How SahlSign meets electronic signature laws in the United States (ESIGN, UETA), the European Union (eIDAS), and the GCC. Simple Electronic Signature (SES) tier with strong technical integrity safeguards.
Last updated: May 20, 2026
UETA (1999) and the federal ESIGN Act (15 U.S.C. §7001) together establish the legal foundation for electronic signatures in the United States. Both ensure that electronic records and signatures carry the same legal effect as handwritten signatures and paper records.
Every signer must check the consent box before continuing. The event is recorded server-side with the disclosure version, IP, and user agent — not a client-side click that can be lost.
A "Decline to sign" link is available on both the disclosure and document steps. A decline voids the entire envelope for all signers and is recorded in the audit chain.
Identity is verified via email or SMS OTP. Signer name, email, IP address, and user agent are recorded alongside every signing event (UETA §9, ESIGN §106(5)).
Every event (viewed, OTP sent, signed, declined, completed) is linked by a SHA-256 hash chain with serializable transaction isolation. Any modification to any entry invalidates all subsequent entries.
The original document SHA-256 hash is verified before each signature. If the PDF has been modified since upload, signing is refused.
Every signer and the document owner receive the final signed PDF and the Certificate of Completion by email the moment all parties have signed.
The eIDAS Regulation (EU 910/2014) standardises electronic identification and trust services across the EU. It defines three signature tiers: Simple (SES), Advanced (AES), and Qualified (QES). SahlSign produces a Simple Electronic Signature (SES) with technical integrity guarantees beyond the SES default.
Active drawing, typing, or upload followed by OTP confirmation and submit captures unambiguous intent to sign per Art. 3(10).
Signatures are embedded into the PDF via the PAdES /ByteRange. The signed bytes are cryptographically bound to the document.
A CMS/PKCS#7 signature block embedded into the PDF per ETSI EN 319 142 (Baseline-T profile), with an RFC 3161 trusted timestamp from a third-party TSA.
Any byte-level modification after signing breaks the seal and is flagged in Adobe Reader or any PAdES-compatible viewer.
A standalone PDF summarising signers, final document hash, audit chain status, and a public verification URL that anyone can open to re-check integrity.
Every completed document can be verified by any party — not just the transaction participants — via the verify URL embedded in the Certificate of Completion.
SahlSign signatures are recognised under each jurisdiction’s electronic transactions framework. Signatures are produced by SahlSign as the trust service operator on behalf of the originating tenant organisation, which is identified in document metadata, the signing-request email, and the Certificate of Completion.
| Jurisdiction | Law | Key articles |
|---|---|---|
| European Union | Regulation (EU) 910/2014 (eIDAS) | Art. 25(1) |
| United States | ESIGN Act (15 U.S.C. §7001) + UETA (most states) | §101(a); §7 |
| State of Qatar | Law No. 16 of 2010 on Electronic Commerce and Transactions | Art. 28 |
| United Arab Emirates | Federal Decree-Law No. 46 of 2021 on Electronic Transactions and Trust Services | Art. 8 & 18 |
| Kingdom of Saudi Arabia | Electronic Transactions Law (Royal Decree M/18 of 2007) | Art. 9 & 14 |
| Kingdom of Bahrain | Electronic Communications and Transactions Law (Legislative Decree 54 of 2018) | Art. 6 |
| Sultanate of Oman | Electronic Transactions Law (Royal Decree 39/2025) | SES / AES / QES tiers |
| State of Kuwait | Law No. 20 of 2014 concerning Electronic Transactions | Art. 16–19 |
| Arab Republic of Egypt | Law No. 15 of 2004 on Electronic Signature | Art. 14 |
Where statute or regulation requires a specific signature form (notarisation, registration with a land registry, qualified-certificate signature, etc.), SES alone may not be sufficient. See the tier limits below and consult local counsel for material transactions.
Documents and audit records live on encrypted cloud infrastructure (at rest and in transit). The cryptographic audit chain and PAdES seal ensure any post-signing modification is detectable by any third party, not just by us.
TLS 1.2+ for all network traffic. AES-256 at-rest encryption for document storage. Signing private keys are loaded from server environment only and never exposed to the client.
A SHA-256 hash is computed and stored for both the original and the final signed document. The original hash is re-verified before each new signature is applied.
Each audit entry references the hash of the previous one. Verification is deterministic — any third party can re-compute the chain from the public audit export.
Every completed document has a stable verify URL. It displays the document hashes, audit chain validity, and signer list — usable by recipients, courts, or counterparties.
A standalone PDF attached to every completion email. Contains the signer list, audit timeline, document hashes, TSA status, and PAdES seal certificate fingerprint.
Customer data is hosted in a specified region per plan tier. Residency details are documented per production environment — contact compliance for region-specific commitments.
Personal data protection: Saudi Arabia's PDPL and Bahrain's PDPPL apply to every signing workflow that processes signer PII from GCC residents — names, emails, IP addresses, and signed documents. Read the PDPL & PDPPL compliance guide →
Many platforms list certifications they don’t actually hold. We prefer to be explicit about what is not in scope today — these are the items we are intentionally not claiming.
We do not issue eIDAS Advanced (AES) or Qualified (QES) signatures. The AES option is intentionally not available in the product. For transactions that legally require a higher tier, contact us about roadmap partners (Nafath, UAE Pass, EU QTSPs).
SahlSign is not currently certified for SOC 2 Type II, HIPAA, or ISO 27001. These are roadmap items, not current status. We will publish independently-audited reports as they are completed.
Do not rely on SahlSign SES alone for the following categories. In most jurisdictions we serve, these require notarisation, registration with a government authority, or a specific form of signature that SES does not meet:
Our compliance team can answer questions about signature tier, evidentiary weight, jurisdiction-specific requirements, or your industry’s mandates.