E-signature
E-signature platforms process signed contracts, identity verification data, and in some cases qualified certificate credentials. For EU buyers, eIDAS compliance determines legal validity across the EU, and operator jurisdiction determines data sovereignty. Top-rated EU options on EU Vetted include Universign (France, 5/5), Skribble (Switzerland, 5/5), and Signaturit/Namirial (Spain, 5/5).
E-signature platforms are the digital infrastructure for binding agreements: they route contract documents to signers, capture legally attributable electronic signatures, and retain signed documents with their accompanying audit trails as legal evidence. The category spans simple click-through consent tools, advanced electronic signature (AdES) platforms used for most commercial contracts, and qualified electronic signature (QES) services backed by accredited Trust Service Providers — the latter being legally equivalent to a handwritten signature across all EU member states under eIDAS.
For EU buyers, e-signature is a high-stakes category on two dimensions. First, legal validity: for contracts to be enforceable and courts to recognise them, the signature level must match the requirement — and for regulated transactions, QES from a qualified Trust Service Provider is mandatory. Second, data sovereignty: signed contract documents, counterparty identity data, and biometric or ID-verification records are some of the most legally sensitive data an organisation processes. If the platform operator is a US-incorporated entity, the CLOUD Act can in principle compel production of those records regardless of storage location. EU-owned operators such as Universign (France, 5/5) and Signaturit/Namirial (Spain, 5/5) are not subject to that direct exposure. Swiss-based Skribble (5/5) offers QES under Swiss ZertES, and its non-US corporate structure provides a comparable level of sovereignty protection. Yousign (France, 4/5) is EU-headquartered but carries a US-funding signal that buyers should evaluate. Eversign/Xodo Sign (Austria/US, 3/5) reflects US corporate ownership despite Austrian operations.
The listings below show each product's country of incorporation, ownership signal, supported eIDAS signature levels, and EU Vetted's editorial compliance score on a 1–5 scale. Use the filters to separate QES-capable platforms from those offering AdES or SES only, or to narrow by ownership signal according to your sovereignty requirements.
-
Signaturit (Namirial)VERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Barcelona-based Spanish digital-trust group (Signaturit, now a Namirial Italian company), 4 QTSPs with highest eIDAS qualifications, regulator-audited.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
ES · 0 sub-procs Open ↗ -
SkribbleVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Zurich-based Swiss e-signature platform with **dual ZertES + eIDAS QES** via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other This listing Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
CH · 0 sub-procs Open ↗ -
UniversignVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned This listing EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
FR · 0 sub-procs Open ↗ -
YousignVERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded This listing EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
FR · 0 sub-procs Open ↗ -
Eversign (Xodo Sign)VERIFIED SIGNALSJurisdiction
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
Transparency- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
Vienna-launched e-signature platform (eversign GmbH, 2017) — acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
OWNERSHIPWhere ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned This listing US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
CLOUD ACT EXPOSUREHow exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct This listing The operator itself is US-incorporated.
0 sub-procs Open ↗
| Compare | Owner | CLOUD Act | Cert. | Sub-procs | ||||
|---|---|---|---|---|---|---|---|---|
|
Signaturit (Namirial)
Barcelona-based Spanish digital-trust group (Signaturit, now a Namirial Italian company), 4 QTSPs with highest eIDAS qualifications, regulator-audited.
|
BARCELONA · ES
Spain
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Skribble
Zurich-based Swiss e-signature platform with **dual ZertES + eIDAS QES** via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
|
ZURICH · CH
Switzerland
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
ISO/IEC 27001
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Universign
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
|
PARIS · FR
France
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Yousign
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
|
CAEN · FR
France
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
— | 0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ | |
|
Eversign (Xodo Sign)
Vienna-launched e-signature platform (eversign GmbH, 2017) — acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
|
—
Austria
|
OWNERSHIP
Where ultimate control over the operating company sits.
|
CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
|
SOC 2
|
0 |
VERIFIED SIGNALS
Jurisdiction
Transparency
|
Open ↗ |