Skip to content
Independently verified · Quarterly re-audit
EU VETTED
Category 17 of 22

E-signature

In short

E-signature platforms process signed contracts, identity verification data, and in some cases qualified certificate credentials. For EU buyers, eIDAS compliance determines legal validity across the EU, and operator jurisdiction determines data sovereignty. On the sovereignty axis the cleanest option is Skribble (Switzerland, Swiss-law, non-US corporate structure, no US sub-processor in the data path). Universign (France) and Signaturit/Namirial (Spain) remain eIDAS-qualified QTSPs with strong track records, but both are now US private-equity owned and hosted on AWS at rest, so they carry material CLOUD Act exposure.

See e-signature with zero US sub-processors →
About this category
About E-signature

Feature comparison

Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.

Feature Skribble Tresorit eSign Yousign Eversign (Xodo Sign) Signaturit (Namirial) Signicat Universign
Qualified signature (QES) Yes Yes Yes No Yes Yes Yes
Advanced signature (AES) Yes No Yes No Yes Yes Yes
Audit trail Yes Yes Yes Yes Yes Yes Yes
Templates No No Yes Yes Yes Yes
Bulk send Yes Yes Yes
In-person signing Yes Yes Yes Yes
ID verification Yes Yes Yes Yes Yes Yes
API / webhooks Yes No Yes Yes Yes Yes Yes
SWITCHING GUIDES

Switching from US e-signature?

Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.

FAQ

Frequently asked questions

What is the best EU-hosted e-signature platform?
On the sovereignty axis, Skribble (Switzerland) is the cleanest option: it operates under Swiss law with a non-US corporate structure and keeps no US sub-processor in the signing data path, offering qualified electronic signatures under the Swiss ZertES standard with cross-recognition to eIDAS through bilateral arrangements. Universign (France) and Signaturit/Namirial (Spain) are eIDAS-qualified QTSPs with strong track records, but both are now US private-equity owned (Namirial by Bain Capital, Signaturit by PSG Equity, merged in 2025) and hosted on Amazon Web Services at rest, so they carry material CLOUD Act exposure rather than being sovereignty picks. Yousign (France) is a widely used EU-headquartered alternative with a strong track record in the SMB market, though it has received US investment which buyers with strict sovereignty requirements should evaluate.
Is there a GDPR-compliant e-signature tool?
Any e-signature platform operated by an EU-incorporated company with EU-only infrastructure and a published DPA qualifies as GDPR-compliant in its processing role. Universign (France), Signaturit/Namirial (Spain), and Yousign (France) all publish DPAs. E-signature platforms process identity data and signed document content, making them a high-priority category for data-processing impact assessments. What a published DPA shows is process, not proof against every incident; check it against your own document types and signer data.
Does e-signature data fall under the US CLOUD Act?
E-signature platforms retain signed contract documents, signer identity data (name, email, and sometimes biometric or ID-verification data), and audit trails. If the platform is operated or ultimately owned by a US-incorporated company, or hosts data on a US-owned cloud, the CLOUD Act can in principle compel production of those records. Exposure has to be assessed per operator: Skribble (Switzerland) has a non-US corporate structure with no US sub-processor in its data path and so avoids that direct exposure, whereas Universign (France) and Signaturit/Namirial (Spain) are now US private-equity owned and host on Amazon Web Services at rest, which brings them within material CLOUD Act reach despite their EU incorporation. This is particularly relevant for contracts involving trade secrets, M&A activity, or regulatory filings.
What does eIDAS mean for e-signature platforms?
eIDAS (Electronic Identification, Authentication and Trust Services) is the EU regulation that defines three legally recognised signature levels: Simple Electronic Signature (SES), Advanced Electronic Signature (AdES), and Qualified Electronic Signature (QES). A QES has the same legal effect as a handwritten signature across all EU member states and is the standard required for land registry transactions, notarised documents, and certain regulated financial agreements. Universign and Signaturit/Namirial both offer QES. Skribble offers QES under the Swiss ZertES standard.
What is the difference between a simple, advanced, and qualified electronic signature?
A Simple Electronic Signature (SES) is any electronic mark indicating consent: a typed name or an image of a signature. An Advanced Electronic Signature (AdES) is linked to the signer's identity through a certificate and detects post-signing tampering. A Qualified Electronic Signature (QES) requires a Qualified Trust Service Provider (QTSP) and a secure signing device; it has the highest legal standing under eIDAS and is equivalent to a handwritten signature in all EU countries. Most B2B contracts require AdES or QES for court-admissible evidence; some regulated industries require QES specifically.
Is DocuSign or Adobe Sign safe to use for EU contracts?
DocuSign and Adobe Sign are both US-incorporated companies. Signed contracts and identity data processed through their platforms fall within CLOUD Act reach, regardless of where data is physically stored. Both offer EU data residency options as add-ons on enterprise plans, but data residency does not remove CLOUD Act exposure since it is the corporate structure, not the storage location, that matters for CLOUD Act purposes. EU buyers with strict sovereignty or sector-specific compliance requirements are better served by EU-incorporated alternatives.
What about Yousign, is it fully EU-owned?
Yousign is a French company with strong EU market presence. Its ownership signal is eu_hq_us_funded, meaning it has received US investment, which can introduce potential CLOUD Act exposure at the parent-group level depending on corporate structure. Universign (France) and Signaturit/Namirial (Spain) share the same limitation and then some: both are now US private-equity owned and hosted on Amazon Web Services at rest, so they carry material CLOUD Act exposure and are not the sovereignty picks either. For buyers whose requirement is strict sovereignty without US ownership or US cloud dependency, Skribble (Switzerland), with its non-US corporate structure and no US sub-processor in the data path, is the stronger choice. For buyers whose primary concern is eIDAS compliance and GDPR-compliant processing rather than sovereign ownership, Yousign remains a solid and widely used option.