What PIPEDA, the ESIGN Act, and UETA require for a legally valid e-signature — and exactly what GetSigned captures to meet those requirements.
Personal Information Protection and Electronic Documents Act
Electronic Signatures in Global and National Commerce Act
Uniform Electronic Transactions Act
Every envelope generates a complete evidentiary record — automatically, on every signing.
A mandatory consent click before any signing begins. Logged with timestamp, IP, user agent, and geolocation. Consent is a legal requirement under ESIGN and UETA.
Signers verify their identity via a time-limited code sent to their registered email or SMS number before access to the document is granted.
The moment a signer opens the document is logged — proving they had the opportunity to read what they were signing.
Each signature application is recorded with full event metadata: which field was signed, by whom, at what time, from which IP.
The original document's SHA-256 hash is recorded at creation. The final sealed document's hash is recorded on completion. Any pre- or post-signing modification is detectable.
A CA-issued digital signature is applied to the entire sealed PDF. Any byte-level modification after sealing invalidates the signature — verifiable in Adobe Reader or any PDF validator.
All events are appended to an append-only, hash-chained log. Each row hashes the previous row, so tampering with any event is mathematically detectable even with direct database access.
A machine-generated certificate page listing all events is embedded in the final PDF before sealing — so the evidentiary record travels with the document.
ESIGN and UETA explicitly exclude certain document categories. These are not edge cases — check before assuming.
This list is illustrative, not exhaustive. Requirements vary by state and province. Consult qualified legal counsel for your specific documents and jurisdictions.
E-signature compliance means that an electronic signature was collected in a way that satisfies the legal requirements of the applicable jurisdiction — most commonly PIPEDA (Canada), the ESIGN Act (US federal), or UETA (US state). The key requirements across all three are: (1) the signer voluntarily consented to sign electronically; (2) the signature is attributable to the signer (via identity verification); (3) the signed document and signing record are retained and accessible. GetSigned is designed to satisfy all three requirements.
GetSigned captures: explicit e-sign consent with timestamp and IP; OTP identity verification event; document view event; each signature event with metadata; SHA-256 hashes of the original and final document; a PKCS#7 digital seal applied to the entire PDF; and a hash-chained, append-only audit log. All of this is summarized in an audit certificate page embedded in the sealed document. This evidence record is sufficient for defensibility under PIPEDA, ESIGN, and UETA.
GetSigned is designed to produce e-signatures that satisfy PIPEDA's requirements: the signature is in electronic form, it is created by the signer (via OTP-verified identity), it is attached to the document (via field flattening and PKCS#7 seal), and the record is retained. For PIPEDA Schedule 2 "secure electronic signature" requirements (applicable to specific government documents), a qualified certificate-based signature is required — GetSigned uses a service-level seal rather than a per-signer qualified certificate, which is the correct approach for commercial e-signatures under ESIGN/UETA and most PIPEDA use cases.
An e-signature is a legally defined concept: any electronic process that indicates a person's intent to sign. A digital signature is a technical implementation: a cryptographic operation using a public/private key pair that proves document integrity. For ESIGN/UETA/PIPEDA compliance, a legally valid e-signature is what matters — the law does not require a PKI-based digital signature. GetSigned collects a legally valid e-signature (with consent, identity verification, and audit trail) and additionally applies a service-level digital seal (PKCS#7) to the document for tamper-evidence. This gives you both the legal standard and the technical proof.
Yes. ESIGN and UETA both exclude certain categories: wills and codicils, adoption papers, certain family law documents, and specific notices (utility disconnection, eviction). Negotiable instruments and certain real property conveyances may have additional requirements depending on state law. PIPEDA similarly excludes specific document types from electronic signature recognition. The list above covers the most common exclusions — consult qualified legal counsel for your specific document types and jurisdictions.
GetSigned provides the technical infrastructure for legally defensible e-signatures: consent capture, identity verification, document integrity sealing, and audit trail. Compliance also depends on: (1) the document type — see exclusions above; (2) your specific use case and jurisdiction; (3) any sector-specific regulations that may apply (financial services, healthcare, government). "The tool was compliant" is necessary but not sufficient — the overall process must also be compliant. Consult qualified legal counsel for your specific use case.
This page is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel for your specific jurisdiction, document types, and compliance requirements.
Related: E-signature legality guide · Audit trail guide · E-sig vs digital signature · E-signatures for legal
Every envelope captures the full evidence record automatically. No configuration required.
Get free API keys →