Electronic Signatures and the Law: What Taiwan Got Right

Most countries have laws that permit electronic signatures. But few have built the institutional infrastructure to make those laws meaningful in practice.

Taiwan's 2024 reforms offer an instructive model for how to achieve this.

What we'll cover

1. The legal gap that permissive laws don't fill

2. Case study: Taiwan's 2024 legislative approach

   1. The credentialing mechanism.

   2. The legal clarification.

3. Three policy lessons for other markets

4. Where this leaves other markets

The legal gap that permissive laws don't fill

Legislation permitting electronic signatures has existed in the United States since 2000, in the European Union since 2000, and in many Asian jurisdictions through the 2000s and 2010s.

Yet adoption has remained uneven, particularly in high-stakes contexts like healthcare consent, financial contracts, and legal agreements.

The reason isn't technical reluctance. It's legal uncertainty. Organizations operating in regulated industries face a specific question that permissive legislation doesn't always answer clearly: if a signed document is disputed in court, what standard of evidence applies, and does our current signing process meet it?

Without a clear answer, legal and compliance teams default to paper. The cost of that default, in labor, storage, and process inefficiency, is substantial but harder to quantify than the perceived risk of a disputed digital signature.

Case study: Taiwan's 2024 legislative approach

What distinguished Taiwan's 2024 reforms wasn't the passage of an electronic signature law. Taiwan had one of those already. What changed was the institutional infrastructure built around it.

And rather than building a hierarchy of signature types with different legal weights like the EU’s eIDAS (Simple, Advanced, and Qualified signatures), Taiwan focused on establishing a binary but well-defined standard with a vendor credentialing system and an official clarification.

The credentialing mechanism.

The Ministry of Digital Affairs established a formal capability registration system for electronic signature service providers. Vendors seeking registration were evaluated across four dimensions:

• Service execution and management capability

  
  

  This examined whether a provider's operational processes and underlying technology met reasonable standards at the time of evaluation. Critically, this included assessing whether their solutions satisfied the legal definition of an electronic signature under Taiwanese law, specifically whether signatures ensured non-repudiation, could identify and verify the signer, and protected document authenticity.

  
  

  Many electronic signature solutions rely on handwriting recognition as their primary means of confirming who signed. This is widely considered the weakest link in the evidentiary chain. Handwriting captured on a touchscreen or tablet is inconsistent across devices, affected by stylus type and surface friction, and difficult to authenticate independently. It carries even less forensic weight than pen-on-paper signatures, which at least have ink chemistry and pressure indentation to analyze. A credible electronic signature solution needed to demonstrate a more robust method of identity confirmation than pattern-matching against a stored handwriting sample.

  
  

  For format compliance, providers were required to conform to internationally recognized standards established by the European Telecommunications Standards Institute (ETSI), including CAdES, XAdES, PAdES, ASiC, and JAdES. These standards exist because format determines whether a signed document can be independently verified across jurisdictions and over time. A signature in a non-standard format creates verification dependencies that may not survive the lifespan of the document.

  
  

  SelfieSign by ThinkCloud, one of the providers that passed registration, illustrates what satisfying this dimension looks like in practice. Its video-based approach addresses the evidentiary gap in traditional e-signatures by recording the signing session as video and audio, capturing the signer's selfie, environment, timestamp, geolocation, and IP address, and encrypting the resulting file using AES and RSA algorithms. The handwriting is also simultaneously recorded, allowing for thorough identification of the signatory and confirmation of their intent.

  
  

  

  
  

  SelfieSign’s proprietary SVS format complies with both PAdES and XAdES standards. It has obtained EU eIDAS Advanced Electronic Signature (AES) certification, making it one of the few solutions whose non-repudiation credentials are independently verified at an international level rather than self-declared.

• Personnel qualifications set minimum human capital requirements

  
  

  Providers were required to maintain at least two full-time staff with demonstrated experience in electronic signature services, and at least one dedicated personal data protection officer. All personnel and organizations were required to hold ISO 27001:2022 certification, the international standard for information security management. Ongoing security governance, client implementation support, and data protection obligations need qualified people making active decisions.

• Demonstrated service track record 

  
  

  This required providers to show real-world deployment experience. Electronic signature systems fail in ways that only become apparent at scale: edge cases in document formats, signing failures on specific devices, and evidentiary gaps that surface during disputes. So, by requiring evidence of prior deployment, the registration mechanism introduced market validation into the credentialing process.

  
  

• Financial soundness

  
  

  Financial soundness required providers to maintain positive net worth and demonstrate no outstanding tax liabilities. Providers reporting losses for more than two consecutive years were required to submit an explanation and improvement plans. The rationale here is straightforward: an electronic signature solution creates long-term legal dependencies. Documents signed today may need to be verified years or decades from now.

  
  

  A provider that exits the market or fails to maintain its certificate chains creates serious evidentiary problems for its clients.

The legal clarification.

Alongside the registration mechanism, the Ministry issued an official interpretation clarifying which electronic signature technologies carry legal effect under Taiwanese law. This addressed the evidentiary question directly, giving organizations the answer that permissive legislation alone had left open.

The amendments achieved rare bipartisan support in the Legislative Yuan before being promulgated in May 2024. This indicates that electronic signature reform was not a partisan or ideologically contested issue, which reduced the likelihood of future reversal and gave long-term adopters greater confidence.

Three policy lessons for other markets

• Permissive legislation is necessary but not sufficient. Most markets have already passed laws acknowledging electronic signatures. The next legislative task is specifying what evidentiary standard a signature must meet to be defensible and which technical implementations satisfy that standard.

• Vendor credentialing reduces institutional friction. One of the main barriers to adoption is the procurement problem: how does a hospital, bank, or government agency evaluate competing e-signature vendors without deep technical expertise?

  
  

  A government-approved provider solves this without mandating specific technologies. It is a structural intervention that costs relatively little but significantly accelerates decision-making.

• Align domestic standards with international frameworks. Taiwan's approach explicitly referenced eIDAS-compatible standards, which means organizations operating across borders could adopt locally credentialed solutions without creating compliance conflicts.

  
  

  For any market with significant cross-border commercial activity, harmonization with eIDAS or equivalent international frameworks should hence be prioritized.

  
  

Where this leaves other markets

The countries best positioned to replicate Taiwan's results are those willing to treat electronic signature policy as a distinct institutional design problem, separate from the broader question of digital transformation.

The technology is available and internationally certified. The legal frameworks exist in broad outline. What remains in most markets is the specific, unglamorous work of clarifying evidentiary standards, establishing vendor accountability mechanisms, and giving organizations the regulatory confidence to act.