Article
E-Signing
The legal perspective
In our two previous blogs we looked at the history and purpose of e-Signing and the key supporting technical mechanisms. This blog focuses on the legal and regulatory considerations. We will guide you through the applicable European regulation before detailing the different types of e-Signature authenticity, as well as the admissibility of e-Signature from an international perspective. Lastly, we will share recommendations on how to manage the legal and regulatory aspects to be considered when implementing an e-Signature solution.
European Union law, under the "Electronic Identification, Authentication and trust Services regulation" (eIDAS), provides comprehensive governance of electronic signatures. eIDAS establishes the requirements for each type of electronic signature, as identified in the following section, and regulates the services for electronic certification. In addition, the regulation also refers to the so-called qualified Trust Service Providers (TSPs) that are entitled to issue the qualified digital certificates used to create qualified e-Signatures. While eIDAS is applicable throughout the entire EU, there are currently no comparable international regulations governing e-Signature globally.
In Switzerland, the Electronic Signature Act outlines similar requirements to those of eIDAS, allowing a supplementary type of e-Signature (regulated e-Signature) which is a compromise between advanced and qualified e-Signature (defined in the next section of this blog).
Certain types of electronic signatures have a higher corroborative value than handwritten signatures due to the enhanced ability to validate the signature’s authenticity. The eIDAS regulation states that “a qualified electronic signature shall have the equivalent legal effect of a handwritten signature”. In eIDAS we can identify three types of e-Signatures offering different levels of protection and security:
- Simple e-Signature (SES)
SES refers to all electronic types of signature that prove acceptance or approval by the signatory “in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign". This can notably be a signature manually drawn on a desktop screen (and digitally saved) or a button and checkboxes on websites. It is the most popular e-Signature. - Advanced e-Signature (AES)
AES must meet specific requirements providing a higher level of signatory identity verification, security, and tamper-sealing. It ensures that the signature is created in such a way that it remains under the sole control of its signatory and the document cannot be changed once it is signed. - Qualified e-Signature (QES)
QES is equivalent to a written signature from a legal perspective; it is backed by a certificate issued by a qualified TSP which offers the highest level of protection. As a general procedural rule, in most EU member states the burden of proof lies with the party that disputes the signature.
The admissibility of e-Signature greatly depends on the type of document as well as the jurisdiction. Each jurisdiction has a different approach to e-Signing. Nevertheless, most countries around the world recognise e-Signatures, with differences in the type(s) of accepted e-Signature.
In many countries if local laws provide strictly for a handwritten or wet ink signature, only QES, or the local equivalent of QES, possibly associated with a qualified time stamp/qualified certificate issued by a qualified TSP, will have the same legal value.
The requirements on the form of contracts (written, physical, QES etc.) are not harmonised in the EU. The same applies to the evidence requirements for contracts or legal documents:
- eIDAS, Recital 49: “it is for national law to define the legal effect of electronic signatures”.
However, EU rules have defined a common set of rules applicable to all Member States:
- eIDAS Art. 25,1: “An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures”.
- eIDAS Art. 25,2: “A qualified electronic signature shall have the equivalent legal effect of a handwritten signature”.
- eIDAS Art. 25,3: “A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States”.
In consequence, the responses to practical questions – such as: What must be signed by physical signature? What must be signed by qualified signature? Who bears the burden of proof? Have we seen any cases where AES were disputed? – are to be provided on a country-by-country basis.
For comparison purposes:
- In France there is a presumption of reliability for QES (art. 1367, par. 2 of the French civil code). If QES is not used, each party to other e-signatures shall bring its respective evidence, i.e. the party claiming that the e-signature is valid must prove it because there is no presumption of reliability for SES/AES.
- In Italy the situation is similar with a presumption of reliability for QES but with some interesting deviations. In certain use cases an AES will, for example, be deemed legally binding if the law requires written form (without additional functionalities).
Moving to e-Signature raises several legal challenges at a global and local level. Although many countries accept the e-Signature, as explained above, the conditions of acceptance are hugely different between and even within countries. In addition, mutual recognition of e-Signatures across countries is very infrequent.
A comprehensive assessment of the situation is therefore essential to make sure that e-Signature is admissible, notably covering the following aspects:
- Legal criteria: nature of contract, potential industry regulations (e.g. banking/insurance/ pharmaceutical/energy regulations), litigation risk, necessary probatory value of the contract/signature, formality requirements (e.g. witness, notary);
- Geographical criteria: applicable law, law of execution of the contract, law of the country of the counterparty;
- Operational criteria: post-signing steps, including filing/archiving, communication to third parties including public authorities (e.g. commercial register, custom and tax authorities).
Once defined, we recommend assessing the impact of different criteria as follows:
In this blog we established that the absence of international regulation globally on e-Signature can greatly complicate organisations’ efforts to roll-out e-Signature across multiple countries and regions. If you would like help navigating the local and international regulations applicable to your organisation, please reach out to our key contacts below.