E-signature
E-signature platforms process signed contracts, identity verification data, and in some cases qualified certificate credentials. For EU buyers, eIDAS compliance determines legal validity across the EU, and operator jurisdiction determines data sovereignty. On the sovereignty axis the cleanest option is Skribble (Switzerland, Swiss-law, non-US corporate structure, no US sub-processor in the data path). Universign (France) and Signaturit/Namirial (Spain) remain eIDAS-qualified QTSPs with strong track records, but both are now US private-equity owned and hosted on AWS at rest, so they carry material CLOUD Act exposure.
About this category
About E-signature
E-signature platforms are the digital infrastructure for binding agreements: they route contract documents to signers, capture legally attributable electronic signatures, and retain signed documents with their accompanying audit trails as legal evidence. The category spans simple click-through consent tools, advanced electronic signature (AdES) platforms used for most commercial contracts, and qualified electronic signature (QES) services backed by accredited Trust Service Providers, the latter being legally equivalent to a handwritten signature across all EU member states under eIDAS.
This category carries high stakes on two separate axes: legal validity and data sovereignty. Legal validity comes first: for contracts to be enforceable and courts to recognise them, the signature level must match the requirement, and for regulated transactions, QES from a qualified Trust Service Provider is mandatory. Data sovereignty is the second axis: signed contract documents, counterparty identity data, and biometric or ID-verification records are some of the most legally sensitive data an organisation processes. If the platform operator is a US-incorporated entity, or ultimately US-owned, or hosts on a US-owned cloud, the CLOUD Act can in principle compel production of those records regardless of storage location. On this axis Swiss-based Skribble is the cleanest option: it offers QES under Swiss ZertES, and its non-US corporate structure with no US sub-processor in the data path keeps it clear of that direct exposure. Universign (France) and Signaturit/Namirial (Spain) remain eIDAS-qualified Trust Service Providers with strong track records, but both are now US private-equity owned and hosted on Amazon Web Services at rest, so they carry material CLOUD Act exposure and are no longer the EU-owned, exposure-free picks they once were. Yousign (France) is EU-headquartered but carries a US-funding signal that buyers should evaluate. Eversign/Xodo Sign reflects US corporate ownership despite Austrian operations, which means CLOUD Act exposure applies. Eversign/Xodo Sign reflects US corporate ownership despite Austrian operations, which means CLOUD Act exposure applies.
Country of incorporation, ownership signal, supported eIDAS signature level, and sovereignty signals sit alongside each listing below. The signature-level filter is worth reaching for first, since it separates QES-capable platforms from those offering AdES or SES only; the ownership filter narrows further by sovereignty requirement.
-
SkribbleEU-SOVEREIGN
Zurich-based Swiss e-signature platform with dual ZertES + eIDAS QES via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
CH Public DPA Sub-processors Open source 0 sub-procs -
Tresorit eSignEU-HOSTED
E-signature module of Swiss-Post-owned Tresorit, the directory's only zero-knowledge E2E option with eIDAS Qualified signatures (via Evrotrust QTSP); runs on Azure (default EU region Ireland).
IE Public DPA Sub-processors Open source 10 sub-procs · 7 US €5 /mo -
YousignEU-BASED
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
FR Public DPA Sub-processors Open source 0 sub-procs -
Eversign (Xodo Sign)US-LINKED
Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
US Public DPA Sub-processors Open source 0 sub-procs -
Signaturit (Namirial)EU-HOSTED
Barcelona-based Spanish digital-trust group (Signaturit, a Namirial company; parent Namirial acquired by Bain Capital, US PE, 2025), 4 QTSPs with highest eIDAS qualifications; platform hosted at rest on AWS.
ES Public DPA Sub-processors Open source 17 sub-procs · 9 US -
SignicatEU-HOSTED
Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.
Public DPA Sub-processors Open source 0 sub-procs -
UniversignEU-HOSTED
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
FR Public DPA Sub-processors Open source 0 sub-procs
| Compare | Sovereignty | Cert. | Pricing | Signals | Open | ||
|---|---|---|---|---|---|---|---|
|
Zurich-based Swiss e-signature platform with dual ZertES + eIDAS QES via Swisscom partnership; ISO 27001, 4,000+ DACH customers.
|
ZURICH · CH
Switzerland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
E-signature module of Swiss-Post-owned Tresorit, the directory's only zero-knowledge E2E option with eIDAS Qualified signatures (via Evrotrust QTSP); runs on Azure (default EU region Ireland).
|
DUBLIN · IE
Ireland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€5 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Caen/Paris-based French QTSP (eIDAS-qualified, ANSSI-supervised), B Corp, profitable, 30k+ customers; rebranding to Youtrust in 2026.
|
CAEN · FR
France
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
Vienna-launched e-signature platform (eversign GmbH, 2017), acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.
|
US
United States
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
SOC 2
|
Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
Barcelona-based Spanish digital-trust group (Signaturit, a Namirial company; parent Namirial acquired by Bain Capital, US PE, 2025), 4 QTSPs with highest eIDAS qualifications; platform hosted at rest on AWS.
|
BARCELONA · ES
Spain
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.
|
—
Norway
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
ISO/IEC 27018
+1 more
|
Paid |
Public DPA
Sub-processors
Open source
|
→ | |
|
Long-running French QTSP (originally Cryptolog International, 2001); merged into Signaturit Group (a Namirial Italian company).
|
PARIS · FR
France
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
— | Paid |
Public DPA
Sub-processors
Open source
|
→ |
Feature comparison
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | Skribble | Tresorit eSign | Yousign | Eversign (Xodo Sign) | Signaturit (Namirial) | Signicat | Universign |
|---|---|---|---|---|---|---|---|
| Qualified signature (QES) | Yes | Yes | Yes | No | Yes | Yes | Yes |
| Advanced signature (AES) | Yes | No | Yes | No | Yes | Yes | Yes |
| Audit trail | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Templates | No | No | Yes | Yes | Yes | Yes | |
| Bulk send | Yes | Yes | Yes | ||||
| In-person signing | Yes | Yes | Yes | Yes | |||
| ID verification | Yes | Yes | Yes | Yes | Yes | Yes | |
| API / webhooks | Yes | No | Yes | Yes | Yes | Yes | Yes |
Switching from US e-signature?
Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.