Can a Scanned Signature Be Legally Binding?
April 17, 2026 Β· 7 min read
Short answer: yes, sometimes β but it is the weakest form of signature you can use. Here is when a scanned signature holds up, when it fails, and why a modern e-signature tool is a better choice for virtually every commercial context.
What a Scanned Signature Actually Is
A scanned signature is typically a JPEG or PNG image of a wet-ink signature, saved and pasted onto a PDF or Word document. The image sits as a raster overlay on the page. The person whose signature appears in the image may have nothing to do with the document being signed β no record links them to the specific document, version, or time.
The Legal Test
Under the ETA 1999 (Cth) in Australia, Section 10 requires that the signature method:
- Identifies the person and indicates their approval of the information.
- Is as reliable as appropriate for the purpose.
- The other party consents to the method.
A scanned signature can technically satisfy (1) if the image is the person's actual signature and they intended to apply it. The weakness is (2) β reliability. There is no mechanism to verify identity, log the signing event, or detect later tampering. In many commercial contexts, a scanned signature is not "as reliable as appropriate."
The Three Failure Modes
1. Authenticity
Someone else can paste your scanned signature onto any document without your knowledge. If the image was saved anywhere accessible to a third party, it can be re-used. In a dispute, you have no evidence that you applied the signature to this specific document β only that your signature image is present.
2. Tampering
After a scanned signature is pasted onto a PDF, the PDF content can be edited β terms changed, dates moved, clauses added β and the signature image remains in place. There is no hash linking the signature to the specific bytes of the document. A modern e-signature tool stores a SHA-256 hash of the final PDF that changes if any byte is altered, making tampering detectable.
3. Attribution
No IP address, timestamp, user-agent, or verified email is associated with a scanned signature. There is no record of who actually pasted the signature onto the document, when, or from where. If the document is disputed, attribution depends on circumstantial evidence (emails around the time, sent-from metadata) rather than direct audit trail.
When a Scanned Signature Is Acceptable
- Informal acknowledgments between trusted parties.
- Internal company sign-offs on low-stakes documents.
- Birthday cards, personal greetings, non-commercial documents.
- Prototype or draft agreements that will be re-signed formally.
When a Scanned Signature Is NOT Acceptable
- Any commercial contract of value.
- NDAs.
- Employment contracts.
- Loan agreements.
- Property contracts.
- Anything a court might need to consider in a dispute.
Why E-Signature Tools Exist
The entire point of tools like SignBolt, DocuSign, and Annature is to close the three weaknesses of scanned signatures. They do this with:
- Email-link verification (stronger with email-plus-code on higher-stakes flows).
- Full audit trail with IP, timestamp, user-agent.
- SHA-256 hash of the final PDF for tamper detection.
- Native PDF object embedding (not image overlay).
Together these satisfy the ETA 1999 reliability test for virtually any commercial document β something a scanned signature does not reliably do.
What to Do If Someone Sends You a Scanned Signature
Politely request they re-sign via an e-signature tool. Send them a SignBolt signing link β it takes 60 seconds on their phone, and both sides get the stronger record. For high-value documents, insist on the upgrade.
Related Reading
See digital vs wet signature, are e-signatures legally binding, audit trail explained.
Frequently Asked Questions
Is a scanned signature legally binding?
Yes, often, but with caveats. Under the Electronic Transactions Act 1999 (Cth) in Australia and the ESIGN Act in the US, a signature is valid if the method identifies the person, indicates their approval, and is as reliable as appropriate for the purpose. A scanned image of a wet-ink signature pasted onto a document can qualify as a simple electronic signature β but it's typically the weakest form. No audit trail, no identity verification, no tamper-evident record. It may hold up for low-stakes use; it often fails when disputed.
When does a scanned signature typically fail?
Three main failure modes: (1) authenticity β someone else could have pasted your scanned signature onto a document without your knowledge; (2) tampering β the document content can be altered after the signature is pasted; (3) attribution β there's no record of who actually applied the signature, when, or from where. In a dispute where any of these are challenged, a scanned signature provides thin evidence compared to a modern e-signature tool with full audit trail.
Is a scanned signature better than no signature?
Yes, marginally. It shows intent at some point in time. For informal use between trusted parties (birthday card, internal acknowledgment, quick okay on a non-commercial document), it's fine. For anything commercial β a contract, NDA, engagement letter, loan agreement β it's below the modern standard. The cost of a proper e-signature tool like SignBolt ($0 on the free tier) is low enough that there's no reason to accept the scanned-signature weaknesses.
Why is a SignBolt signature stronger than a scanned signature?
Four reasons. (1) Identity verification: the signer's email is verified and logged. (2) Audit trail: IP address, user-agent, timestamp, and verified email are recorded per signing event. (3) Tamper-evidence: a SHA-256 hash of the final PDF is stored, so any later alteration is detectable. (4) Proper embedding: the signature is a native PDF object embedded via pdf-lib, not a raster image overlay. In any dispute, these four features provide the evidence that a scanned signature cannot.
Should I accept a scanned signature from a counterparty?
For low-stakes, routine documents β yes, if you trust the counterparty. For anything where the agreement matters (contracts, NDAs, loans, sales), request a proper e-signature instead. If the counterparty insists on scanned signatures, send them a SignBolt signing link β it's faster than scanning for them anyway, and gives both sides the audit trail. The friction is low enough that there's no good reason to accept scanned signatures for commercial documents in 2026.
Stop pasting JPEGs. Start signing properly.
Full audit trail, SHA-256 hash, native PDF signatures. Free plan available.
Start Free