Dear Clients, Dear Business Friends,
In this newsletter, we would like to introduce to you the legal aspects of electronic signatures, the use of which is becoming more and more common not only in business relations. We have been receiving numerous inquiries about this issue, and so the aim of this Newsletter is to answer the most frequently asked questions about electronic signatures and to ease distinguishing among different types of electronic signatures.
The legislation is based in particular on Regulation (EU) No. 910/2014 of the European Parliament and of the Council, on electronic identification and trust services for electronic transactions in the internal market (the eIDAS Regulation). We have chosen several key aspects for you that can help you make your business easier. We will first deal with the categorisation of electronic signatures and then with the most important issues relating to them.
A) TYPES OF ELECTRONIC SIGNATURES
SIMPLE ELECTRONIC SIGNATURE
– A simple electronic signature is commonly used in business, where the requirements on the probative value of a signature do not have to be high. However, the use of this type of signature is not sufficient for official communication with public authorities.
– According to the eIDAS Regulation, the electronic signature means “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory.” Thus, it can typically be just the name and surname in an email message.
– The probative value of a signature can be enhanced by the ability to document the subsequent communication or subsequent performance of an agreement as confirmation of the acting person’s identity (i.e. that the person whose signature is involved has actually acted).
There are also so-called biometric signatures, which, during the process of signing, capture not only the final shape of the signature, but also the pressure and speed of the pen. However, even these signatures belong to simple electronic signatures.
ADVANCED ELECTRONIC SIGNATURE
– Therefore, in order for a signature to be considered the advanced electronic signature, it must be created using the so-called qualified certificate that is issued in the Czech Republic by so-called certification authorities.
– The validity of the qualified certificate is limited to 1 or 3 years; after this period, the certificate must be prolonged. This is because the development of information technology cannot be predicted, and therefore the forms of communication that are secure today may become easily vulnerable in the future.
– This is the minimum level of certification for signatures that must be used for communication with public authorities.
PLEASE NOTE – If a company can only be represented by several persons acting jointly, it is not enough to send documents, which are intended for public authorities, without a signature via a data box, but the documents must first be provided with advanced electronic signatures of all these authorised persons, and sent only afterwards; otherwise there is a risk that the document will be considered invalidly signed.
QUALIFIED ELECTRONIC SIGNATURE
– This level of certification is the highest that can be achieved with an electronic signature. The qualified electronic signature:
a) is based on a qualified certificate, i.e. a certificate issued by a qualified trust service provider (as explained above for the advanced electronic signature); and
b) in addition to that, it must be created by a qualified electronic signature creation device – chip card, token, etc., which is inserted into the computer during its creation. When signing with this type of signature, the signatory must have a certain physical device with them.
– According to the eIDAS Regulation, a qualified electronic signature based on a qualified certificate issued in one Member State is recognised as a qualified electronic signature in all other Member States.
– Public authorities have the obligation to use it. The legal effects of this type of signature are the same as a hand-signed document.
– Sending documents via a data box also provides the same level of certification.
RECOGNISED ELECTRONIC SIGNATURE
– This is a Czech legislative shortcut that covers both the advanced electronic signature based on a qualified certificate, and a qualified electronic signature. It is a residuum of the previous legislation.
B) QUESTIONS CONCERNING ELECTRONIC SIGNATURES
LIST OF REVOKED CERTIFICATES
– There is also a possibility to early terminate the validity of the certificate. After revoking the certificate, the certification authority shall publish such a fact in the list of revoked certificates. This list contains public keys that can no longer be trusted. The validity of certificates can always be verified on the website of the certification authority.
VALIDITY PERIOD AND FORM OF ELECTRONIC SIGNATURES
Is the form of signatures on a document signed by an advanced or qualified electronic signature valid for an indefinite period of time?
– The validity of signatures is assessed at the time of examination of the signatures; thus, if the validity of the certificate has expired, even a signature that was created during its validity will no longer have the effects of an advanced or qualified electronic signature. In practice, this is solved by so-called time stamps, which are added to the document and thus provide clear evidence of when the document was signed.
Even if the certificate expires in the future, it is possible, through the time stamp, to verify that the document was signed while the certificate was valid, and the signature was therefore in order.
So are signatures on a time-stamped document valid in their qualified form indefinitely?
– No, they are not. The time stamp is valid for 5 years. However, the document can be time-stamped (before the previous time stamp expires) repeatedly, theoretically for an indefinite period of time. Documents issued by public authorities should be time-stamped automatically.
Is it possible to replace an officially authenticated (notarised) signature with some type of electronic signature?
In general, this is not possible, no form of electronic signature is equivalent to an officially authenticated signature. However, the Supreme Court in its decision of 10 June 2020, File No. 31 ICdo 36/2020, admitted that a recognised electronic signature may be sufficient in specific cases for legal proceedings for which the law otherwise requires an officially authenticated signature, or, in other words, that the absence of form in such cases does not invalidate the legal acting.
This is an interesting decision, but it is still necessary to wait for the further development of case law on this issue.
C) The eIDAS 2.0 proposal and the so-called Wallet
Next, we would like to inform you about the new European proposal for amendment, the so-called eIDAS 2.0, which comes with the European Digital Identity Wallet.
This “Wallet” would take the form of an app for mobile phones and other devices. It should be based on national electronic identities and issued by individual Member States. The Wallet will ensure cross-border recognition of individual national electronic identities. In addition to basic personal identification data, it should also contain other so-called attributes (e.g. driving licence, diploma, licence, certificate, proof of professional qualification or birth certificate). The Wallet should also be usable in an offline environment.
In addition to the functions of the Wallet described above, it can also be used as a means to create a qualified electronic signature or a qualified electronic seal. However, it is not yet clear when and if this amendment will be approved. The optimistic outlook is the end of 2022. Once the relevant amendment is approved, we will of course inform you again.
If we can be of any help to you, not only in connection with electronic signatures, please do not hesitate to contact us.
Your LTA team