Environmental Protection Agency Guidelines for Electronic Signatures
THE ENVIRONMENTAL PROTECTION AGENCY (EPA)
The mission of the Environmental Protection Agency is to protect human
health and the environment. The EPA's primary responsibilites include:
- Develop and enforce regulations
- Offer financial assistance
- Perform environmental research
- Sponsor voluntary partnerships and programs
- Further environmental education
- Publish information
As a federal agency, the United States Environmental Protection Agency is regulated by the Code of Federal
Regulations.
The EPA's Cross-Media Electronic Reporting Rule (CROMERR) provides
a uniform, technology-neutral framework for electronic
reporting across all EPA programs; allows EPA programs to offer
electronic reporting as they become ready (without any additional
rule-making beyond CROMERR); provides states with a streamlined process
– together with a uniform set of criteria – for approval of their
electronic reporting implementations for all their EPA-authorized
programs; and ensures that electronic reporting under EPA and
EPA-authorized state programs does not compromise the enforceability of
environmental programs.
The EPA has regulations concerning the submission of media to the agency in electronic form. This is covered under 40 CFR 3 "Cross-Media Electronic Reporting".
Specifically, the new electronic reporting (ER) provisions:
- Modify current requirements in the Code of Federal Regulations (CFR) to remove any obstacles to ER.
- Allow regulated entities to submit any report electronically, but
only after EPA announces that ER is available for the specific report. - Require submission of electronic reports to EPA's Central Data Exchange (CDX) or to another designated EPA system. (PDF example of CDX)
- Require validation of electronic signatures on reports submitted to
EPA through CDX (or another designated EPA system) and ensure that
valid electronic signatures have the same legal force as their
"wet-ink" counterparts. - Set forth requirements that EPA-authorized programs must satisfy
when implementing ER, and provide a streamlined process for these
programs to get EPA approval of their ER implementations.
The following information from 40 CFR 312 shows that the EPA both accepts and
recognizes electronic signatures.
The definitions given in Section § 3.3 Definitions are in reference to electronic signatures:
Electronic signature means any information in digital
form that is included in or logically associated with an electronic
document for the purpose of expressing the same meaning and intention
as would a handwritten signature if affixed to an equivalent paper
document with the same reference to the same content. The electronic
document bears or has on it an electronic signature where it includes
or has logically associated with it such information.Electronic signature device means a code or other
mechanism that is used to create electronic signatures. Where the
device is used to create an individual's electronic signature, then the
code or mechanism must be unique to that individual at the time the
signature is created and he or she must be uniquely entitled to use it.
The device is compromised if the code or mechanism is available for use
by any other person.Valid electronic signature means an electronic signature
on an electronic document that has been created with an electronic
signature device that the identified signatory is uniquely entitled to
use for signing that document, where this device has not been
compromised, and where the signatory is an individual who is authorized
to sign the document by virtue of his or her legal status and/or his or
her relationship to the entity on whose behalf the signature is
executed.
§ 3.10 What are the requirements for electronic reporting to EPA?
(a) A person may use an electronic document to satisfy a
federal reporting requirement or otherwise substitute for a paper
document or submission permitted or required under other provisions of
Title 40 only if:(1) The person transmits the electronic document to EPA's
Central Data Exchange, or to another EPA electronic document receiving
system that the Administrator may designate for the receipt of
specified submissions, complying with the system's requirements for
submission; and(2) The electronic document bears all valid electronic signatures that are required under paragraph (b) of this section.
(b) An electronic document must bear the valid electronic signature of a signatory
if that signatory would be required under Title 40 to sign the paper
document for which the electronic document substitutes, unless EPA
announces special provisions to accept a handwritten signature on a
separate paper submission and the signatory provides that handwritten
signature.
§ 3.2000 Sub-section (b) gives the requirements for the electronic document receiving systems of authorized state, tribe and local programs. It states that the authorized
program must be able to generate data with respect to any such
electronic document, as needed and in a timely manner, including a copy
of record for the electronic document, sufficient to prove, in private
litigation, civil enforcement proceedings, and criminal proceedings,
that:
(1) The electronic document was not altered without detection during transmission or at any time after receipt;
(2) Any alterations to the electronic document during transmission or after receipt are fully documented;
A good esign solution can use File Integrity Hashes that can be used
by all parties to the electronic record to verify that no changes or errors
have occurred.(3) The electronic document was submitted knowingly and not by accident;
(4) Any individual identified in the electronic document
submission as a submitter or signatory had the opportunity to review
the copy of record in a human-readable format that clearly and
accurately associates all the information provided in the electronic
document with descriptions or labeling of the information and had the
opportunity to repudiate the electronic document based on this review;
and(5) In the case of an electronic document that must bear
electronic signatures of individuals as provided under paragraph (a)(2)
of this section, that:(i) Each electronic signature was a valid electronic signature at the time of signing;
(ii) The electronic document cannot be altered without detection at any time after being signed;
(iii) Each signatory had the opportunity to review in a
human-readable format the content of the electronic document that he or
she was certifying to, attesting to or agreeing to by signing;(iv) Each signatory had the opportunity, at the time of
signing, to review the content or meaning of the required certification
statement, including any applicable provisions that false certification
carries criminal penalties;(v) Each signatory has signed either an electronic signature
agreement or a subscriber agreement with respect to the electronic
signature device used to create his or her electronic signature on the
electronic document;(vi) The electronic document receiving system has
automatically responded to the receipt of the electronic document with
an acknowledgment that identifies the electronic document received,
including the signatory and the date and time of receipt, and is sent
to at least one address that does not share the same access controls as
the account used to make the electronic submission; and(vii) For each electronic signature device used to create an
electronic signature on the document, the identity of the individual
uniquely entitled to use the device and his or her relation to any
entity for which he or she will sign electronic documents has been
determined with legal certainty by the issuing state, tribe, or local
government. In the case of priority reports identified in the table in
Appendix 1 of Part 3, this determination has been made before the
electronic document is received, by means of:(A) Identifiers or attributes that are verified (and that
may be re-verified at any time) by attestation of disinterested
individuals to be uniquely true of (or attributable to) the individual
in whose name the application is submitted, based on information or
objects of independent origin, at least one item of which is not
subject to change without governmental action or authorization; or(B) A method of determining identity no less stringent than
would be permitted under paragraph (b)(5)(vii)(A) of this section; or(C) Collection of either a subscriber agreement or a
certification from a local registration authority that such an
agreement has been received and securely stored.
§ 3.2000 sub-section (c) states that electronic documents in lieu of paper documents must ensure that:
(3) Proof that a particular electronic signature device was
used to create an electronic signature that is included in or logically
associated with an electronic document submitted to satisfy a state,
tribe, or local reporting requirement will suffice to establish that
the individual uniquely entitled to use the device at the time of
signature did so with the intent to sign the electronic document and give it effect.You can meet the guidelines of Section
3.2000(c)(3)'s "intent to sign an electronic record" by visually isolating each file
to be signed with the method of signing the file. A esign system can also comply
by displaying a confirmation box that confirms the
intent to sign prior to the actual signature capture.
§ 3.4 How does this part affect enforcement and compliance provisions of Title 40?
(a) A person is subject to any applicable federal civil,
criminal, or other penalties and remedies for failure to comply with a
federal reporting requirement if the person submits an electronic
document to EPA under this part that fails to comply with the
provisions of §3.10.(b) A person is subject to any applicable federal civil,
criminal, or other penalties or remedies for failure to comply with a
State, tribe, or local reporting requirement if the person submits an
electronic document to a State, tribe, or local government under an
authorized program and fails to comply with the applicable provisions
for electronic reporting.(c) Where an electronic document submitted to satisfy a
federal or authorized program reporting requirement bears an electronic
signature, the electronic signature legally binds, obligates, and makes
the signatory responsible, to the same extent as the signatory's
handwritten signature would on a paper document submitted to satisfy
the same federal or authorized program reporting requirement.(d) Proof that a particular signature device was used to
create an electronic signature will suffice to establish that the
individual uniquely entitled to use the device did so with the intent
to sign the electronic document and give it effect.(e) Nothing in this part limits the use of electronic
documents or information derived from electronic documents as evidence
in enforcement or other proceedings.This section re-confirms that the EPA views electronic signatures as legally binding documents in accordance with Federal Laws.