How does signing work without DocuSign?

Signbee generates a PDF from your markdown (or uses your own PDF), then handles the entire signing ceremony: sender verifies via OTP or API key, recipient gets an email with a signing link, and both parties choose a signature style. The final PDF includes a tamper-proof SHA-256 signing certificate with both signatures, timestamps, and IP addresses.

Is an API key required?

No. Without an API key, the sender simply verifies their email via a one-time code. With an API key, the sender is pre-verified and the recipient receives the signing link immediately — zero friction for your agent.

Can I use my own PDF instead of markdown?

Yes. Pass a pdf_url field in your request and Signbee will use your existing PDF directly. The signing flow, certificate, and email delivery work exactly the same way.

Is this legally binding?

Electronic signatures are legally recognised under the UK Electronic Communications Act 2000, the US ESIGN Act, and the EU eIDAS Regulation. Every Signbee document includes a SHA-256 hash, timestamps, and IP addresses for auditability.

What happens when both parties sign?

Both parties receive an email with the final signed PDF attached. The document includes a signing certificate page with both signatures, their timestamps, IP addresses, and a SHA-256 integrity hash.

What counts as a document on the free plan?

Each call to /api/v1/send that creates a new document counts as one. The free plan includes 5 per month — no credit card required.

How do I connect Signbee to Claude, Cursor, or Windsurf?

Install the Signbee MCP server by adding it to your MCP client configuration: npx -y signbee-mcp with your SIGNBEE_API_KEY environment variable. The agent then gets send_document and send_document_pdf tools automatically. Works with Claude Desktop, Cursor, Windsurf, and Hermes Agent.

What is an MCP server and why does Signbee have one?

MCP (Model Context Protocol) is Anthropic's standard for connecting AI agents to external tools. Signbee's MCP server wraps the signing API so any MCP-compatible agent can send documents for e-signing via natural language commands — no manual API calls needed.

How is Signbee different from DocuSign?

DocuSign is a visual template builder designed for humans. Signbee is an API-first signing primitive designed for developers and AI agents. You send markdown or a PDF URL, Signbee handles the entire signing ceremony and returns a SHA-256 certified signed PDF. No UI, no templates, no per-seat pricing.

March 2026 · Legal Guide

E-Signatures and the Law: eIDAS, ESIGN, and the ECA

Three laws govern electronic signatures across the US, EU, and UK. If you're building software that sends documents for signing, you need to understand all three. Here's the developer-friendly version.

Michael Beckett

Founder, Signbee

@mjcbeckett LinkedIn

Three legal pillars — eIDAS, ESIGN, and ECA — with a golden bee carrying a certified document between them

The short version

Electronic signatures are legally valid in the US, the EU, and the UK. They've been valid for over two decades. Three laws establish this:

ESIGN Act (US, 2000) — Federal law covering all 50 states
eIDAS Regulation (EU, 2016) — Regulation covering all EU member states
Electronic Communications Act (UK, 2000) — Domestic law post-Brexit

All three laws say the same thing: an electronic signature cannot be denied legal effect solely because it's electronic. A click, a typed name, a digital mark — these all count, as long as certain conditions are met.

ESIGN Act (United States)

The Electronic Signatures in Global and National Commerce Act was signed into law on June 30, 2000. It establishes that electronic signatures and electronic records have the same legal standing as handwritten signatures and paper documents.

Key requirements:

Intent to sign — The signer must demonstrate intent to sign. A clear “Sign” action (clicking a button, typing a name) satisfies this
Consent to do business electronically — Both parties must agree to use electronic signatures
Association of signature with record — The system must connect the signature to the specific document
Record retention — The signed document must be retained and reproducible

Exceptions: Wills, family law matters (adoption, divorce), court orders, utility cancellations, health insurance terminations, and documents requiring notarisation are excluded.

State-level: Most states have also adopted UETA (Uniform Electronic Transactions Act), which provides additional consistency. Only New York has not adopted UETA but still recognises e-signatures under its own ESRA law.

eIDAS Regulation (European Union)

The Electronic Identification, Authentication and Trust Services Regulation (No. 910/2014) came into effect on July 1, 2016. It replaced the older e-Signature Directive and established a standardised framework across all EU member states.

eIDAS defines three tiers of electronic signature:

Tier	Description	Example
Simple (SES)	Any electronic data used as a signature — typed names, tick boxes, email confirmations	Typing your name in a Signbee signing ceremony
Advanced (AES)	Uniquely linked to the signatory, capable of identifying them, created using data under their sole control, linked to subsequent changes	Signbee with email OTP verification + SHA-256 hash
Qualified (QES)	Created using a qualified certificate issued by a trusted service provider under Member State supervision	National eID cards, bank-issued digital identities

The critical point: all three tiers are legally valid. A Simple Electronic Signature (SES) “shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form” (Article 25.1). The higher tiers provide stronger evidential weight, not exclusive legal validity.

For most commercial contracts — NDAs, SOWs, freelance agreements, invoices — SES or AES is sufficient. QES is typically required only for specific use cases mandated by individual Member States (e.g., real estate transfers in some jurisdictions).

Electronic Communications Act (United Kingdom)

The UK's Electronic Communications Act 2000 (ECA) provides the domestic legal basis for electronic signatures. Section 7 states that electronic signatures are admissible as evidence in legal proceedings regarding the authenticity or integrity of any communication or data.

Post-Brexit, the UK no longer falls under eIDAS directly. However, the UK retained eIDAS in domestic law through The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (UK eIDAS), which mirrors the EU regulation closely.

In practice, the UK framework is functionally identical to the EU's for most commercial purposes. The Law Commission confirmed in its 2019 report that electronic signatures are valid for virtually all contracts under English law, including deeds (with specific witnessing requirements).

What makes a signature “legally binding”

Across all three frameworks, a legally binding electronic signature needs to demonstrate:

Intent to sign — The signer took a deliberate action to sign. Active participation in a signing ceremony (reviewing the document, typing their name, clicking “Sign”) demonstrates intent
Identity verification — The system records who signed. Email verification, OTP, API key authentication, and IP address logging all contribute to this
Document integrity — The document hasn't been modified since signing. A SHA-256 hash provides mathematical proof of this
Audit trail — When did each party sign? What was their IP address? How were they verified? A complete audit trail provides the evidential record
Consent — Both parties agreed to use electronic signatures for this transaction

How Signbee satisfies each requirement

Requirement	How Signbee implements it
Intent to sign	Active signing ceremony — recipient reviews document, types full name, selects signature style, clicks “Sign Document”
Identity	Email OTP verification (sender), email link authentication (recipient), API key (pre-verified accounts)
Integrity	SHA-256 hash of the complete signed PDF, embedded in the signing certificate
Audit trail	Timestamps, IP addresses, and verification methods recorded for both parties on the certificate page
Consent	Participation in the signing ceremony constitutes consent
Retention	Both parties receive the final signed PDF via email. Document accessible via verification URL

Under eIDAS classification, Signbee signatures qualify as Advanced Electronic Signatures (AES) — the signature is uniquely linked to a verified signatory, created using data under their sole control (email OTP), and linked to subsequent changes via the SHA-256 hash.

When you need more

There are situations where a standard electronic signature isn't sufficient:

Real estate transfers — Many jurisdictions require wet signatures or qualified electronic signatures
Notarised documents — Powers of attorney, sworn statements, and court filings often require notarisation
Wills and testaments — Excluded from ESIGN Act; most jurisdictions require physical witnesses
Government contracts — Some government procurement processes mandate specific signature types

For everything else — NDAs, service agreements, freelance contracts, invoices, statements of work, licensing agreements, partnership agreements — electronic signatures are not just valid, they're the standard.

The developer takeaway

If you're integrating e-signatures into your product, the legal requirements are simpler than they appear:

Ensure the signer takes a deliberate action (not passive acceptance)
Verify identity through at least one factor (email is standard)
Hash the document to prove it hasn't changed
Record timestamps, IPs, and verification methods
Deliver copies to both parties

Signbee handles all five automatically. You call the API; the law is satisfied.

Legally compliant e-signatures via API. Free tier, no credit card.

Read the docs Get started free