E-signatures: New rules enter force22 Jul 2016
The Electronic Identification Regulation came into force on 1 July 2016, changing the rules around electronic signatures. Its aim is to improve cooperation between EU member states and encourage the use of e-signatures in EU business transactions.
You might think we do not need to worry about EU law following the referendum vote – however this Regulation already now applies as part of our existing English law and will certainly continue to apply until the UK leaves the EU. It may continue to do so afterwards, depending upon the terms agreed for our exit.
What requirements are necessary for a valid e-signature?
The rules distinguish between an electronic signature and a “qualified electronic signature”. A qualified electronic signature will automatically have legal effect equivalent to that of a handwritten or “wet ink” signature, whereas an electronic signature will only have legal effect if the circumstances permit.
To be a qualified electronic signature, the signature must be:
1. uniquely linked to the signatory;
2. capable of identifying the signatory;
3. created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control (this means that the data used by the signatory to create the electronic signature is unique and there are sufficient security measures in place to ensure the signatory retains control of the data);
4. linked to the data to which the signature is attached, in such a way that any subsequent change in the underlying data is detectable, in order to prevent fraud.
The electronic signature must also be created by a qualified electronic signature creation device and based on a qualified certificate.
As such, this status is generally only granted to signatures created by verified software programs which have reached the prescribed standards.
What are the key changes to e-signatures?
A key change is that the signature must be created by electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control. This introduces the possibility that a signature can be managed by a third party provider on behalf of the signatory, as long as adequate procedures are in place to ensure that the signatory retains sole control. This means electronic signatures can take place more remotely – perhaps even using your phone to send a signature to a provider who can then follow the necessary procedures on your behalf.
The new rules replace Certification Service Providers (CSPs) (an entity who, under the previous rules, could issue the certificate required for a legally admissible e-signature and other services related to this) with Trust Service Providers (TSPs), which will be subject to more comprehensive rules than were in place for CSPs.
These rules will be similar in each EU member state as the new rules require a supervisory body to be appointed to vet potential applicants and supervise and implement the relevant rules.
Qualified TSPs will be listed on a published list in each member state and entitled to use the EU trust mark in relation to its services. These measures are designed to enable signatories to have confidence that any provider they are instructing is properly certified and able to provide a qualified electronic signature.
As under previous rules, TSPs can be liable for damage caused intentionally or negligently for failure to comply with the rules. Additionally, qualified TSPs will be subject to a reverse burden of proof (i.e. they must prove they were not negligent or did not act intentionally). In all other cases, the person claiming will have to prove that the non-qualified TSP was acting negligently and/or intentionally.
Overall, the impact of these changes is likely to be fairly limited in scope, as the requirements for a valid and legally binding e-signature remain relatively similar to previous rules. However, they do provide a step in the right direction in allowing business to be carried out more flexibly in our technology-driven world.
If you have any questions regarding the use of e-signatures and whether you are satisfying the relevant requirements, please contact the Kuits Commercial and IP Team on 0161 832 3434.