay, etc.) that take place on the internet every second.

‍

Modern cryptography specifically implements sophisticated algorithms to encrypt data — and then decrypt it at the other end — so that negotiations between parties are protected from unwanted eyes and actions.

Illustration of a paper document, lock, envelope, key, and another paper document

‍

Sound familiar? That’s right, a quality eSignature platform implements cryptographic practices to keep the document that’s being signed confidential, to authenticate the identity of the person signing the document, and to keep the unique identifying factors associated with that electronic signature private.

Where Does ECA 2000 Come Into Play and What Did it Do for eSignatures?

The Electronic Communications Act of 2000 (commonly known as “ECA”) was enacted in the United Kingdom to implement government oversight in businesses where cryptographic services (including eSignature) are used to ensure safety and security.

‍

This ground-breaking legislation, often mentioned in tandem with the United States’ Electronic Signatures in Global and National Commerce Act (ESIGN), is largely credited with propelling global business by recognizing, legitimizing, and protecting eSignatures and other cryptographic services.

‍

We probably don’t have to tell you that just 20 years out from the passing of the ECA and ESIGN act, eSignatures are revolutionizing the speed and security at which businesses work by finalizing documents like:

  • NDAs, timesheets, and employee onboarding paperwork
  • Sales contracts, invoices, and approve proposals
  • Leases and other rental and housing agreements
  • Tax documents, bank forms, and insurance paperwork
  • Permission slips, school forms, and release

Limitations of ECA 2000 in the UK

Just like in the U.S., electronic signatures in the United Kingdom may generally be considered court-admissible. However, in some cases, courts reserve the right to demand extra evidence to support eSignatures.

‍

eSignatures that are completed in the U.K. also have to “indicate an intention to authenticate.”

‍

While eSignatures don’t have to follow any certain format to meet this demand, the eIDAS (the 2016 Electronic Identification, Authentication and Trust Services regulation that complement the ECA) gives these as acceptable eSignatures formats:

  • A typewritten name
  • A tick in a checkbox or a click on a button that indicates agreement
  • A digital scan of a handwritten signature
  • Data in a digital form with advanced security
  • A digital signature that’s created using Public Key Cryptography and Certificate Authority

These limitations are already, well, pretty limited; but the Law Commission quelled any further doubt in late 2019 when they reported that “ … in most cases, electronic signatures can be used as a viable alternative to handwritten ones.” Of course, before making any large business decision, users should check whether electronic signatures are right for their particular use case.

Do Your Due Diligence When Choosing a Secure eSignature Solution

When utilized in compliance with the ECA, the ESIGN act, and other local and federal regulations; eSignatures enable audit trails, convenience, and speed that benefits parties on both ends of the deal.

‍

However, we caution every business that wants to implement eSignatures into their workflow to make sure they’re partnering with a platform that meets these key security checkpoints:

‍

Encryption: Encryption protects information as it passes between the sender and a receiver. Look for a platform that uses Secure Sockets Layer (SSL) encryption both during the signing process and once a signed document is stored away.

‍

Physical Security: While we’re on the topic of storage, it’s important we mention the physical side of storage and how that’s secured.

‍

Every digital service still requires physical servers where they store data. Make sure your eSignature provider prioritizes secure physical data storage — preferably in certified data centers that are equipped with security staff, video surveillance, multi-step authentication, and intrusion detection systems.

‍

Audit Trails: Audit trails ensure that every action such as an electronic document being opened, viewed, signed, or declined is tracked and time-stamped so modifications are easy to spot.

‍

If you ever run into a legal challenge that questions a document or eSignature, audit trails will help establish their validity — so make sure your eSignature solution isn’t skimping!

‍

In illustration of a document, a letter, an eye, a hand holding a pencil, and a certified document

‍

Secure Financial Processing: Often, when electronic signing is on the table, some kind of financial transaction is also taking place. Make sure that your eSignature provider is partnering with a payment processor that’s just a fanatical about security as they are.

‍

These are just the baseline security elements that we think every business should take into account when choosing an eSignature partner, so don’t forget to take into account any unique security needs your specific organization may have.

‍

Thinking about adding eSignature to your business’ workflow? Dropbox Sign offers an easy-to-use solution for companies to sign and manage electronic documents in a safe, simple and seamless way. Start your free trial with Dropbox Sign today.

Stay in the loop

Done! Please check your inbox.

Thank you!
Thank you for subscribing!

Lorem ipsum

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum
icon arrow right
icon close

Up next:

Person working on a laptop at a desk. Screen shows an electronic signature being added to a document.
eSignatures fundamentals
8
minute read

SES, AES, and QES: Types of electronic signatures explained

Person signing a document on a tablet in a living room.
eSignatures fundamentals
5
minute read

How to validate a digital signature—and why it matters

Report

The state of finance firms in 2022

Products
Dropbox SignDropbox Sign APIDropbox FaxIntegrations
Why Dropbox Sign
Electronic signaturesSign documentsSign and Fill PDFsOnline contractsCreate electronic signaturesSignature editorSign word documents
Support
Help centerContact salesContact supportManage cookiesGetting started: Dropbox SignGetting started: Dropbox Sign API
Resources
BlogCustomer storiesResource centerLegality guideTrust center
Partners
Strategic PartnersPartners locator
Company
CareersTermsPrivacy
icon facebookicon youtube

Accepted payment methods

Mastercard logoVisa logoAmerican Express LogoDiscover logo
CPA Compliance BadgeHIPAA compliance badgeSky High Enterprise Ready badgeISO 9001 Certified badge

Dropbox Sign electronic signatures are legally binding in the United States, European Union, United Kingdom, and in many countries around the world.
For more information, please view our Terms and Conditions and Privacy Policy