ESIGN Consumer Disclosure: The Rule That Trips Up B2C Contracts

If you sell to businesses you can skip this entirely, but if you sell to consumers, missing this step can mean your disclosures do not count.

Here is a rule that quietly trips up sellers, and it is the ESIGN consumer disclosure requirement. When you send a contract to a consumer and want to deliver legal disclosures electronically, ESIGN obligates you to follow a specific consent flow first, and skipping it can lead the law to treat those disclosures as never delivered. Most business-to-business deals never brush against this rule, but if you sell to everyday people you genuinely need to understand the B2C e-signature requirements that come attached. This post gives you the plain-English checklist so you can get the ESIGN consumer disclosure right the first time, without a law degree.

What the ESIGN consumer disclosure rule actually demands

The rule lives in ESIGN section 101(c), often shortened to ESIGN 101(c), and it applies whenever a consumer receives disclosures that the law says must be in writing. Before you deliver anything electronically, the consumer has to agree on purpose, which means not a buried checkbox and not a pre-ticked default that nobody reads, but a clear, knowing agreement to receive records online. From there you must present a clear and conspicuous ESIGN disclosure statement that spells out their rights in full. They can request a paper copy of the record, they can withdraw consent at any time and you must explain how, they can update their contact information and you must explain how, and they need to know the hardware and software required to open the records. Each of those rights has to be stated plainly, not tucked into fine print. Here is the part people consistently forget. The consumer must reasonably demonstrate that they can actually open the electronic format, because consent on its own is not sufficient under ESIGN 101(c). They have to prove access, often by confirming through the very channel you intend to use for delivery. Why does the law add that extra step? Lawmakers did not want a company to email a forty-page disclosure to someone who owns only a flip phone and then claim it was delivered. The access check protects the consumer from receiving records they cannot open, so the consent click and the access proof function together as a pair, and the ESIGN disclosure is only complete once both are firmly in place.

When the rule applies (and when you can relax)

Here is the reassuring part: this rule has a narrow door, because it only takes effect when the law requires written disclosures in the first place. Think of certain consumer credit documents, insurance forms, real estate paperwork, or finance disclosures, all of which carry a statutory writing requirement, so the ESIGN consumer consent flow attaches to them. For an ordinary business-to-business contract, none of this applies. A services agreement between two companies needs no 101(c) flow, and any deal without a legal writing requirement reaches the same conclusion: you sign and move on, with no B2C e-signature requirements in play at all. So how do you tell the difference quickly? Ask yourself a single question, which is whether a law requires this specific disclosure to be in writing for a consumer. If the answer is no, you are clear, and if the answer is yes, the flow attaches. Most CyberSygn customers are B2B and never encounter this, so if that describes you, breathe easy and keep sending. If instead you sell to consumers with required disclosures, the next section is written for you.

Your step-by-step plan to stay compliant

Suppose you sell to consumers and your contract does trigger the rule. Here is how to handle the B2C e-signature requirements cleanly, in three deliberate steps. First, show the consent and the hardware-software statement before you send the signing link, front-loading it rather than burying it afterward. Second, capture the consumer's clear yes along with proof that they can open the format you intend to use. Third, store both the consent and the response, keeping them for as long as you keep the contract itself so you can later prove the flow actually happened. A quick and honest note belongs here. CyberSygn does not include a built-in 101(c) consent screen, because the threshold is narrow and most customers never need one. If your business needs it regularly, build a short consent page upstream that captures the response before the signing link goes out, and then CyberSygn handles the signing once consent is on file. What should that consent page actually contain? Keep it plain and short, leading with a one-line summary of what the consumer is agreeing to. List the five rights from the first section in clear language, add a single checkbox stating that the consumer agrees to receive the records electronically, and then confirm they opened a test document so you have proof of access, saving a timestamped copy of the entire interaction. Done right, this ESIGN disclosure page takes a developer an afternoon to build, and after that it runs on autopilot for every consumer you onboard, so the narrow rule stops being a worry and becomes a quiet checkbox in your flow. What happens if you skip the flow entirely? The contract itself may still hold up, but the specific disclosures the law required in writing may be treated as never delivered, which can expose you to penalties or hand the consumer an argument to undo a term, so the flow is genuinely worth getting right. This is general information, not legal advice. Talk to a licensed attorney about your specific consumer disclosures before you rely on any flow.