Ironclad Signature was designed to comply primarily with ESIGN and UETA electronic signature requirements within the United States.
Ironclad Signature also complies with the EU’s eIDAS SES standard, and can be enabled to comply with the AES standard, but does not yet support QES.
While most countries have their own frameworks that mirror US ESIGN and UETA standards, or the EU’s eIDAS SES standards, Ironclad Signature many not support the frameworks of some jurisdictions outside the US and EU. At the time Ironclad Signature became generally available on October 11, 2023, only US ESIGN and UETA and EU's eIDAS SES standards were supported. Continue to check back as this article will be updated as we add compliance for other standards in the future.
Important: Ironclad is not a law firm, and this article does not constitute or contain legal advice. To evaluate the accuracy, sufficiency, or reliability of the ideas and guidance reflected here, or the applicability of this information to your business, you should consult with a licensed attorney. Use of and access to any of the resources contained within Ironclad's site do not create an attorney-client relationship between the user and Ironclad.
List of Ironclad Signature’s Electronic Signature Compliance Standards
For a full list of electronic signature compliance standards that Ironclad Signature adheres to today, refer to the table below. Please check with your legal team on whether or not the current compliance standards for Ironclad Signature are sufficient for your use of the product before implementing.
| Compliance Standard | Abbreviation | Country/ Region | Supported |
|---|---|---|---|
| The Electronic Signatures in Global and National Commerce Act | ESIGN | United States | Yes |
| The Uniform Electronic Transactions Act | UETA | United States | Yes |
| Electronic Signatures and Records Act | ESRA | United States (NY State) | Yes |
| eIDAS Standard Electronic Signature | SES | EU | Yes |
| eIDAS Advanced Electronic Signature | AES | EU | Yes, when properly configred |
| eIDAS Qualified Electronic Signature | QES | EU | No |
| Food and Drug Administration’s part 11 of Title 21 of the Code of Federal Regulations | FDA/21 CFR Part 11 | United States | No |
Ironclad Signature US Compliance
ESIGN, UETA, and ESRA share four basic requirements, all of which Ironclad Signature is designed to satisfy:
- Intent to sign from the signer - Ironclad includes language on the signing screen as the signer selects “Finish Signing,” indicating that the signer intends to sign the contract.
- Consent to do business electronically by the signer - Consent can be implied by doing business electronically, but Ironclad also includes language on the signing screen as the signer selects “Finish Signing,” indicating that the signer consents to contract electronically.
- Association of signature with the record – Ironclad establishes association of the signature with the record by including an Electronic Record at the end of every completed signature packet. The Electronic Record identifies the signers, identifies the contract signed, and includes a date and time stamp for each signer.
- Record retention – In our Repository, records are retained for reference by all parties or persons entitled to retain the contract or record. Records are retained for as long as one party remains a customer. Note, customers have the ability to export all records upon termination of their contract with Ironclad.
Compliance for API-Based Implementations
The legal enforceability of API-based solutions, including our embedded clickwrap product, is largely contingent on customer implementation. Our best practices and guidance for implementation are based on US law, but the products can often be configured to comply internationally. Work with your legal team to ensure an enforceable implementation.
Review the related Clickwrap resources below:
- Clickwrap vs. Browsewrap: What's the Difference?
- 6 Components of Clickwrap Enforceability
- Clickwrap Litigation Trends Report
Data Privacy and Security
As an Ironclad product, Ironclad Signature is in scope for Ironclad’s annual SOC 1 Type II and SOC 2 Type II audits. Ironclad Signature is also in scope for Ironclad’s ISO 27001, 27701, 27017, and 27018 certifications.
Our treatment of data processed via Ironclad Signature also complies with GDPR and CCPA. Ironclad Signature is not yet HIPAA compliant.
Digital Signatures
Ironclad now supports digital signatures using digital certificates, providing an extra layer of security and trust for your signed documents. Digital certificates verify that a contract has been signed and has not been tampered with since execution. Issued by DigiCert, this unique digital certificate is visible in the PDF's metadata and authenticates the document's integrity and provenance, giving you and your counterparties confidence that the signed agreement remains authentic.
Digital certificates can be used to create AES-compliant signatures when Require signer verification for all signers is turned on. To learn more, refer to Advanced Electronic Signatures (AES) Support.
Ironclad Signature EU Compliance
Advanced Electronic Signatures (AES) Support
Release: The following functionality will be live on November 20th. To learn more about the features included in our November release, refer to What's New in Ironclad: November 2025.
An Advanced Electronic Signature (AES) is a type of electronic signature that meets specific security and verification standards defined under regulations such as the eIDAS Regulation in the European Union. To qualify as an AES, a signature must meet four key criteria:
- Uniquely linked to the signer.
- Capable of identifying the signer.
- Created using data that the signer can use under their sole control.
- Linked to the signed data in a way that any subsequent change to that data is detectable.
In practice, AES typically uses cryptographic technology, such as digital certificates, to verify the signer’s identity and ensure the integrity of the signed document.
Ironclad supports AES compliance when Signer Verification is enabled for a workflow. As of December 2025, digital certificates can be used to create AES-compliant signatures when Require signer verification for all signers is turned on. To learn more about configuring signer verification, refer to Configure Signer Verification for Ironclad Signature.
Important: Ironclad does not independently verify the identity of signers beyond confirming the email address. If you need AES-compliant signatures, you are responsible for ensuring that the signature request is sent to the correct individual and for verifying the signer’s identity in accordance with applicable legal or regulatory requirements.
Resources
Explore articles, courses, and support options to get the most out of Ironclad.
Help Center
- Configure Signer Verification for Ironclad Signature
- Sign with Ironclad Signature