If you run a UK business and you have ever sent a contract by email and got it back with a typed name at the bottom, you have used an electronic signature. Most owners we speak to assume that means the deal is done and the file goes in the cabinet. Sometimes that is true. Often it is fine right up until the moment somebody decides it is not, and then the missing pieces start to matter.
This is one of the reasons our team at Reeve Consult built Reeve Sign, our UK-built e-signature product. We kept seeing the same gap between "the other side signed it" and "I can prove they signed it" across our clients' contracts.
This guide walks through what UK law actually requires for an electronic signature to hold up, the three signature levels you will keep seeing referenced in vendor copy, the four ways a signature can be challenged, and where the casual approach quietly puts you at risk. No jargon, no marketing.
The short answer: yes, they are binding
Electronic signatures have the same legal effect as wet ink signatures across the vast majority of UK business documents. That has been the position since the Electronic Communications Act 2000 came into force, and it was reinforced by the Law Commission's 2019 report on the electronic execution of documents, which concluded that the existing law already supports electronic signing for almost everything.
The trap is that "legally binding" is doing a lot of work in that sentence. It does not mean every electronic signature is equally strong. It means the legal door is open, and what walks through that door is up to you. A typed name on a PDF and a Qualified Electronic Signature backed by an identity-verified trust service provider are both legally binding. They are not the same in a dispute.
The three tests a court will run
If a signature is challenged, a UK court is interested in three things. They sit underneath every regulation and every standard, and once you understand them, the rest of this article makes sense.
Identity. Can you show that the person whose name is on the document was the person who actually signed it? Not the laptop, not the inbox: the person.
Intent. Did that person mean to be bound by this exact version of the document at the moment they signed? An email forwarded with attachments stripped, a PDF where the field changed after the signature was added: neither shows intent to be bound by what is in front of you now.
Integrity. Has the document changed since it was signed? If a single character moved between signing and filing, the signed version is not the current version, and the current version was never signed.
Every good electronic signature platform is fundamentally a tool for producing evidence on these three points. Everything else is design and convenience.
Website Audit Checklist
A 60-point checklist to grade your site before a redesign.
The three signature levels under eIDAS
The EU eIDAS Regulation 910/2014, which the UK retained in domestic law after Brexit, defines three tiers. Vendors throw the acronyms around without context, so here is what each one actually is.
Simple Electronic Signature (SES)
The basic level. Any data in electronic form attached to or logically associated with other data that the signer uses to sign. A typed name in an email, a tick-box on a website, a name typed into a signature field, a scanned image of a wet signature pasted into a PDF. All Simple Electronic Signatures.
Legally valid for ordinary contracts. Evidentially the weakest, because there is nothing built into the signature itself that proves identity, intent or integrity.
Advanced Electronic Signature (AES)
The middle tier and the one most UK businesses should be using day to day. Four requirements under Article 26 of eIDAS:
- Uniquely linked to the signer
- Capable of identifying the signer
- Created using means the signer controls with a high level of confidence
- Linked to the data signed in a way that detects any subsequent change
In practice this is what a properly built e-signature platform produces by default. Every Reeve Sign envelope meets the AES criteria.
Qualified Electronic Signature (QES)
The top tier. An Advanced Electronic Signature plus an identity check carried out by a Qualified Trust Service Provider, usually involving a video call with an officer who verifies your passport or other government ID. UK courts treat a QES as equivalent to a handwritten signature by default, which means the burden of proof flips: instead of you having to prove the signature is valid, the other side has to prove it is not.
QES is the right tool for high-value, high-risk transactions. For everyday contracts it is overkill, and the friction of a live identity check tends to lose deals.
What the Electronic Communications Act 2000 actually says
Section 7 of the Act is short and the wording matters. It establishes that an electronic signature, and the certification by any person of such a signature, is admissible in evidence in any legal proceedings in relation to the authenticity or integrity of the communication.
Two things follow from that. First, the law is technology-neutral. It does not prescribe SHA-256, X.509 certificates, or any particular signing mechanism. Second, admissibility is not the same as proof. The Act says you can put the signature in front of a court. Whether the court accepts what it shows depends on the evidence around it.
That evidence is the audit trail. Which is why audit trails are the single most important feature of any e-signature tool, and why a typed name on a PDF that you emailed to yourself is technically a signature but practically a piece of paper.
Lead Follow-up Automation Playbook
Sequences that turn enquiries into bookings while you sleep.
The four ways a signature gets challenged
If a deal goes sour, the side that wants out will reach for one of four arguments. Knowing them ahead of time helps you pick the right tool for the right document.
1. Identity. "That was not me." A typed name in an email is trivially disputable. An e-signature where the signing link was emailed to the signer's verified address, opened from a recognised device, and clicked from a known IP range, with all of that logged, is much harder to wave away.
2. Intent. "I signed an earlier version." Without a hash of the exact document at the exact moment of signing, you cannot prove which version the signer was looking at. With a hash captured at signing and stored alongside the document, you can.
3. Integrity. "Someone changed the contract after I signed it." Cryptographic document hashing makes this provable rather than arguable. If the document hash today matches the one captured at the moment of signing, no character has changed. If it does not, the document has been altered.
4. Authority. "The person who signed was not authorised to bind the company." This one is not a technical question. It is a contractual diligence question, and good practice is to capture the signer's role and authority within the platform at the point of signing.
What you still cannot sign electronically
The list is short and stable. For the vast majority of UK business, none of these will apply.
- Wills. Wet ink, two physical witnesses, under the Wills Act 1837. The temporary remote witnessing rules introduced during the pandemic expired in January 2024.
- Lasting Powers of Attorney. Specific witnessing rules under the Mental Capacity Act 2005.
- Statutory declarations. Must be sworn before a solicitor or commissioner for oaths.
- Some property transfers. The Land Registry has accepted certain types of electronic execution since 2020, but the rules around deeds, charges, and registration are nuanced. Take advice if you are signing one.
Everything else: supplier agreements, NDAs, employment contracts, SaaS subscriptions, statements of work, board resolutions, shareholder consents, leases that are not deeds, settlement agreements. All can be signed electronically with the same legal weight as wet ink.
What to use, in practice
If you only ever send a handful of contracts a year, a typed name in an email is probably fine and you will probably never need to prove anything. The risk is small.
If you regularly send contracts that matter (supplier terms, client agreements, employment offers, anything with money attached) what you actually want is the evidence chain. Identity captured at signing. Document hash recorded. Timestamps you did not type. An audit log you cannot edit after the fact. A public verification URL the counterparty can hand to their lawyer without having to log into anything.
That is what an Advanced Electronic Signature platform gives you. It is the difference between a contract that holds up if challenged and a contract that you hope is never challenged.
We built Reeve Sign to be exactly that: AES-grade signatures, a forensic audit trail, a public verify URL on every completed envelope. UK-hosted, eIDAS-aligned, no contract required to try it.
Frequently asked questions
Are electronic signatures legally binding in the UK?
What is the difference between a Simple, Advanced and Qualified Electronic Signature?
Does a typed name at the bottom of an email count as a signature in the UK?
What contracts cannot be signed electronically in the UK?
What does the Electronic Communications Act 2000 actually say?
How would a UK court challenge an electronic signature?
What is eIDAS and does it still apply after Brexit?
Do I need a witness for an electronic signature?
How long should I keep signed electronic documents?
What is the difference between a digital signature and an electronic signature?
Want signatures that hold up in a UK dispute?
Reeve Sign produces Advanced Electronic Signatures by default: identity captured at signing, document hashed with SHA-256, every event in the audit log. UK-hosted, eIDAS-aligned, free to start. Built by the team at Reeve Consult.
Try Reeve Sign free