Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    • Environmental Topics
    • Air
    • Bed Bugs
    • Chemicals and Toxics
    • Climate Change
    • Emergency Response
    • Environmental Information by Location
    • Environmental Justice
    • Greener Living
    • Health
    • Land, Waste, and Cleanup
    • Lead
    • Mold
    • Pesticides
    • Radon
    • Science Topics
    • Water Topics
    • A-Z Topic Index
    • Laws & Regulations
    • By Business Sector
    • By Topic
    • Compliance
    • Enforcement
    • Guidance
    • Laws and Executive Orders
    • Regulations
    • Report a Violation
    • Environmental Violations
    • Fraud, Waste or Abuse
    • About EPA
    • EPA Administrator
    • Organization Chart
    • Staff Directory
    • Planning, Budget, and Results
    • Jobs and Internships
    • Headquarters Offices
    • Regional Offices
    • Lab and Research Centers
Cross-Media Electronic Reporting Rule
Contact Us

Lesson 5: System Requirements for Receiving e-Signatures

Back | Next

This lesson has already described the requirements for acceptable e-document receiving systems, per § 3.2000(b) of CROMERR. § 3.2000 also stipulates that systems receiving e-documents with e-signatures must also demonstrate certain functionality requirements. An approvable system must be able to provide proof of the following requirements.

Review each requirement for more information.

Signature valid at time of signing

The system must be able to prove that the e-signature is valid at the time of signing.

When the document is signed, the e-signature must meet the requirements of a valid e-signature, as previously described in this lesson.

Note: This requirement must be met at the time the signature is executed.

Document cannot be altered without detection after signing

The system must be able to prove the e-document cannot be altered without detection after signing.

E-documents with e-signatures cannot be altered at any time—during or after transmission—after signing without detection. A system must be able to prove that the document content is the same as the content at the time of signing. Currently, this generally involves some sort of encryption software.

Note: This requirement must be met at the time the signature is executed.

Opportunity to review content

The system must be able to prove signatories have had the opportunity to review content.

Before actually signing, signatories must have an opportunity to review the content for which their signature is being requested.

Note: This requirement must be met at the time the signature is executed.

Opportunity to review certification statement

The system must be able to prove signatories reviewed the certification statement.

Before actually signing, signatories must have an opportunity to review certification statements, including warnings that false certification carries criminal penalties, to establish that they understood the implications of their signature and meant to sign. This is important should someone ever be prosecuted for criminal fraud.

Note: This requirement must be met at the time the signature is executed.

Receipt acknowledgement

The system must be able to prove an acknowledgement of receipt.

The system automatically sends an acknowledgment of receipt of the document to an "out-of-band" address. This is usually paper mail or an email address that does not share the same controls as those used to access the online submission account. This ensures that if, by chance, the signature device was compromised, the owner of the device will be notified outside of the system that someone made submissions in their name. This is a common practice used by online shopping sites—after making a purchase on a site, you are notified that the purchase was made with a confirmation in a separate email system.

Note: This requirement must be met at the time of signatory registration.

E-signature agreements

The system must be able to prove signatories have signed e-signature agreements.

Signatories have executed e-signature agreements related to using their signature devices. The e-signature agreement can be done electronically, but can also be done on paper.

The agreement must include the following:

  • The signatory agrees to protect their signature device, such as a password or hardware token, from compromise;
  • The signatory agrees to report any evidence of compromise; and
  • The signatory understands that the signature they submit electronically with the device carries the same legal force and obligation as a hand written signature.

Usually, signatories execute this agreement when they register with the system to receive their electronic signature device.

Note: This requirement must be met at the time of signatory registration.

Identity Proofing with Legal Certainty

The system must be able to prove identities with legal certainty.

This is a requirement that serves to establish the identity of an individual who is issued (or registers) an electronic signature device with enough evidence that it will hold up in a court of law. This is the one instance in all these requirements in which CROMERR is tiered in terms of priority and non-priority reports.

  • For Non-Priority Reports, the requirement does not specify how identity proofing is to be carried out.
  • For Priority Reports, the identity proofing must be done prior to signature execution, and must be done with one of two specified methods.

Priority reports and their associated identity proofing requirements will be discussed in more detail later in this lesson.

Note: This requirement must be met at the time of signatory registration.

Back | Next

  • CROMERR Home
  • Learn about the Cross-Media Electronic Reporting Rule (CROMERR)
  • Overview for State, Tribal, and Local Governments
  • Overview for EPA Programs and Regions
  • CROMERR 101 Training
    • Lesson 1: Overview of the Final Rule
    • Lesson 2: Quick Tour of the Final Rule
    • Lesson 3: Application Requirements
    • Lesson 4: The EPA Review and Approval Process under Part 3
    • Lesson 5: CROMERR-Compliant Electronic Reporting
      • Lesson 5: Overview of CROMERR Requirements for Electronic Reporting
      • Lesson 5: Requirements for Authorized Program e-Reporting
      • Lesson 5: Standards for an Acceptable Electronic Document Receiving System
      • Lesson 5: Defining "Valid Electronic Signatures"
      • Lesson 5: System Requirements for Receiving e-Signatures
      • Lesson 5: Priority vs. Non-Priority Reports
      • Lesson 5: Title: Enforceability Provisions
      • Lesson 5: Title: End of Lesson
    • Lesson 6: Using the Checklist to Work through System Requirements
    • Lesson 7: From Requirements to Solutions
    • Lesson 8: Four Critical Roadmap Items
  • Program Announcements & Initiatives
  • Status of CROMERR Applications from States
  • CROMERR Federal Register Notices
  • Application Tools & Templates
  • Sample Applications & Checklists
  • Glossary
  • Frequently Asked Questions
  • Help Desk
Contact Us to ask a question, provide feedback, or report a problem.
United States Environmental Protection Agency

Discover.

  • Accessibility
  • Budget & Performance
  • Contracting
  • EPA www Web Snapshot
  • Grants
  • No FEAR Act Data
  • Plain Writing
  • Privacy
  • Privacy and Security Notice

Connect.

  • Data.gov
  • Inspector General
  • Jobs
  • Newsroom
  • Open Government
  • Regulations.gov
  • Subscribe
  • USA.gov
  • White House

Ask.

  • Contact EPA
  • EPA Disclaimers
  • Hotlines
  • FOIA Requests
  • Frequent Questions

Follow.

Last updated on April 23, 2021