PIPEDA, eIDAS, ESA — explained plainly.

A signature is only as enforceable as the audit trail behind it. Here is what VG·Sign captures by default, and how that maps to the laws your contracts live under.

What this guide will cover

• PIPEDA · Canadian federal privacy regime — ESA 2000 governs Ontario specifically
• eIDAS · EU framework — we currently operate at AES level by default
• SOC 2 Type II & ISO 27001 — in progress (target 2026); written status confirmation under NDA on the Enterprise plan
• HIPAA / BAA available on the Enterprise plan with workspace pinning

We are still polishing the long-form version of this guide. In the meantime, the points above cover the essentials — and our team is happy to walk you through any of them live.