This page addresses questions related to the permanent digital signature regulations. Note that these permanent regulations are temporarily superseded by emergency regulations effective from 4/22/2020 through 10/20/2020, or until that date is extended or the emergency regulations are made permanent by regulatory action. The information on this page may not be consistent with the emergency regulations. See emergency regulations
Under California law, a digital signature is defined as "an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature."
Government Code section 16.5 states a digital signature shall have the same force and effect as a manual signature if and only if:
Government Code section 16.5 also states that the use or acceptance of a digital signature is at the option of the parties to the transaction and nothing in the law requires a public entity to use or accept the submission of a document containing a digital signature.
The regulations adopted by the Secretary of State define the types of technologies that are acceptable for creating digital signatures for use by public entities in California. They also provide guidance to public entities that want to use digital signatures for certain transactions.
A digital signature provider is an entity that provides document signing services using digital technology.
A digital signature certification authority is an entity that issues digital certificates that are required for a digital signature under California law. Pursuant to regulation, the Secretary of State maintains on its web site an “Approved List of Digital Signature Certification Authorities” that are authorized to issue certificates for digitally signed communications with public entities in California.
No, a digital signature provider is not required to be on the Secretary of State’s “Approved List of Digital Signature Certification Authorities,” but that provider is required to offer its digital signature service with a certificate issued by a digital signature certification authority that is on the list if the signature will be used to digitally sign communications with public entities.
Digital signatures can be used for many transactions that currently require a hand written signature. Potential uses include on-line college applications and submitting applications for business permits at the local level.
Government Code section 16.5 and the regulations adopted by the Secretary of State affect public entities in California, which are defined by the Government Code as the State, the Regents of the University of California, a county, city, district, public authority, public agency, and any other political subdivision or public corporation in the State.
Government Code section 16.5 specifies that the use of digital signatures shall be at the option of the parties involved in the transaction. Before beginning a transition from paper documents to electronic ones, public entities must ensure that all the parties to the transaction are willing to use digital signatures.
These regulations allow public entities to utilize digital signatures that are created by one of two different technologies—"public key cryptography (PKC)" and "signature dynamics."
For a public entity to get started, the first step is to determine the amount of security necessary to conduct the transaction. Some issues to consider are:
Answering these and countless other questions can help public entities identify the appropriate technology to use for each application that includes a digital signature component.
PKC signatures have a greater degree of verifiability than signature dynamics signatures. PKC allows for a third party verification of the signature, while signature dynamics signatures require additional steps (including handwriting analysis) to verify the signer of a document.
PKC signatures are designed to be immediately verifiable. Signatures using signature dynamics technology are designed to allow future verification of the signature (similar to a non-notarized, paper-based signature).
PKC signatures are affixed to documents using software enhancements to existing applications and web browsers. Signature dynamics signatures require additional hardware to create the signatures.
Signature dynamics signatures are easier for the average user to understand, but they do not provide the level of security that is inherent in PKC signatures, which are immediately verifiable with a third-party issued certificate.
Public entities should conduct an extensive review of their needs and match them to the appropriate technology approved for use in the Secretary of State's approved regulations.
Although signature dynamics signatures require the lengthy process of handwriting analysis to achieve certain verification of a signature, they are still "capable of verification" as required by Government Code section 16.5. Additionally, some degree of certainty can also be obtained by a lay-comparison of manual handwritten signatures, which may already be on file within a particular agency.
If a public entity needs immediate absolute verification of a signature, then this technology may not be the best option for those transactions.
Under California law, an "electronic signature" means an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record. The Uniform Electronic Transaction Act (UETA) authorizes use of an electronic signature for transactions and contracts among parties in California, including a government agency. One of the most common forms of an electronic signature in use today is the one millions of people use every year to sign their tax returns. The digital signature regulations adopted by the Secretary of State do not apply to the definition or use of electronic signatures as they are governed by the UETA (Civil Code Section 1633.1 – 1633.17).