A little of everything professional. This site contains the largest online collection of electronic signature laws and research, my views on Time Management & GTD life hacks for improving productivity, and my After Thoughts on bad decisions and business improvements. Personal thoughts and casual comments are pushed to my SEO project, The World's Greatest Guy.

Environmental Protection Agency Guidelines for Electronic Signatures

Posted January 1st, 2008 by isaac
in

Go to the Main Laws page

THE ENVIRONMENTAL PROTECTION AGENCY (EPA)

The mission of the Environmental Protection Agency is to protect human health and the environment. The EPA's primary responsibilites include:

  • Develop and enforce regulations
  • Offer financial assistance
  • Perform environmental research
  • Sponsor voluntary partnerships and programs
  • Further environmental education
  • Publish information

As a federal agency, the United States Environmental Protection Agency is regulated by the Code of Federal
Regulations.

The EPA's Cross-Media Electronic Reporting Rule (CROMERR) provides

a uniform, technology-neutral framework for electronic reporting across all EPA programs; allows EPA programs to offer electronic reporting as they become ready (without any additional rule-making beyond CROMERR); provides states with a streamlined process – together with a uniform set of criteria – for approval of their electronic reporting implementations for all their EPA-authorized programs; and ensures that electronic reporting under EPA and EPA-authorized state programs does not compromise the enforceability of environmental programs.

The EPA has regulations concerning the submission of media to the agency in electronic form. This is covered under 40 CFR 3 "Cross-Media Electronic Reporting".

Specifically, the new electronic reporting (ER) provisions:

  • Modify current requirements in the Code of Federal Regulations (CFR) to remove any obstacles to ER.
  • Allow regulated entities to submit any report electronically, but only after EPA announces that ER is available for the specific report.
  • Require submission of electronic reports to EPA's Central Data Exchange (CDX) or to another designated EPA system. (PDF example of CDX)
  • Require validation of electronic signatures on reports submitted to EPA through CDX (or another designated EPA system) and ensure that valid electronic signatures have the same legal force as their "wet-ink" counterparts.
  • Set forth requirements that EPA-authorized programs must satisfy when implementing ER, and provide a streamlined process for these programs to get EPA approval of their ER implementations.

The following information from 40 CFR 312 shows that the EPA both accepts and
recognizes electronic signatures.

The definitions given in Section § 3.3 Definitions are in reference to electronic signatures:

Electronic signature means any information in digital form that is included in or logically associated with an electronic document for the purpose of expressing the same meaning and intention as would a handwritten signature if affixed to an equivalent paper document with the same reference to the same content. The electronic document bears or has on it an electronic signature where it includes or has logically associated with it such information.

Electronic signature device means a code or other mechanism that is used to create electronic signatures. Where the device is used to create an individual's electronic signature, then the code or mechanism must be unique to that individual at the time the signature is created and he or she must be uniquely entitled to use it. The device is compromised if the code or mechanism is available for use by any other person.

Valid electronic signature means an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.

§ 3.10 What are the requirements for electronic reporting to EPA?

(a) A person may use an electronic document to satisfy a federal reporting requirement or otherwise substitute for a paper document or submission permitted or required under other provisions of Title 40 only if:

(1) The person transmits the electronic document to EPA's Central Data Exchange, or to another EPA electronic document receiving system that the Administrator may designate for the receipt of specified submissions, complying with the system's requirements for submission; and

(2) The electronic document bears all valid electronic signatures that are required under paragraph (b) of this section.

(b) An electronic document must bear the valid electronic signature of a signatory if that signatory would be required under Title 40 to sign the paper document for which the electronic document substitutes, unless EPA announces special provisions to accept a handwritten signature on a separate paper submission and the signatory provides that handwritten signature.

§ 3.2000 Sub-section (b) gives the requirements for the electronic document receiving systems of authorized state, tribe and local programs. It states that the authorized program must be able to generate data with respect to any such electronic document, as needed and in a timely manner, including a copy of record for the electronic document, sufficient to prove, in private litigation, civil enforcement proceedings, and criminal proceedings, that:

(1) The electronic document was not altered without detection during transmission or at any time after receipt;

(2) Any alterations to the electronic document during transmission or after receipt are fully documented;

A good esign solution can use File Integrity Hashes that can be used
by all parties to the electronic record to verify that no changes or errors
have occurred.

(3) The electronic document was submitted knowingly and not by accident;

(4) Any individual identified in the electronic document submission as a submitter or signatory had the opportunity to review the copy of record in a human-readable format that clearly and accurately associates all the information provided in the electronic document with descriptions or labeling of the information and had the opportunity to repudiate the electronic document based on this review; and

(5) In the case of an electronic document that must bear electronic signatures of individuals as provided under paragraph (a)(2) of this section, that:

(i) Each electronic signature was a valid electronic signature at the time of signing;

(ii) The electronic document cannot be altered without detection at any time after being signed;

(iii) Each signatory had the opportunity to review in a human-readable format the content of the electronic document that he or she was certifying to, attesting to or agreeing to by signing;

(iv) Each signatory had the opportunity, at the time of signing, to review the content or meaning of the required certification statement, including any applicable provisions that false certification carries criminal penalties;

(v) Each signatory has signed either an electronic signature agreement or a subscriber agreement with respect to the electronic signature device used to create his or her electronic signature on the electronic document;

(vi) The electronic document receiving system has automatically responded to the receipt of the electronic document with an acknowledgment that identifies the electronic document received, including the signatory and the date and time of receipt, and is sent to at least one address that does not share the same access controls as the account used to make the electronic submission; and

(vii) For each electronic signature device used to create an electronic signature on the document, the identity of the individual uniquely entitled to use the device and his or her relation to any entity for which he or she will sign electronic documents has been determined with legal certainty by the issuing state, tribe, or local government. In the case of priority reports identified in the table in Appendix 1 of Part 3, this determination has been made before the electronic document is received, by means of:

(A) Identifiers or attributes that are verified (and that may be re-verified at any time) by attestation of disinterested individuals to be uniquely true of (or attributable to) the individual in whose name the application is submitted, based on information or objects of independent origin, at least one item of which is not subject to change without governmental action or authorization; or

(B) A method of determining identity no less stringent than would be permitted under paragraph (b)(5)(vii)(A) of this section; or

(C) Collection of either a subscriber agreement or a certification from a local registration authority that such an agreement has been received and securely stored.

§ 3.2000 sub-section (c) states that electronic documents in lieu of paper documents must ensure that:

(3) Proof that a particular electronic signature device was used to create an electronic signature that is included in or logically associated with an electronic document submitted to satisfy a state, tribe, or local reporting requirement will suffice to establish that the individual uniquely entitled to use the device at the time of signature did so with the intent to sign the electronic document and give it effect.

You can meet the guidelines of Section
3.2000(c)(3)'s "intent to sign an electronic record" by visually isolating each file
to be signed with the method of signing the file. A esign system can also comply
by displaying a confirmation box that confirms the
intent to sign prior to the actual signature capture.

§ 3.4 How does this part affect enforcement and compliance provisions of Title 40?

(a) A person is subject to any applicable federal civil, criminal, or other penalties and remedies for failure to comply with a federal reporting requirement if the person submits an electronic document to EPA under this part that fails to comply with the provisions of §3.10.

(b) A person is subject to any applicable federal civil, criminal, or other penalties or remedies for failure to comply with a State, tribe, or local reporting requirement if the person submits an electronic document to a State, tribe, or local government under an authorized program and fails to comply with the applicable provisions for electronic reporting.

(c) Where an electronic document submitted to satisfy a federal or authorized program reporting requirement bears an electronic signature, the electronic signature legally binds, obligates, and makes the signatory responsible, to the same extent as the signatory's handwritten signature would on a paper document submitted to satisfy the same federal or authorized program reporting requirement.

(d) Proof that a particular signature device was used to create an electronic signature will suffice to establish that the individual uniquely entitled to use the device did so with the intent to sign the electronic document and give it effect.

(e) Nothing in this part limits the use of electronic documents or information derived from electronic documents as evidence in enforcement or other proceedings.

This section re-confirms that the EPA views electronic signatures as legally binding documents in accordance with Federal Laws.


Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><p><b><i><blockquote>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
Are you really a real person? Oh sure, like I can just trust you. Hey that's ASCII art! Cool.
   __                    ____                    
  / /_    _ __    __ _  |  _ \    ___  __      __
 | '_ \  | '__|  / _` | | |_) |  / __| \ \ /\ / /
 | (_) | | |    | (_| | |  __/  | (__   \ V  V / 
  \___/  |_|     \__, | |_|      \___|   \_/\_/  
                    |_|
Enter the code depicted in ASCII art style.