In today’s digital-first environment, trust, security, and legal compliance are essential for organizations adopting electronic signatures. In the Philippines, the Electronic Commerce Act of 2000 (Republic Act No. 8792) establishes the legal foundation for recognizing electronic signatures, requiring strict safeguards for data integrity, authentication, and secure storage.

Evia Sign is built to meet these standards. It offers a secure, compliant, and seamless digital signing experience designed specifically to align with Philippine regulatory requirements. This comprehensive guide explores exactly how Evia Sign satisfies the legal and technical expectations of RA 8792—ensuring every electronic transaction remains valid, authenticated, and protected.

---

1. Ensuring Integrity and Reliability of Electronic Signatures

The Electronic Commerce Act emphasizes the importance of preserving document integrity, and Evia Sign is engineered to exceed these expectations.

Digital Sealing for Tamper Detection

Once all signatories complete the process, Evia Sign applies a trusted digital certificate to the document. Any post-signing modification becomes immediately detectable—ensuring the document’s authenticity.

Enterprise-Grade Encryption Standards

• In Transit: SSL encryption protects documents during transfer, preventing interception or unauthorized access.
• At Rest: AES 256-bit encryption secures files stored in Azure Blob Storage, maintaining confidentiality at all times.

Detailed and Tamper-Proof Audit Trails

For every document, Evia Sign generates a comprehensive audit record that includes:

• Signer identities
• Timestamp of each action
• IP addresses used
• Authentication methods (OTP, password, etc.)

This audit log is digitally sealed, ensuring authenticity and reliable traceability—fully aligned with the integrity requirements of the Electronic Commerce Act.

---

2. Strong Identity Verification Methods

Evia Sign supports multiple identity assurance mechanisms to verify signatories and prevent unauthorized access.

Microsoft O365 Single Sign-On (SSO)

Users can log in using their Microsoft O365 credentials, removing the need for separate passwords. This enhances productivity while leveraging Microsoft’s advanced identity management infrastructure.

Multi-Factor Authentication (MFA)

To strengthen identity validation, MFA is integrated into the O365 workflow. Users must provide a second authentication factor—such as an app-based verification code—ensuring accounts remain secure even if passwords are compromised.

Knowledge-Based Verification (KBV)

For high-risk transactions (legal, financial, etc.), Evia Sign supports KBV. Users confirm personal or historical information, adding another robust layer of identity assurance.

One-Time Password (OTP) Verification

Evia Sign offers flexible OTP-based authentication:

• SMS OTP sent directly to a mobile device
• Email OTP delivered to a registered inbox
• Predefined access codes set by the document owner

These multiple verification pathways ensure that only authorized individuals can view or sign documents.

---

3. Capturing Clear Consent and Intent

Legally valid eSignatures require explicit proof of consent. Evia Sign ensures clarity at every step.

Clear Intent to Sign

Users are fully informed before signing begins, with clear interfaces that prevent accidental approval.

Explicit User Consent Mechanisms

• External users must accept a license agreement before signing.
• Internal users follow organization-wide predefined acceptance policies.

Final Confirmation of Signing Action

Signatories must click “Finish” or “Complete” to finalize the process, providing unmistakable evidence of intent—a requirement under the Electronic Commerce Act.

---

4. Secure Document Storage and Controlled Access

Evia Sign maintains complete security throughout the lifecycle of every document.

Strong Encryption Practices

Documents are protected using AES 256-bit encryption both:

• At the application level
• At rest within Microsoft Azure storage

Restricted Access Controls

Only the document requester and authorized signatories can access completed files via the Evia Sign platform.

End-to-End Lifecycle Security

All processes follow ISO 27001:2022-certified security standards—ensuring sensitive information remains protected from creation to long-term storage.

---

5. Comprehensive Compliance and Assurance

Evia Sign’s security posture is strengthened by adherence to globally recognized compliance frameworks:

ISO 27001:2022 Certification

Guarantees robust information security management practices.

eIDAS Alignment

Supports Simple Electronic Signatures (SES) and Advanced Electronic Signatures (AES), ensuring compatibility with international legal frameworks.

GDPR Compliance

Ensures transparency, privacy, and responsible handling of personal data, even for users outside the EU.

---

Conclusion

Evia Sign does more than meet regulatory expectations—it embeds security, privacy, and compliance into every aspect of the signing experience. By aligning with the Electronic Commerce Act of 2000 in the Philippines, Evia Sign ensures that electronic transactions remain legally valid, secure, and efficient.

For organizations looking to modernize their workflows without compromising legal compliance, Evia Sign stands as a trusted, future-ready digital signature solution.

Try Evia Sign free for 30 days