Not sure. Last time I was close to any HR software it seemed like all you needed to do was make sure to capture some identifiers like location and IP address before storing the signature. So presumably the regulatory barrier is very low, you just have to make reasonable effort to prevent scams like one person impersonating another.