Legal Compliance

WPsigner provides the tools and features necessary to create legally compliant electronic signatures. This page covers the major regulations and how WPsigner helps you meet compliance requirements.

Electronic Signature Laws

United States

ESIGN Act (2000)

The Electronic Signatures in Global and National Commerce Act establishes that:

Requirement	Meaning
Legal equivalence	E-signatures have same legal weight as handwritten
Intent	Signer must intend to sign
Consent	Parties must agree to use electronic format
Record retention	E-records must be accurately retained

WPsigner compliance:

• ✅ Captures clear intent through signing action
• ✅ Records consent in audit trail
• ✅ Stores documents with full audit history

UETA (1999)

The Uniform Electronic Transactions Act is adopted by 49 states (all except New York, which has similar laws):

Principle	WPsigner Support
E-signature validity	✅ Fully supported
E-record validity	✅ PDF storage with audit trail
Attribution	✅ Links signature to signer identity
Effect of change	✅ Digital signature detects tampering

European Union

eIDAS Regulation (2014/910)

The EU’s electronic IDentification, Authentication and trust Services regulation defines three signature levels:

Level	Description	Legal Effect	WPsigner
SES (Simple)	Any electronic signature	Valid, may need additional evidence	✅ Default
AdES (Advanced)	Uniquely linked to signer, under signer’s control	Stronger presumption of validity	✅ With OTP
QES (Qualified)	AdES + qualified certificate + QTSP	Equivalent to handwritten	⚠️ Requires QTSP certificate

WPsigner signature levels:

┌─────────────────────────────────────────────────────────┐
│ QES (Qualified)                                         │
│ • Commercial AATL certificate from QTSP                 │
│ • Highest legal standing in EU                          │
├─────────────────────────────────────────────────────────┤
│ AdES (Advanced)                                    ✅   │
│ • OTP verification enabled                              │
│ • Digital ID configured                                 │
│ • Timestamping enabled                                  │
├─────────────────────────────────────────────────────────┤
│ SES (Simple)                                       ✅   │
│ • Basic WPsigner signatures                             │
│ • Audit trail with IP and device info                   │
└─────────────────────────────────────────────────────────┘

Other Regions

Country/Region	Law	Status
United Kingdom	UK eIDAS / ECA 2000	✅ Recognized
Canada	PIPEDA + Provincial	✅ Recognized
Australia	Electronic Transactions Act 1999	✅ Recognized
India	IT Act 2000	✅ Recognized
Brazil	MP 2.200-2/2001	✅ Recognized

---

Industry Regulations

Healthcare (HIPAA)

The Health Insurance Portability and Accountability Act applies to Protected Health Information (PHI):

HIPAA Requirement	WPsigner Solution
Access controls	Role-based WordPress permissions
Audit controls	Complete audit trail logging
Integrity controls	Digital signatures detect tampering
Transmission security	HTTPS encryption (your server)
Business Associate Agreement	Required with hosting provider

HIPAA Compliance Checklist:

• Host on HIPAA-compliant infrastructure
• Configure OTP verification
• Enable Digital ID signing
• Enable audit trail with geolocation
• Sign BAA with hosting provider
• Implement access controls
• Train staff on procedures

[!IMPORTANT] WPsigner provides the technical controls. You are responsible for administrative and physical safeguards, plus BAA with your hosting provider.

Financial Services (SOX, FINRA)

Requirement	WPsigner Feature
SOX 802 - Record retention	Permanent document storage
SOX 802 - Integrity	Digital signatures, tampering detection
FINRA 4511 - Books and records	Timestamped audit trails
FINRA 3110 - Supervision	Audit logs show who signed what

Legal (ABA Guidelines)

The American Bar Association recognizes e-signatures for:

• Client engagement letters
• Contracts and agreements
• Settlement agreements
• Non-disclosure agreements

Best practices for legal documents:

1. Enable Digital ID (PKI certificate)
2. Enable timestamping (TSA)
3. Use sequential signing for approval chains
4. Keep complete audit trails

Real Estate (RESPA, TRID)

Many real estate documents can be signed electronically:

✅ Allowed	⚠️ May Require Wet Signature
Purchase agreements	Deeds (varies by state)
Listing agreements	Notarized documents
Lease agreements	Some title documents
Addendums

---

Key Compliance Features

1. Digital Signatures (PKI)

Cryptographic signatures that prove:

• Authenticity - Who signed
• Integrity - Document not altered
• Non-repudiation - Signer cannot deny signing

Configure at: WPsigner → More → Digital ID

2. Timestamping (TSA)

RFC 3161 timestamps prove:

• Exact signing time - From trusted third party
• Long-term validity - Valid after certificate expires

Configure at: WPsigner → Settings → Legal & Privacy

3. Audit Trails

Every document includes:

• All signer actions with timestamps
• IP addresses and device information
• Consent records
• Viewing history

See: Audit Trails Documentation

4. Identity Verification

Multiple verification methods:

• Email verification - Link only works for recipient
• OTP verification - Code sent to signer’s email
• PIN protection - Additional access code

5. Certificate of Completion

Every completed document includes:

• Summary of all signatures
• Complete audit trail
• Compliance attestation

---

Signature Validity by Document Type

Generally Accepted

Document Type	Notes
Contracts	All jurisdictions
NDAs	All jurisdictions
Employment agreements	All jurisdictions
Service agreements	All jurisdictions
Purchase orders	All jurisdictions
Terms and conditions	All jurisdictions
Client proposals	All jurisdictions
HR documents	Most jurisdictions

May Require Special Handling

Document Type	Consideration
Real estate deeds	Check state requirements
Wills and testaments	Often require witnesses/notarization
Court documents	Check local rules
Powers of attorney	Varies by jurisdiction
Healthcare directives	May require witnesses

Typically Require Wet Signature

Document Type	Reason
Notarized documents	Physical notary required
Some government forms	Specific requirements
Certain immigration forms	Federal requirements

---

Compliance Checklist

Basic Compliance (SES)

• WPsigner installed and configured
• HTTPS enabled on your site
• Audit trail enabled (default)
• Documents stored securely
• Access controls in place

Enhanced Compliance (AdES)

• Digital ID configured
• OTP verification enabled
• Timestamping enabled
• Advanced audit trail (geolocation, device)
• Document retention policy defined

Maximum Compliance (QES-ready)

• All AdES requirements
• Commercial AATL certificate from QTSP
• Identity verification procedures
• Staff training documented
• Compliance policies written

---

Compliance Score

WPsigner displays a Compliance Score in More → Security & Compliance:

Score	Level	Features Enabled
Basic (SES)	Simple Electronic Signature	Default configuration
Enhanced (SES+)	Enhanced Simple	+ Identity verification
Advanced (AdES)	Advanced Electronic Signature	+ Digital ID + TSA + OTP

---

Legal Disclaimer

[!CAUTION] This documentation provides general information about electronic signature laws and is not legal advice. Laws vary by jurisdiction and change over time. Consult with a qualified attorney for specific legal requirements applicable to your situation.

WPsigner provides technical tools for compliance. You are responsible for:

• Understanding applicable regulations
• Configuring appropriate security settings
• Implementing proper procedures
• Training your staff
• Maintaining documentation

---

Next Steps

• Digital ID Configuration - Set up PKI certificates
• Timestamping - Enable RFC 3161 timestamps
• Audit Trails - Understanding the legal record
• FAQ - Common compliance questions