A signer signs their own public key, along with a identifier this is a proof of dual control, and a timestamp. A second account signs that document along with an optional id, and a timestamp. The first agent then signs that signed document with an id & timestamp.
It produces a document that can only be produced through the cooperation of both accounts.
Theoretically, you could do it with just two layers of signatures…