Release of Deliverable "Signature Assurance Guidelines Ver1.00"
JNSA released the "Signature Assurance Guidelines Ver1.00," which systematizes the requirements and defines four assurance levels (SxAL) for electronic signature services based on NIST standards.
📋 Article Processing Timeline
- 📰 Published: April 8, 2026 at 23:00
- 🔍 Collected: April 8, 2026 at 14:30
- 🤖 AI Analyzed: April 20, 2026 at 19:13 (292h 43m after Collected)
The Assurance Level Task Force (Leader: Naoto Miyaji) of the Electronic Signature Working Group under the Standardization Committee of the Japan Network Security Association (JNSA; Chairman: Hiroshi Esaki) has released the "Signature Assurance Guidelines Ver1.00" as a deliverable for fiscal year 2025, which systematizes the technical and operational requirements for electronic signature services.
A major feature of these guidelines is that they extend the framework of assurance levels in identity (electronic authentication) to the electronic signature field, based on the concepts of "NIST SP 800-63: Digital Identity Guidelines" by the National Institute of Standards and Technology (NIST) of the United States. This provides a mechanism to organize and compare electronic authentication and electronic signatures—which were previously handled and evaluated separately—from a unified perspective of assurance levels.
These guidelines provide users of electronic signature services with criteria for selecting services, and provide service providers with guidelines for design and construction.
Background
In recent years, with the progress of DX (Digital Transformation) and the digitization of administrative procedures and contracts, the use of electronic signature and electronic contract services has rapidly expanded. On the other hand, electronic signature methods have diversified, and since security measures and assurance levels differ for each service, it has remained difficult for users to make appropriate choices.
The necessity of cross-industry safety standards in the electronic signature field has been pointed out for some time, and the JNSA Electronic Signature Working Group has been studying this alongside multiple companies and experts.
Overview
To evaluate the reliability of electronic signature services, these guidelines define four assurance levels: Signer Identity Assurance Level (SIAL) / Signature Process Assurance Level (SPAL) / Signature Data Assurance Level (SDAL) / Service Operation Assurance Level (SOAL). These are collectively referred to as "SxAL (Signature Assurance Level)," enabling the selection of appropriate electronic signature services according to use cases and risks.
Furthermore, as requirements for electronic signatures, three elements are defined: Identity / Approval / Tamper-evidence. This organizes the reliability of electronic signatures from a more practical and rigorous perspective than conventional legal systems.
Main Contents
1. Definition of Electronic Signatures (Chapter 1.2)
- Identity: Being able to identify who the signer is
- Approval: The signature belongs to the signer themselves
- Tamper-evidence: The document has not been altered after signing
2. Organization of Electronic Signature Methods
Chapter 2.2.1 Local Signature Method: (PKI signature holding an existing signature key)
Chapter 2.2.2 Remote Signature Method: (PKI signature by remote storage of the signature key)
Chapter 2.2.3 Authentication Record Signature Method: (Signature by login)
Chapter 2.2.4 Service Provider Signature Method: (Signature assurance by the provider, such as witness-type signatures)
3. Assurance Levels for Electronic Signatures
Chapter 2.3.1 Signer Identity Assurance (SIAL): Assurance of identity through signer identity verification
Chapter 2.3.2 Signature Process Assurance (SPAL): Assurance of identity at the time of signing and confirmation of signing intent
Chapter 2.3.3 Signature Data Assurance (SDAL): Assurance regarding the reliability of the signature data itself
Chapter 2.3.4 Service Operation Assurance (SOAL): Assurance of reliability regarding compliance with operation policies
4. Electronic Signature Risk Management (ESRM)
Chapter 3.2 Step 0: Definition and tentative initial assurance level (Service definition and assurance level)
Chapter 3.3 Step 1: Implementation of risk assessment (Identification/analysis/evaluation of signature risks)
Chapter 3.4 Step 2: Determination of basic measures and final assurance level (Determination through risk response and adjustment)
Chapter 3.5 Step 3: Documentation (Creation and publication of approval and operation regulations for signature services)
Chapter 3.6 Step 4: Signature service operation and re-evaluation (Re-evaluation after commencement of operation and after a certain period)
5. Appendix (Electronic Signature Related Information)
A. Signature Assurance Level Compliance Declaration (Regulations)
B. Signature for approval purpose and issue...
A major feature of these guidelines is that they extend the framework of assurance levels in identity (electronic authentication) to the electronic signature field, based on the concepts of "NIST SP 800-63: Digital Identity Guidelines" by the National Institute of Standards and Technology (NIST) of the United States. This provides a mechanism to organize and compare electronic authentication and electronic signatures—which were previously handled and evaluated separately—from a unified perspective of assurance levels.
These guidelines provide users of electronic signature services with criteria for selecting services, and provide service providers with guidelines for design and construction.
Background
In recent years, with the progress of DX (Digital Transformation) and the digitization of administrative procedures and contracts, the use of electronic signature and electronic contract services has rapidly expanded. On the other hand, electronic signature methods have diversified, and since security measures and assurance levels differ for each service, it has remained difficult for users to make appropriate choices.
The necessity of cross-industry safety standards in the electronic signature field has been pointed out for some time, and the JNSA Electronic Signature Working Group has been studying this alongside multiple companies and experts.
Overview
To evaluate the reliability of electronic signature services, these guidelines define four assurance levels: Signer Identity Assurance Level (SIAL) / Signature Process Assurance Level (SPAL) / Signature Data Assurance Level (SDAL) / Service Operation Assurance Level (SOAL). These are collectively referred to as "SxAL (Signature Assurance Level)," enabling the selection of appropriate electronic signature services according to use cases and risks.
Furthermore, as requirements for electronic signatures, three elements are defined: Identity / Approval / Tamper-evidence. This organizes the reliability of electronic signatures from a more practical and rigorous perspective than conventional legal systems.
Main Contents
1. Definition of Electronic Signatures (Chapter 1.2)
- Identity: Being able to identify who the signer is
- Approval: The signature belongs to the signer themselves
- Tamper-evidence: The document has not been altered after signing
2. Organization of Electronic Signature Methods
Chapter 2.2.1 Local Signature Method: (PKI signature holding an existing signature key)
Chapter 2.2.2 Remote Signature Method: (PKI signature by remote storage of the signature key)
Chapter 2.2.3 Authentication Record Signature Method: (Signature by login)
Chapter 2.2.4 Service Provider Signature Method: (Signature assurance by the provider, such as witness-type signatures)
3. Assurance Levels for Electronic Signatures
Chapter 2.3.1 Signer Identity Assurance (SIAL): Assurance of identity through signer identity verification
Chapter 2.3.2 Signature Process Assurance (SPAL): Assurance of identity at the time of signing and confirmation of signing intent
Chapter 2.3.3 Signature Data Assurance (SDAL): Assurance regarding the reliability of the signature data itself
Chapter 2.3.4 Service Operation Assurance (SOAL): Assurance of reliability regarding compliance with operation policies
4. Electronic Signature Risk Management (ESRM)
Chapter 3.2 Step 0: Definition and tentative initial assurance level (Service definition and assurance level)
Chapter 3.3 Step 1: Implementation of risk assessment (Identification/analysis/evaluation of signature risks)
Chapter 3.4 Step 2: Determination of basic measures and final assurance level (Determination through risk response and adjustment)
Chapter 3.5 Step 3: Documentation (Creation and publication of approval and operation regulations for signature services)
Chapter 3.6 Step 4: Signature service operation and re-evaluation (Re-evaluation after commencement of operation and after a certain period)
5. Appendix (Electronic Signature Related Information)
A. Signature Assurance Level Compliance Declaration (Regulations)
B. Signature for approval purpose and issue...