Quick answer · the 30-second read
An audit trail is a timestamped record of everything that happened during the signing process. Who signed, when, on which device, and from which location. It is stored separately from the signed document and is the primary evidence used to prove that a signature is genuine if it is ever disputed. A signed document without an audit trail is valid but harder to defend. A signed document with a complete audit trail is significantly more difficult to challenge. This is the practical difference between typing your name on an email and using a dedicated e-signature platform.
When you sign a document through an e-signature platform, the platform does two things simultaneously. Firstly, it captures your signature and applies it to the document. Secondly, it records every step of the process in a log. That log, also referred to as the audit trail, is kept by the platform independently of the document itself.
If someone claims they did not sign, did not receive the document, or did not understand what they were agreeing to, the audit trail is the evidence that either supports or undermines that claim.
What an audit trail typically records
The exact content varies between platforms, but a well-structured audit trail will include the following.
What is recorded | What it means |
|---|---|
Identity | The email address used to access the signing link. Some platforms also record the signer's name as entered or verified. |
Time and date | The exact timestamp of each action. When the document was opened, when each field was completed, and when the signer confirmed. |
Device and location | The type of device used (phone, laptop, tablet) and the IP address, which gives an approximate geographic location. |
Actions taken | A step-by-step log of everything the signer did: opened the document, scrolled to each page, clicked each field, applied the signature, confirmed. |
Document fingerprint | For platform-generated and digital signatures, a cryptographic hash of the document at the point of signing. Any change to the document after this point produces a different hash, making tampering detectable. |
Certificate details | For digital signatures, the details of the certificate used, such as who issued it, when it expires, and whether it was on a trusted list at the time of signing. |
Does every electronic signature come with an audit trail?
No. The three most basic signing methods (typing your name, drawing a squiggle, or uploading an image of your signature) produce no automatic audit trail. If you type your name at the bottom of an email, there is no platform recording the time, device, or steps involved.
An audit trail is generated by a dedicated e-signature platform. When you use a platform to send or sign a document, the platform records the process automatically. The audit trail is then attached to or stored alongside the completed document. This is one of the main practical reasons to use a platform rather than a simple typed name for business documents.
Where is the audit trail stored?
The platform stores the audit trail on its own servers, separately from the signed document. When the signing process is complete, most platforms attach a summary certificate to the PDF or make the full audit trail available to download. Keep both the signed document and the audit trail together in a secure location.
If you stop using a platform or close your account, check what happens to your stored audit trails. Most platforms retain records for a defined period after account closure, but the terms vary. If long-term retention matters for your documents, download and store the audit trail independently.
Can an audit trail be used as evidence in court?
Yes. In UK courts, electronic signatures are admissible as evidence under the Electronic Communications Act 2000, and the audit trail is the supporting record that establishes how and when the signature was applied. Courts consider the totality of the evidence. The audit trail is not automatically conclusive, but a detailed, timestamped record from a reputable platform carries significant weight.
In the US, the ESIGN Act 2000 and state UETA laws establish that electronic signatures have the same legal standing as handwritten ones. Courts have consistently held that a well-documented audit trail satisfies the evidentiary requirements for enforcing electronically signed contracts.
Is an audit trail the same as a digital signature?
No, though they often appear together. An audit trail is a record of the signing process. Who did what and when. A digital signature is a cryptographic mechanism that verifies identity and detects tampering. A platform-generated signature typically provides both: an audit trail of the process and a cryptographic hash of the document at the point of signing.
A simple electronic signature has neither. It has no audit trail and no cryptographic protection. The document could be altered after signing with no automatic detection.
How long should I keep an audit trail?
Keep it for at least as long as the contract it relates to, plus a reasonable period to cover any potential dispute. For most commercial contracts in the UK, six years is a sensible benchmark. This reflects the Limitation Act 1980 standard limitation period for contract claims. Store it with the signed document, not separately.
