Where and which electronic signatures can we use in the EU? What will happen after Brexit? Electronic signing FAQ – Part 2
What is an electronic signature types? What will hapen after Brexit in terms of electronic signatures? These are few of questions commented by Liisi Jurgens - expert in IT and e-signing related laws.
In this article, Liisi Jurgens - an expert in data protection, IT and Telecom, EU and Competition Law - will share answers to questions such as what is an electronic signature types? What will hapen after Brexit in terms of electronic signatures?
Where and which electronic signatures can we use in the EU? Issues regarding cross-border e-signature traffic and Brexit
EU law recognises three types of electronic signatures. eIDAS-Regulation defines three types of electronic signatures: electronic, advanced, and qualified. All three types of electronic signatures are admissible evidence despite their electronic format but not all of them can be suitable for confirming a transaction.
- An electronic signature is, according to eIDAS-Regulation, “any data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. In accordance with its literal meaning, electronic signatures can range from a typed name at the end of an email to a complicated electronic solution.
- An advanced electronic signature (AES) is a digital signature which is uniquely linked to the signatory, is capable of identifying the signatory, and is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. Additionally, an advanced electronic signature is created by using electronic signature creation data which the signatory can, with a high level of confidence, use under his sole control.
- The third and the highest type of electronic signature is, according to eIDAS-Regulation, a qualified electronic signature. A qualified electronic signature (QES) is basically an advanced electronic signature and additionally must be supported by a qualified certificate issued by a qualified trust service provider. Qualified trust service providers are listed in a specific trusted list.
A qualified electronic signature is the only type of an electronic signature which is equal to a handwritten signature. This means that not every transaction or document which is confirmed with an electronic signature is valid.
If a legislator has laid down rules for the format of a certain transaction, then an electronic form is equal to a written form and to a handwritten signature only when the signature is a qualified electronic signature.
Different levels of electronic signatures
Legal base for a cross-border use of an electronic signature
The EU electronic signature regulation eIDAS-Regulation sets rules for cross-border use of e-signatures in the EU. As EU should have a common market and the Internet does not know state borders, it is important to find solutions allowing to exchange declaration of intent and conclude agreements in a safer way than by just using an e-mail. One option is using e-signatures which should give a certain confirmation to the other party on other side of the screen that the contractual partner is the one who he/she claims to be, and no fraud is taking place. Additionally, recognized e-identities enable to use public services in other EU Member States.
E-signatures are great tools for concluding a transaction and they allow to identify the other party in such an anonymous environment like the Internet. The use of e-signatures is growing fast in many countries where there is a big focus on doing business digitally.
Some countries keep to the traditional signing means on paper, however, in the digital era it is only a matter of time when the change will happen.
The eIDAS-Regulation tries to encourage the wider use of e-signatures by requiring Member States to recognize notified e-identities and e-signatures form other EU Member States. This means that an e-identity from one EU country will also be valid in other Member States. This way, companies and individuals can use their own national e-identities when they do business or reside in another EU country. eIDAS-Regulation supports efforts to enable a digital single market in Europe.
eIDAS-Regulation is an EU Regulation establishing common standards for electronic identification and trust services for electronic transactions in the EU Single Market. The primary objective of the eIDAS-Regulation is to harmonise the regulation of electronic signatures and transactions regarding how trust is built and ensured for those signatures and how to ensure the safe online business opportunities and safe transfer of electronic funds. The aim of eIDAS-Regulation is to support cross-border electronic transactions without the need for paper-based contracts nor face-to-face signing formalities.
Cross-border use of an electronic signature and Brexit
The UK has contributed a lot to a great common digital market in the EU. Digital trade can be harmed as a consequence of [hard] Brexit. As long as there is no agreement between the UK and the EU, it is unclear whether the UK will continue to rely on the eIDAS Regulation after Brexit.
If the UK will be out of the EU, then EU regulations will not apply to the UK and then neither the UK nor the EU would be able to accept these highly trusted electronic identities between each other.
In practice it means that the verification of individuals would have to be duplicated in equivalent processes. Therefore, Brexit may have a long-term impact on cross-border use of qualified electronic signatures and digital trade in general.
One way to solve the possible issues regarding UK and also with any third country, is that the party of a transaction from a third country will use a well-known qualified e-signature solution in the EU for electronic signing. While most of the e-identities demand that the applicant must be at least a resident of some EU Member State, Estonian government has established a different solution with “e-residency”, which means that a person who is not a citizen or resident of an EU Member State may apply for an Estonian e-residency.
E-residency allows to use all kinds of Estonian qualified electronic signature infrastructures and e-services by people who otherwise may have difficulties to gain access to qualified e-signatures infrastructure.
About the author:
Liisi Jürgen heads NJORD Law Firm’s IT law practice. Liisi Jürgen is an attorney at law and a visiting lecturer at Estonia’s oldest and most established university – University of Tartu. Her main subject is E-Commerce and IT Contracts. Liisi Jürgen is specialized in legal issues regarding data protection, e-commerce, electronic signatures, authentication, consumer protection, product development. Liisi has advised clients on general corporate and commercial matters. She finalized her second Master’s degree in Law at the University of Münster in Germany in 2015. The topic of her thesis is Electronic Signatures according to the EU law. She has a Bachelor’s Degree and Master’s Degree in Law from University of Tartu.